Privacy policy and Cookie Policy

Introduction

This privacy notice governs the data processing operations arising in the course of the activities of sole proprietor Kurucz Tamás. The legal basis and framework of the processing include Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR), as well as the relevant Hungarian laws, including Act CL of 2017 on the Rules of Taxation, Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, Act C of 2000 on Accounting, and Act CXVII of 1995 on Personal Income Tax.

In connection with the processing of data, sole proprietor Kurucz Tamás hereby informs the data subject about the personal data processed, the principles and practice followed in the processing of personal data, and the rights of clients/data subjects.

This privacy policy is available at the registered office of sole proprietor Kurucz Tamás at Simonffy Street 4-6, Ground Floor, Door 41, 4025 Debrecen, Hungary.

Data of the Data Controller

1.

If the data subject wishes to contact the Data Controller, the Data Controller may be contacted at: [design@tamaskurucz.com].

Business Name: Kurucz Tamás E.V.

Registered Office: Simonffy Street 4-6, Ground Floor, Door 41, 4025 Debrecen, Hungary

Tax number (Hungary): 56569582-1-29

EU VAT number: HU56569582

Email address: [design@tamaskurucz.com]

Website: [www.tamaskurucz.com]

2.

Data protection contact:

Name: Kurucz Tamás

Email address: [design@tamaskurucz.com]

3.

Web hosting service provider:

Company name: Framer B.V.

Registered office: Rozengracht 207B, 1016 LZ, Amsterdam, The Netherlands

Chamber of Commerce (KVK) number: 59920637

VAT number: NL853695386B01

Email: [support@framer.com]

Website: [www.framer.com]

Terms of service: [https://www.framer.com/legal/terms-of-service/]

Privacy statement: [https://www.framer.com/legal/privacy-statement/]

Data processing addendum: [https://www.framer.com/legal/data-processing-addendum/]

Cookie policy: [https://www.framer.com/legal/cookie-policy/]

Security: [https://www.framer.com/legal/security/]

Sub-processors: [https://www.framer.com/legal/sub-processors/]

Affiliates Terms and Conditions: [https://www.framer.com/legal/affiliates-terms-and-conditions/]

4.

Domain name registrar / domain registration service provider:

Company name: Porkbun LLC

Address: 21370 SW Langer Farms Parkway, Suite 142-429, Sherwood, OR 97140, USA

Support email: [support@porkbun.com]

Privacy contact email: [privacy@porkbun.com]

Website: [www.porkbun.com]

Legal documents: [https://porkbun.com/legal]

Domain name registration agreement: [https://porkbun.com/legal/agreement/domain_name_registration_agreement]

Product terms of service: [https://porkbun.com/legal/agreement/product_terms_of_service]

Privacy policy: [https://porkbun.com/legal/agreement/privacy_policy]

5.

Email service provider (Google Workspace / Gmail):

Company name: Google LLC

Address: 1600 Amphitheatre Parkway, Mountain View, California 94043, USA

Website: [workspace.google.com]

Terms of service: [https://workspace.google.com/terms/premier_terms/]

Privacy policy: [https://policies.google.com/privacy]

Google Cloud privacy notice (covers Google Workspace): [https://cloud.google.com/terms/cloud-privacy-notice]

Data processing amendment (DPA): [https://workspace.google.com/terms/09242021/dpa_terms/]

Subprocessors (Google Workspace): [https://workspace.google.com/terms/subprocessors/]

Security: [https://workspace.google.com/security/]

Google contracting entity (reference page): [https://cloud.google.com/terms/google-entity]

(Where applicable for EEA contracting):

Company name: Google Ireland Limited

Registered office: Gordon House, Barrow Street, Dublin 4, Ireland

Company registration number: 368047

VAT number: IE6388047V

Internet Cookies (Cookies) and Similar Technologies

The website may use cookies and/or similar technologies.

Any external visitor may access the website and the information disclosed by the Data Controller. When visiting the website, the web hosting service provider and the systems used to operate the website may record technical data for the purpose of checking the operation of the service, preventing abuse, and ensuring proper operation. The purpose of the recording is to collect information related to the use of the website and to prepare statistics and analyses related to website traffic and internet usage.

Cookie settings may be managed through the visitor's browser settings.

Cookies and Anonymous Traffic Measurement

Built-in traffic measurement (Framer Analytics).

The website uses Framer's built-in analytics solution ("Framer Analytics") to measure overall website traffic in an aggregated/anonymous form for the purpose of understanding general website usage and improving the website. The Data Controller does not use Google Analytics, Meta Pixel, Google Tag Manager, or other marketing/profiling trackers on this website.

Google Fonts (typography).

The website uses web fonts provided via Google Fonts to display typography. When loading the website, the visitor's browser may request font files from Google's servers. As part of this request, Google may receive technical information such as the visitor's IP address and browser/device information. These requests are used solely for displaying typography. Google Privacy Policy: https://policies.google.com/privacy

Google Search Console.

The Data Controller uses Google Search Console to monitor and improve the website's visibility in Google Search and to obtain aggregated information about search performance.

Strictly Necessary Cookies

These cookies are essential for the website to function properly and securely. Without these cookies, certain functions of the website may not work properly.

Functional Cookies

Functional cookies help the website remember certain settings and provide improved functionality. The website is designed to operate without the use of additional functional cookies beyond what is strictly necessary.

Targeting Cookies

Targeting cookies are used to display content and advertisements that are relevant to the visitor's interests. The Data Controller does not use targeting/marketing cookies on the website.

Third-Party Cookies and Third-Party Services

The website may use third-party services (such as Google Fonts) exclusively for typography display. As part of providing these services, third parties may receive technical information related to the use of the website (such as IP address and browser/device information) and may use cookies or similar technologies in accordance with their own documentation.

This website does not use third-party marketing or advertising tracking technologies (such as Meta Pixel) and does not use Google Analytics or Google Tag Manager.

Scope and Legal Basis of the Data Processed

The scope of the data processed may include: date, time, the IP address of the visitor’s device, the visited pages, the browser type, the operating system, and other technical log data.

In addition, when the contact form is used, the following data may be processed: name, email address, organization/brand name, subject, and message.

The contact form is provided through Framer Forms. Messages sent via the contact form are delivered to and handled by the Data Controller through the Data Controller's email system (Google Workspace/Gmail), for the purpose of responding and maintaining business communication.

The purposes of processing are: operation and security of the website; prevention of abuse; responding to inquiries; preparing quotations; and business communication.

The legal basis of processing is taking steps at the request of the data subject prior to entering into a contract and/or the legitimate interest of the Data Controller in operating the website securely and handling inquiries, as applicable under the GDPR.

Duration of the Data Processing

Technical log data and website-related technical records are stored for as long as necessary for the operation, security, and troubleshooting of the website.

Messages and correspondence received via the contact form and via email are stored for as long as necessary for handling the inquiry and maintaining business communication, and may be stored longer where necessary for the establishment, exercise, or defense of legal claims, or to comply with legal obligations.

Data Processing for Marketing Purposes

The Data Controller does not operate a newsletter and does not carry out data processing for newsletter sending on the website.

If the Data Controller intends to carry out marketing-related data processing in the future, prior information will be provided on the essential circumstances of the processing (legal background and legal basis, purpose, scope of the data processed, duration of processing).

Legal Basis of the Data Processing

Where processing is based on the data subject's consent, the data subject provides consent voluntarily.

In the case of website operation and contact communication, processing is based on the legitimate interest of the Data Controller and/or taking steps at the request of the data subject prior to entering into a contract, as applicable under the GDPR.

Further Data Processing

If the Data Controller wishes to carry out further data processing, prior information will be provided on the essential circumstances of the data processing (legal background and legal basis, purpose, scope of data processed, duration of processing).

The data subject is hereby informed that authorities may request data based on statutory authorization. The Data Controller keeps records of data transfers in accordance with the provisions of Act CXII of 2011 (Infotv.) and provides information upon request unless disclosure is excluded by law.

Rights of Clients/Data Subjects

Rights to which the data subject is entitled during the processing of data.

Within the duration of the data processing, the data subject is entitled, under the provisions of the GDPR, to the following rights:

-> the right to withdraw consent;

-> access to personal data and information related to data processing;

-> the right to rectification;

-> restriction of data processing;

-> the right to erasure;

-> the right to object;

-> the right to data portability.

If the data subject wishes to exercise these rights, this involves identification of the data subject, and the Data Controller needs to communicate with the data subject.

The Data Controller responds to complaints related to data processing no later than within 30 days.

Right to Withdraw Consent

Where the legal basis of processing is the data subject's consent, the data subject is entitled at any time to withdraw consent given to data processing. In the event of withdrawal of consent, processing based on consent is terminated, and the provided data are deleted from the Data Controller's systems, unless retention is required by law or is otherwise justified by a lawful basis.

Access to Personal Data

The data subject is entitled to receive feedback from the Data Controller as to whether or not personal data concerning the data subject are being processed, and, where that is the case, to access the personal data and the following information:

-> the purposes of the processing;

-> the categories of personal data concerned;

-> information on the recipients or categories of recipients to whom the personal data have been or will be disclosed;

-> the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

-> the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject, and to object to such processing;

-> the right to lodge a complaint with a supervisory authority;

-> information where the personal data are not collected from the data subject;

-> the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The Data Controller provides the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, the information is provided in a commonly used electronic form, unless otherwise requested by the data subject.

Right to Rectification

The data subject is entitled to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning the data subject. Taking into account the purposes of the processing, the data subject is entitled to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to Restriction of Data Processing

The data subject is entitled to obtain from the Data Controller restriction of processing where one of the following applies:

-> the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;

-> the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

-> the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or

-> the data subject has objected to processing pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.

Where processing has been restricted, such personal data are processed, with the exception of storage, only with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

The Data Controller informs the data subject, who has obtained restriction of processing, before the restriction of processing is lifted.

Right to Erasure – Right to be Forgotten

The data subject is entitled to obtain from the Data Controller the erasure of personal data concerning the data subject without undue delay and the Data Controller is obliged to erase personal data without undue delay where one of the following grounds applies:

-> the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

-> the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;

-> the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

-> the personal data have been unlawfully processed;

-> the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;

-> the personal data have been collected in relation to the offer of information society services.

Erasure is not applicable where processing is necessary:

-> for exercising the right of freedom of expression and information;

-> for compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

-> for reasons of public interest in the area of public health;

-> for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;

-> for the establishment, exercise, or defense of legal claims.

Right to Object

The data subject is entitled to object, on grounds relating to the data subject's particular situation, at any time to processing of personal data concerning the data subject which is based on legitimate interest.

In this case, the Data Controller no longer processes the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

If personal data are processed for direct marketing purposes, the data subject is entitled to object at any time to processing of personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to Data Portability

The data subject is entitled to receive the personal data concerning the data subject, which have been provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the Data Controller, where:

-> the processing is based on consent or on a contract; and

-> the processing is carried out by automated means.

In exercising the right to data portability, the data subject has the right to have the personal data transmitted directly from the Data Controller to another controller, where technically feasible.

Automated Decision-Making

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects the data subject.

Registration in the Data Protection Register

Registration of data processing operations in the data protection register under Act CXII of 2011 (Infotv.) is no longer required as of 25 May 2018.

Data Security Measures

The Data Controller declares that appropriate security measures are applied in order to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, and against inaccessibility resulting from changes in the technology.

The Data Controller takes organizational and technical measures to the extent possible and expects persons acting on behalf of the Data Controller to take appropriate measures when working with personal data.

Remedies

If the data subject believes that the Data Controller has violated any statutory provision applicable to data processing or has not fulfilled any request, the data subject may initiate an investigation procedure with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) (mailing address: 1363 Budapest, Pf.: 9., e-mail: ugyfelszolgalat@naih.hu).

The data subject is also informed that, in the event of a breach of the statutory provisions applicable to data processing or if the Data Controller has not fulfilled any request, the data subject may bring a civil action against the Data Controller before a court.

Modification of the Privacy Notice

The Data Controller reserves the right to modify this privacy notice. By using the website after the entry into force of the modification, the data subject accepts the modified privacy notice.

Introduction

This privacy notice governs the data processing operations arising in the course of the activities of sole proprietor Kurucz Tamás. The legal basis and framework of the processing include Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR), as well as the relevant Hungarian laws, including Act CL of 2017 on the Rules of Taxation, Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, Act C of 2000 on Accounting, and Act CXVII of 1995 on Personal Income Tax.

In connection with the processing of data, sole proprietor Kurucz Tamás hereby informs the data subject about the personal data processed, the principles and practice followed in the processing of personal data, and the rights of clients/data subjects.

This privacy policy is available at the registered office of sole proprietor Kurucz Tamás at Simonffy Street 4-6, Ground Floor, Door 41, 4025 Debrecen, Hungary.

Data of the Data Controller

1.

If the data subject wishes to contact the Data Controller, the Data Controller may be contacted at: [design@tamaskurucz.com].

Business Name: Kurucz Tamás E.V.

Registered Office: Simonffy Street 4-6, Ground Floor, Door 41, 4025 Debrecen, Hungary

Tax number (Hungary): 56569582-1-29

EU VAT number: HU56569582

Email address: [design@tamaskurucz.com]

Website: [www.tamaskurucz.com]

2.

Data protection contact:

Name: Kurucz Tamás

Email address: [design@tamaskurucz.com]

3.

Web hosting service provider:

Company name: Framer B.V.

Registered office: Rozengracht 207B, 1016 LZ, Amsterdam, The Netherlands

Chamber of Commerce (KVK) number: 59920637

VAT number: NL853695386B01

Email: [support@framer.com]

Website: [www.framer.com]

Terms of service: [https://www.framer.com/legal/terms-of-service/]

Privacy statement: [https://www.framer.com/legal/privacy-statement/]

Data processing addendum: [https://www.framer.com/legal/data-processing-addendum/]

Cookie policy: [https://www.framer.com/legal/cookie-policy/]

Security: [https://www.framer.com/legal/security/]

Sub-processors: [https://www.framer.com/legal/sub-processors/]

Affiliates Terms and Conditions: [https://www.framer.com/legal/affiliates-terms-and-conditions/]

4.

Domain name registrar / domain registration service provider:

Company name: Porkbun LLC

Address: 21370 SW Langer Farms Parkway, Suite 142-429, Sherwood, OR 97140, USA

Support email: [support@porkbun.com]

Privacy contact email: [privacy@porkbun.com]

Website: [www.porkbun.com]

Legal documents: [https://porkbun.com/legal]

Domain name registration agreement: [https://porkbun.com/legal/agreement/domain_name_registration_agreement]

Product terms of service: [https://porkbun.com/legal/agreement/product_terms_of_service]

Privacy policy: [https://porkbun.com/legal/agreement/privacy_policy]

5.

Email service provider (Google Workspace / Gmail):

Company name: Google LLC

Address: 1600 Amphitheatre Parkway, Mountain View, California 94043, USA

Website: [workspace.google.com]

Terms of service: [https://workspace.google.com/terms/premier_terms/]

Privacy policy: [https://policies.google.com/privacy]

Google Cloud privacy notice (covers Google Workspace): [https://cloud.google.com/terms/cloud-privacy-notice]

Data processing amendment (DPA): [https://workspace.google.com/terms/09242021/dpa_terms/]

Subprocessors (Google Workspace): [https://workspace.google.com/terms/subprocessors/]

Security: [https://workspace.google.com/security/]

Google contracting entity (reference page): [https://cloud.google.com/terms/google-entity]

(Where applicable for EEA contracting):

Company name: Google Ireland Limited

Registered office: Gordon House, Barrow Street, Dublin 4, Ireland

Company registration number: 368047

VAT number: IE6388047V

Internet Cookies (Cookies) and Similar Technologies

The website may use cookies and/or similar technologies.

Any external visitor may access the website and the information disclosed by the Data Controller. When visiting the website, the web hosting service provider and the systems used to operate the website may record technical data for the purpose of checking the operation of the service, preventing abuse, and ensuring proper operation. The purpose of the recording is to collect information related to the use of the website and to prepare statistics and analyses related to website traffic and internet usage.

Cookie settings may be managed through the visitor's browser settings.

Cookies and Anonymous Traffic Measurement

Built-in traffic measurement (Framer Analytics).

The website uses Framer's built-in analytics solution ("Framer Analytics") to measure overall website traffic in an aggregated/anonymous form for the purpose of understanding general website usage and improving the website. The Data Controller does not use Google Analytics, Meta Pixel, Google Tag Manager, or other marketing/profiling trackers on this website.

Google Fonts (typography).

The website uses web fonts provided via Google Fonts to display typography. When loading the website, the visitor's browser may request font files from Google's servers. As part of this request, Google may receive technical information such as the visitor's IP address and browser/device information. These requests are used solely for displaying typography. Google Privacy Policy: https://policies.google.com/privacy

Google Search Console.

The Data Controller uses Google Search Console to monitor and improve the website's visibility in Google Search and to obtain aggregated information about search performance.

Strictly Necessary Cookies

These cookies are essential for the website to function properly and securely. Without these cookies, certain functions of the website may not work properly.

Functional Cookies

Functional cookies help the website remember certain settings and provide improved functionality. The website is designed to operate without the use of additional functional cookies beyond what is strictly necessary.

Targeting Cookies

Targeting cookies are used to display content and advertisements that are relevant to the visitor's interests. The Data Controller does not use targeting/marketing cookies on the website.

Third-Party Cookies and Third-Party Services

The website may use third-party services (such as Google Fonts) exclusively for typography display. As part of providing these services, third parties may receive technical information related to the use of the website (such as IP address and browser/device information) and may use cookies or similar technologies in accordance with their own documentation.

This website does not use third-party marketing or advertising tracking technologies (such as Meta Pixel) and does not use Google Analytics or Google Tag Manager.

Scope and Legal Basis of the Data Processed

The scope of the data processed may include: date, time, the IP address of the visitor’s device, the visited pages, the browser type, the operating system, and other technical log data.

In addition, when the contact form is used, the following data may be processed: name, email address, organization/brand name, subject, and message.

The contact form is provided through Framer Forms. Messages sent via the contact form are delivered to and handled by the Data Controller through the Data Controller's email system (Google Workspace/Gmail), for the purpose of responding and maintaining business communication.

The purposes of processing are: operation and security of the website; prevention of abuse; responding to inquiries; preparing quotations; and business communication.

The legal basis of processing is taking steps at the request of the data subject prior to entering into a contract and/or the legitimate interest of the Data Controller in operating the website securely and handling inquiries, as applicable under the GDPR.

Duration of the Data Processing

Technical log data and website-related technical records are stored for as long as necessary for the operation, security, and troubleshooting of the website.

Messages and correspondence received via the contact form and via email are stored for as long as necessary for handling the inquiry and maintaining business communication, and may be stored longer where necessary for the establishment, exercise, or defense of legal claims, or to comply with legal obligations.

Data Processing for Marketing Purposes

The Data Controller does not operate a newsletter and does not carry out data processing for newsletter sending on the website.

If the Data Controller intends to carry out marketing-related data processing in the future, prior information will be provided on the essential circumstances of the processing (legal background and legal basis, purpose, scope of the data processed, duration of processing).

Legal Basis of the Data Processing

Where processing is based on the data subject's consent, the data subject provides consent voluntarily.

In the case of website operation and contact communication, processing is based on the legitimate interest of the Data Controller and/or taking steps at the request of the data subject prior to entering into a contract, as applicable under the GDPR.

Further Data Processing

If the Data Controller wishes to carry out further data processing, prior information will be provided on the essential circumstances of the data processing (legal background and legal basis, purpose, scope of data processed, duration of processing).

The data subject is hereby informed that authorities may request data based on statutory authorization. The Data Controller keeps records of data transfers in accordance with the provisions of Act CXII of 2011 (Infotv.) and provides information upon request unless disclosure is excluded by law.

Rights of Clients/Data Subjects

Rights to which the data subject is entitled during the processing of data.

Within the duration of the data processing, the data subject is entitled, under the provisions of the GDPR, to the following rights:

-> the right to withdraw consent;

-> access to personal data and information related to data processing;

-> the right to rectification;

-> restriction of data processing;

-> the right to erasure;

-> the right to object;

-> the right to data portability.

If the data subject wishes to exercise these rights, this involves identification of the data subject, and the Data Controller needs to communicate with the data subject.

The Data Controller responds to complaints related to data processing no later than within 30 days.

Right to Withdraw Consent

Where the legal basis of processing is the data subject's consent, the data subject is entitled at any time to withdraw consent given to data processing. In the event of withdrawal of consent, processing based on consent is terminated, and the provided data are deleted from the Data Controller's systems, unless retention is required by law or is otherwise justified by a lawful basis.

Access to Personal Data

The data subject is entitled to receive feedback from the Data Controller as to whether or not personal data concerning the data subject are being processed, and, where that is the case, to access the personal data and the following information:

-> the purposes of the processing;

-> the categories of personal data concerned;

-> information on the recipients or categories of recipients to whom the personal data have been or will be disclosed;

-> the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

-> the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject, and to object to such processing;

-> the right to lodge a complaint with a supervisory authority;

-> information where the personal data are not collected from the data subject;

-> the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The Data Controller provides the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, the information is provided in a commonly used electronic form, unless otherwise requested by the data subject.

Right to Rectification

The data subject is entitled to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning the data subject. Taking into account the purposes of the processing, the data subject is entitled to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to Restriction of Data Processing

The data subject is entitled to obtain from the Data Controller restriction of processing where one of the following applies:

-> the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;

-> the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

-> the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or

-> the data subject has objected to processing pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.

Where processing has been restricted, such personal data are processed, with the exception of storage, only with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

The Data Controller informs the data subject, who has obtained restriction of processing, before the restriction of processing is lifted.

Right to Erasure – Right to be Forgotten

The data subject is entitled to obtain from the Data Controller the erasure of personal data concerning the data subject without undue delay and the Data Controller is obliged to erase personal data without undue delay where one of the following grounds applies:

-> the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

-> the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;

-> the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

-> the personal data have been unlawfully processed;

-> the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;

-> the personal data have been collected in relation to the offer of information society services.

Erasure is not applicable where processing is necessary:

-> for exercising the right of freedom of expression and information;

-> for compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

-> for reasons of public interest in the area of public health;

-> for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;

-> for the establishment, exercise, or defense of legal claims.

Right to Object

The data subject is entitled to object, on grounds relating to the data subject's particular situation, at any time to processing of personal data concerning the data subject which is based on legitimate interest.

In this case, the Data Controller no longer processes the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

If personal data are processed for direct marketing purposes, the data subject is entitled to object at any time to processing of personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to Data Portability

The data subject is entitled to receive the personal data concerning the data subject, which have been provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the Data Controller, where:

-> the processing is based on consent or on a contract; and

-> the processing is carried out by automated means.

In exercising the right to data portability, the data subject has the right to have the personal data transmitted directly from the Data Controller to another controller, where technically feasible.

Automated Decision-Making

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects the data subject.

Registration in the Data Protection Register

Registration of data processing operations in the data protection register under Act CXII of 2011 (Infotv.) is no longer required as of 25 May 2018.

Data Security Measures

The Data Controller declares that appropriate security measures are applied in order to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, and against inaccessibility resulting from changes in the technology.

The Data Controller takes organizational and technical measures to the extent possible and expects persons acting on behalf of the Data Controller to take appropriate measures when working with personal data.

Remedies

If the data subject believes that the Data Controller has violated any statutory provision applicable to data processing or has not fulfilled any request, the data subject may initiate an investigation procedure with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) (mailing address: 1363 Budapest, Pf.: 9., e-mail: ugyfelszolgalat@naih.hu).

The data subject is also informed that, in the event of a breach of the statutory provisions applicable to data processing or if the Data Controller has not fulfilled any request, the data subject may bring a civil action against the Data Controller before a court.

Modification of the Privacy Notice

The Data Controller reserves the right to modify this privacy notice. By using the website after the entry into force of the modification, the data subject accepts the modified privacy notice.

Introduction

This privacy notice governs the data processing operations arising in the course of the activities of sole proprietor Kurucz Tamás. The legal basis and framework of the processing include Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR), as well as the relevant Hungarian laws, including Act CL of 2017 on the Rules of Taxation, Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, Act C of 2000 on Accounting, and Act CXVII of 1995 on Personal Income Tax.

In connection with the processing of data, sole proprietor Kurucz Tamás hereby informs the data subject about the personal data processed, the principles and practice followed in the processing of personal data, and the rights of clients/data subjects.

This privacy policy is available at the registered office of sole proprietor Kurucz Tamás at Simonffy Street 4-6, Ground Floor, Door 41, 4025 Debrecen, Hungary.

Data of the Data Controller

1.

If the data subject wishes to contact the Data Controller, the Data Controller may be contacted at: [design@tamaskurucz.com].

Business Name: Kurucz Tamás E.V.

Registered Office: Simonffy Street 4-6, Ground Floor, Door 41, 4025 Debrecen, Hungary

Tax number (Hungary): 56569582-1-29

EU VAT number: HU56569582

Email address: [design@tamaskurucz.com]

Website: [www.tamaskurucz.com]

2.

Data protection contact:

Name: Kurucz Tamás

Email address: [design@tamaskurucz.com]

3.

Web hosting service provider:

Company name: Framer B.V.

Registered office: Rozengracht 207B, 1016 LZ, Amsterdam, The Netherlands

Chamber of Commerce (KVK) number: 59920637

VAT number: NL853695386B01

Email: [support@framer.com]

Website: [www.framer.com]

Terms of service: [https://www.framer.com/legal/terms-of-service/]

Privacy statement: [https://www.framer.com/legal/privacy-statement/]

Data processing addendum: [https://www.framer.com/legal/data-processing-addendum/]

Cookie policy: [https://www.framer.com/legal/cookie-policy/]

Security: [https://www.framer.com/legal/security/]

Sub-processors: [https://www.framer.com/legal/sub-processors/]

Affiliates Terms and Conditions: [https://www.framer.com/legal/affiliates-terms-and-conditions/]

4.

Domain name registrar / domain registration service provider:

Company name: Porkbun LLC

Address: 21370 SW Langer Farms Parkway, Suite 142-429, Sherwood, OR 97140, USA

Support email: [support@porkbun.com]

Privacy contact email: [privacy@porkbun.com]

Website: [www.porkbun.com]

Legal documents: [https://porkbun.com/legal]

Domain name registration agreement: [https://porkbun.com/legal/agreement/domain_name_registration_agreement]

Product terms of service: [https://porkbun.com/legal/agreement/product_terms_of_service]

Privacy policy: [https://porkbun.com/legal/agreement/privacy_policy]

5.

Email service provider (Google Workspace / Gmail):

Company name: Google LLC

Address: 1600 Amphitheatre Parkway, Mountain View, California 94043, USA

Website: [workspace.google.com]

Terms of service: [https://workspace.google.com/terms/premier_terms/]

Privacy policy: [https://policies.google.com/privacy]

Google Cloud privacy notice (covers Google Workspace): [https://cloud.google.com/terms/cloud-privacy-notice]

Data processing amendment (DPA): [https://workspace.google.com/terms/09242021/dpa_terms/]

Subprocessors (Google Workspace): [https://workspace.google.com/terms/subprocessors/]

Security: [https://workspace.google.com/security/]

Google contracting entity (reference page): [https://cloud.google.com/terms/google-entity]

(Where applicable for EEA contracting):

Company name: Google Ireland Limited

Registered office: Gordon House, Barrow Street, Dublin 4, Ireland

Company registration number: 368047

VAT number: IE6388047V

Internet Cookies (Cookies) and Similar Technologies

The website may use cookies and/or similar technologies.

Any external visitor may access the website and the information disclosed by the Data Controller. When visiting the website, the web hosting service provider and the systems used to operate the website may record technical data for the purpose of checking the operation of the service, preventing abuse, and ensuring proper operation. The purpose of the recording is to collect information related to the use of the website and to prepare statistics and analyses related to website traffic and internet usage.

Cookie settings may be managed through the visitor's browser settings.

Cookies and Anonymous Traffic Measurement

Built-in traffic measurement (Framer Analytics).

The website uses Framer's built-in analytics solution ("Framer Analytics") to measure overall website traffic in an aggregated/anonymous form for the purpose of understanding general website usage and improving the website. The Data Controller does not use Google Analytics, Meta Pixel, Google Tag Manager, or other marketing/profiling trackers on this website.

Google Fonts (typography).

The website uses web fonts provided via Google Fonts to display typography. When loading the website, the visitor's browser may request font files from Google's servers. As part of this request, Google may receive technical information such as the visitor's IP address and browser/device information. These requests are used solely for displaying typography. Google Privacy Policy: https://policies.google.com/privacy

Google Search Console.

The Data Controller uses Google Search Console to monitor and improve the website's visibility in Google Search and to obtain aggregated information about search performance.

Strictly Necessary Cookies

These cookies are essential for the website to function properly and securely. Without these cookies, certain functions of the website may not work properly.

Functional Cookies

Functional cookies help the website remember certain settings and provide improved functionality. The website is designed to operate without the use of additional functional cookies beyond what is strictly necessary.

Targeting Cookies

Targeting cookies are used to display content and advertisements that are relevant to the visitor's interests. The Data Controller does not use targeting/marketing cookies on the website.

Third-Party Cookies and Third-Party Services

The website may use third-party services (such as Google Fonts) exclusively for typography display. As part of providing these services, third parties may receive technical information related to the use of the website (such as IP address and browser/device information) and may use cookies or similar technologies in accordance with their own documentation.

This website does not use third-party marketing or advertising tracking technologies (such as Meta Pixel) and does not use Google Analytics or Google Tag Manager.

Scope and Legal Basis of the Data Processed

The scope of the data processed may include: date, time, the IP address of the visitor’s device, the visited pages, the browser type, the operating system, and other technical log data.

In addition, when the contact form is used, the following data may be processed: name, email address, organization/brand name, subject, and message.

The contact form is provided through Framer Forms. Messages sent via the contact form are delivered to and handled by the Data Controller through the Data Controller's email system (Google Workspace/Gmail), for the purpose of responding and maintaining business communication.

The purposes of processing are: operation and security of the website; prevention of abuse; responding to inquiries; preparing quotations; and business communication.

The legal basis of processing is taking steps at the request of the data subject prior to entering into a contract and/or the legitimate interest of the Data Controller in operating the website securely and handling inquiries, as applicable under the GDPR.

Duration of the Data Processing

Technical log data and website-related technical records are stored for as long as necessary for the operation, security, and troubleshooting of the website.

Messages and correspondence received via the contact form and via email are stored for as long as necessary for handling the inquiry and maintaining business communication, and may be stored longer where necessary for the establishment, exercise, or defense of legal claims, or to comply with legal obligations.

Data Processing for Marketing Purposes

The Data Controller does not operate a newsletter and does not carry out data processing for newsletter sending on the website.

If the Data Controller intends to carry out marketing-related data processing in the future, prior information will be provided on the essential circumstances of the processing (legal background and legal basis, purpose, scope of the data processed, duration of processing).

Legal Basis of the Data Processing

Where processing is based on the data subject's consent, the data subject provides consent voluntarily.

In the case of website operation and contact communication, processing is based on the legitimate interest of the Data Controller and/or taking steps at the request of the data subject prior to entering into a contract, as applicable under the GDPR.

Further Data Processing

If the Data Controller wishes to carry out further data processing, prior information will be provided on the essential circumstances of the data processing (legal background and legal basis, purpose, scope of data processed, duration of processing).

The data subject is hereby informed that authorities may request data based on statutory authorization. The Data Controller keeps records of data transfers in accordance with the provisions of Act CXII of 2011 (Infotv.) and provides information upon request unless disclosure is excluded by law.

Rights of Clients/Data Subjects

Rights to which the data subject is entitled during the processing of data.

Within the duration of the data processing, the data subject is entitled, under the provisions of the GDPR, to the following rights:

-> the right to withdraw consent;

-> access to personal data and information related to data processing;

-> the right to rectification;

-> restriction of data processing;

-> the right to erasure;

-> the right to object;

-> the right to data portability.

If the data subject wishes to exercise these rights, this involves identification of the data subject, and the Data Controller needs to communicate with the data subject.

The Data Controller responds to complaints related to data processing no later than within 30 days.

Right to Withdraw Consent

Where the legal basis of processing is the data subject's consent, the data subject is entitled at any time to withdraw consent given to data processing. In the event of withdrawal of consent, processing based on consent is terminated, and the provided data are deleted from the Data Controller's systems, unless retention is required by law or is otherwise justified by a lawful basis.

Access to Personal Data

The data subject is entitled to receive feedback from the Data Controller as to whether or not personal data concerning the data subject are being processed, and, where that is the case, to access the personal data and the following information:

-> the purposes of the processing;

-> the categories of personal data concerned;

-> information on the recipients or categories of recipients to whom the personal data have been or will be disclosed;

-> the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

-> the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject, and to object to such processing;

-> the right to lodge a complaint with a supervisory authority;

-> information where the personal data are not collected from the data subject;

-> the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The Data Controller provides the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, the information is provided in a commonly used electronic form, unless otherwise requested by the data subject.

Right to Rectification

The data subject is entitled to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning the data subject. Taking into account the purposes of the processing, the data subject is entitled to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to Restriction of Data Processing

The data subject is entitled to obtain from the Data Controller restriction of processing where one of the following applies:

-> the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;

-> the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

-> the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or

-> the data subject has objected to processing pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.

Where processing has been restricted, such personal data are processed, with the exception of storage, only with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

The Data Controller informs the data subject, who has obtained restriction of processing, before the restriction of processing is lifted.

Right to Erasure – Right to be Forgotten

The data subject is entitled to obtain from the Data Controller the erasure of personal data concerning the data subject without undue delay and the Data Controller is obliged to erase personal data without undue delay where one of the following grounds applies:

-> the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

-> the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;

-> the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

-> the personal data have been unlawfully processed;

-> the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;

-> the personal data have been collected in relation to the offer of information society services.

Erasure is not applicable where processing is necessary:

-> for exercising the right of freedom of expression and information;

-> for compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

-> for reasons of public interest in the area of public health;

-> for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;

-> for the establishment, exercise, or defense of legal claims.

Right to Object

The data subject is entitled to object, on grounds relating to the data subject's particular situation, at any time to processing of personal data concerning the data subject which is based on legitimate interest.

In this case, the Data Controller no longer processes the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

If personal data are processed for direct marketing purposes, the data subject is entitled to object at any time to processing of personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to Data Portability

The data subject is entitled to receive the personal data concerning the data subject, which have been provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the Data Controller, where:

-> the processing is based on consent or on a contract; and

-> the processing is carried out by automated means.

In exercising the right to data portability, the data subject has the right to have the personal data transmitted directly from the Data Controller to another controller, where technically feasible.

Automated Decision-Making

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects the data subject.

Registration in the Data Protection Register

Registration of data processing operations in the data protection register under Act CXII of 2011 (Infotv.) is no longer required as of 25 May 2018.

Data Security Measures

The Data Controller declares that appropriate security measures are applied in order to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, and against inaccessibility resulting from changes in the technology.

The Data Controller takes organizational and technical measures to the extent possible and expects persons acting on behalf of the Data Controller to take appropriate measures when working with personal data.

Remedies

If the data subject believes that the Data Controller has violated any statutory provision applicable to data processing or has not fulfilled any request, the data subject may initiate an investigation procedure with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) (mailing address: 1363 Budapest, Pf.: 9., e-mail: ugyfelszolgalat@naih.hu).

The data subject is also informed that, in the event of a breach of the statutory provisions applicable to data processing or if the Data Controller has not fulfilled any request, the data subject may bring a civil action against the Data Controller before a court.

Modification of the Privacy Notice

The Data Controller reserves the right to modify this privacy notice. By using the website after the entry into force of the modification, the data subject accepts the modified privacy notice.

Introduction

This privacy notice governs the data processing operations arising in the course of the activities of sole proprietor Kurucz Tamás. The legal basis and framework of the processing include Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR), as well as the relevant Hungarian laws, including Act CL of 2017 on the Rules of Taxation, Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information, Act C of 2000 on Accounting, and Act CXVII of 1995 on Personal Income Tax.

In connection with the processing of data, sole proprietor Kurucz Tamás hereby informs the data subject about the personal data processed, the principles and practice followed in the processing of personal data, and the rights of clients/data subjects.

This privacy policy is available at the registered office of sole proprietor Kurucz Tamás at Simonffy Street 4-6, Ground Floor, Door 41, 4025 Debrecen, Hungary.

Data of the Data Controller

1.

If the data subject wishes to contact the Data Controller, the Data Controller may be contacted at: [design@tamaskurucz.com].

Business Name: Kurucz Tamás E.V.

Registered Office: Simonffy Street 4-6, Ground Floor, Door 41, 4025 Debrecen, Hungary

Tax number (Hungary): 56569582-1-29

EU VAT number: HU56569582

Email address: [design@tamaskurucz.com]

Website: [www.tamaskurucz.com]

2.

Data protection contact:

Name: Kurucz Tamás

Email address: [design@tamaskurucz.com]

3.

Web hosting service provider:

Company name: Framer B.V.

Registered office: Rozengracht 207B, 1016 LZ, Amsterdam, The Netherlands

Chamber of Commerce (KVK) number: 59920637

VAT number: NL853695386B01

Email: [support@framer.com]

Website: [www.framer.com]

Terms of service: [https://www.framer.com/legal/terms-of-service/]

Privacy statement: [https://www.framer.com/legal/privacy-statement/]

Data processing addendum: [https://www.framer.com/legal/data-processing-addendum/]

Cookie policy: [https://www.framer.com/legal/cookie-policy/]

Security: [https://www.framer.com/legal/security/]

Sub-processors: [https://www.framer.com/legal/sub-processors/]

Affiliates Terms and Conditions: [https://www.framer.com/legal/affiliates-terms-and-conditions/]

4.

Domain name registrar / domain registration service provider:

Company name: Porkbun LLC

Address: 21370 SW Langer Farms Parkway, Suite 142-429, Sherwood, OR 97140, USA

Support email: [support@porkbun.com]

Privacy contact email: [privacy@porkbun.com]

Website: [www.porkbun.com]

Legal documents: [https://porkbun.com/legal]

Domain name registration agreement: [https://porkbun.com/legal/agreement/domain_name_registration_agreement]

Product terms of service: [https://porkbun.com/legal/agreement/product_terms_of_service]

Privacy policy: [https://porkbun.com/legal/agreement/privacy_policy]

5.

Email service provider (Google Workspace / Gmail):

Company name: Google LLC

Address: 1600 Amphitheatre Parkway, Mountain View, California 94043, USA

Website: [workspace.google.com]

Terms of service: [https://workspace.google.com/terms/premier_terms/]

Privacy policy: [https://policies.google.com/privacy]

Google Cloud privacy notice (covers Google Workspace): [https://cloud.google.com/terms/cloud-privacy-notice]

Data processing amendment (DPA): [https://workspace.google.com/terms/09242021/dpa_terms/]

Subprocessors (Google Workspace): [https://workspace.google.com/terms/subprocessors/]

Security: [https://workspace.google.com/security/]

Google contracting entity (reference page): [https://cloud.google.com/terms/google-entity]

(Where applicable for EEA contracting):

Company name: Google Ireland Limited

Registered office: Gordon House, Barrow Street, Dublin 4, Ireland

Company registration number: 368047

VAT number: IE6388047V

Internet Cookies (Cookies) and Similar Technologies

The website may use cookies and/or similar technologies.

Any external visitor may access the website and the information disclosed by the Data Controller. When visiting the website, the web hosting service provider and the systems used to operate the website may record technical data for the purpose of checking the operation of the service, preventing abuse, and ensuring proper operation. The purpose of the recording is to collect information related to the use of the website and to prepare statistics and analyses related to website traffic and internet usage.

Cookie settings may be managed through the visitor's browser settings.

Cookies and Anonymous Traffic Measurement

Built-in traffic measurement (Framer Analytics).

The website uses Framer's built-in analytics solution ("Framer Analytics") to measure overall website traffic in an aggregated/anonymous form for the purpose of understanding general website usage and improving the website. The Data Controller does not use Google Analytics, Meta Pixel, Google Tag Manager, or other marketing/profiling trackers on this website.

Google Fonts (typography).

The website uses web fonts provided via Google Fonts to display typography. When loading the website, the visitor's browser may request font files from Google's servers. As part of this request, Google may receive technical information such as the visitor's IP address and browser/device information. These requests are used solely for displaying typography. Google Privacy Policy: https://policies.google.com/privacy

Google Search Console.

The Data Controller uses Google Search Console to monitor and improve the website's visibility in Google Search and to obtain aggregated information about search performance.

Strictly Necessary Cookies

These cookies are essential for the website to function properly and securely. Without these cookies, certain functions of the website may not work properly.

Functional Cookies

Functional cookies help the website remember certain settings and provide improved functionality. The website is designed to operate without the use of additional functional cookies beyond what is strictly necessary.

Targeting Cookies

Targeting cookies are used to display content and advertisements that are relevant to the visitor's interests. The Data Controller does not use targeting/marketing cookies on the website.

Third-Party Cookies and Third-Party Services

The website may use third-party services (such as Google Fonts) exclusively for typography display. As part of providing these services, third parties may receive technical information related to the use of the website (such as IP address and browser/device information) and may use cookies or similar technologies in accordance with their own documentation.

This website does not use third-party marketing or advertising tracking technologies (such as Meta Pixel) and does not use Google Analytics or Google Tag Manager.

Scope and Legal Basis of the Data Processed

The scope of the data processed may include: date, time, the IP address of the visitor’s device, the visited pages, the browser type, the operating system, and other technical log data.

In addition, when the contact form is used, the following data may be processed: name, email address, organization/brand name, subject, and message.

The contact form is provided through Framer Forms. Messages sent via the contact form are delivered to and handled by the Data Controller through the Data Controller's email system (Google Workspace/Gmail), for the purpose of responding and maintaining business communication.

The purposes of processing are: operation and security of the website; prevention of abuse; responding to inquiries; preparing quotations; and business communication.

The legal basis of processing is taking steps at the request of the data subject prior to entering into a contract and/or the legitimate interest of the Data Controller in operating the website securely and handling inquiries, as applicable under the GDPR.

Duration of the Data Processing

Technical log data and website-related technical records are stored for as long as necessary for the operation, security, and troubleshooting of the website.

Messages and correspondence received via the contact form and via email are stored for as long as necessary for handling the inquiry and maintaining business communication, and may be stored longer where necessary for the establishment, exercise, or defense of legal claims, or to comply with legal obligations.

Data Processing for Marketing Purposes

The Data Controller does not operate a newsletter and does not carry out data processing for newsletter sending on the website.

If the Data Controller intends to carry out marketing-related data processing in the future, prior information will be provided on the essential circumstances of the processing (legal background and legal basis, purpose, scope of the data processed, duration of processing).

Legal Basis of the Data Processing

Where processing is based on the data subject's consent, the data subject provides consent voluntarily.

In the case of website operation and contact communication, processing is based on the legitimate interest of the Data Controller and/or taking steps at the request of the data subject prior to entering into a contract, as applicable under the GDPR.

Further Data Processing

If the Data Controller wishes to carry out further data processing, prior information will be provided on the essential circumstances of the data processing (legal background and legal basis, purpose, scope of data processed, duration of processing).

The data subject is hereby informed that authorities may request data based on statutory authorization. The Data Controller keeps records of data transfers in accordance with the provisions of Act CXII of 2011 (Infotv.) and provides information upon request unless disclosure is excluded by law.

Rights of Clients/Data Subjects

Rights to which the data subject is entitled during the processing of data.

Within the duration of the data processing, the data subject is entitled, under the provisions of the GDPR, to the following rights:

-> the right to withdraw consent;

-> access to personal data and information related to data processing;

-> the right to rectification;

-> restriction of data processing;

-> the right to erasure;

-> the right to object;

-> the right to data portability.

If the data subject wishes to exercise these rights, this involves identification of the data subject, and the Data Controller needs to communicate with the data subject.

The Data Controller responds to complaints related to data processing no later than within 30 days.

Right to Withdraw Consent

Where the legal basis of processing is the data subject's consent, the data subject is entitled at any time to withdraw consent given to data processing. In the event of withdrawal of consent, processing based on consent is terminated, and the provided data are deleted from the Data Controller's systems, unless retention is required by law or is otherwise justified by a lawful basis.

Access to Personal Data

The data subject is entitled to receive feedback from the Data Controller as to whether or not personal data concerning the data subject are being processed, and, where that is the case, to access the personal data and the following information:

-> the purposes of the processing;

-> the categories of personal data concerned;

-> information on the recipients or categories of recipients to whom the personal data have been or will be disclosed;

-> the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

-> the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject, and to object to such processing;

-> the right to lodge a complaint with a supervisory authority;

-> information where the personal data are not collected from the data subject;

-> the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The Data Controller provides the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, the information is provided in a commonly used electronic form, unless otherwise requested by the data subject.

Right to Rectification

The data subject is entitled to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning the data subject. Taking into account the purposes of the processing, the data subject is entitled to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to Restriction of Data Processing

The data subject is entitled to obtain from the Data Controller restriction of processing where one of the following applies:

-> the accuracy of the personal data is contested by the data subject, for a period enabling the Data Controller to verify the accuracy of the personal data;

-> the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

-> the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims; or

-> the data subject has objected to processing pending the verification whether the legitimate grounds of the Data Controller override those of the data subject.

Where processing has been restricted, such personal data are processed, with the exception of storage, only with the data subject's consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

The Data Controller informs the data subject, who has obtained restriction of processing, before the restriction of processing is lifted.

Right to Erasure – Right to be Forgotten

The data subject is entitled to obtain from the Data Controller the erasure of personal data concerning the data subject without undue delay and the Data Controller is obliged to erase personal data without undue delay where one of the following grounds applies:

-> the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

-> the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;

-> the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

-> the personal data have been unlawfully processed;

-> the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;

-> the personal data have been collected in relation to the offer of information society services.

Erasure is not applicable where processing is necessary:

-> for exercising the right of freedom of expression and information;

-> for compliance with a legal obligation which requires processing by Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;

-> for reasons of public interest in the area of public health;

-> for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;

-> for the establishment, exercise, or defense of legal claims.

Right to Object

The data subject is entitled to object, on grounds relating to the data subject's particular situation, at any time to processing of personal data concerning the data subject which is based on legitimate interest.

In this case, the Data Controller no longer processes the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

If personal data are processed for direct marketing purposes, the data subject is entitled to object at any time to processing of personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Right to Data Portability

The data subject is entitled to receive the personal data concerning the data subject, which have been provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the Data Controller, where:

-> the processing is based on consent or on a contract; and

-> the processing is carried out by automated means.

In exercising the right to data portability, the data subject has the right to have the personal data transmitted directly from the Data Controller to another controller, where technically feasible.

Automated Decision-Making

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects the data subject.

Registration in the Data Protection Register

Registration of data processing operations in the data protection register under Act CXII of 2011 (Infotv.) is no longer required as of 25 May 2018.

Data Security Measures

The Data Controller declares that appropriate security measures are applied in order to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, and against inaccessibility resulting from changes in the technology.

The Data Controller takes organizational and technical measures to the extent possible and expects persons acting on behalf of the Data Controller to take appropriate measures when working with personal data.

Remedies

If the data subject believes that the Data Controller has violated any statutory provision applicable to data processing or has not fulfilled any request, the data subject may initiate an investigation procedure with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) (mailing address: 1363 Budapest, Pf.: 9., e-mail: ugyfelszolgalat@naih.hu).

The data subject is also informed that, in the event of a breach of the statutory provisions applicable to data processing or if the Data Controller has not fulfilled any request, the data subject may bring a civil action against the Data Controller before a court.

Modification of the Privacy Notice

The Data Controller reserves the right to modify this privacy notice. By using the website after the entry into force of the modification, the data subject accepts the modified privacy notice.