Data Protection and Data Management Regulations
Data of the service provider as a data controller
Name: Pragmatika Szolgáltató Bt.
registered office: 1075 Budapest Kazinczy u. 10
tax number: 28198370-1-42
phone number: +36 20 311 9471
(hereinafter: the "Data Controller")
The Data Controller, as the operator of Időcsapda (hereinafter referred to as: Időcspada) hereby informs its customers, guests and visitors to its website (hereinafter referred to collectively as: Data Subject(s), User(s) or Guest(s)) that it respects the personal rights of its Guests, and therefore during its data management, it acts in accordance with the following data management regulations (hereinafter: Regulations).
These regulations regulate the data management activities related to the services provided by Időcspada and accessible through the website.
PURPOSE OF THE REGULATIONS
The primary purpose of these regulations is to define and adhere to the basic principles and provisions regarding the handling of the data of natural persons and Guests who come into contact with Time Trap in order to ensure that the private sphere of natural persons is protected in accordance with the relevant legal regulations.
With reference to the provisions of point I.1, the purpose of these regulations is to ensure that the Time Trap complies in all respects with the provisions of the applicable legislation regarding data protection, in particular, but not exclusively
CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Law
XLVII of 2008 on the prohibition of unfair commercial practices towards consumers. law,
XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. law,
CXII of 2011 on the right to information self-determination and freedom of information. law
The Data Controller therefore considers it of utmost importance and is also committed to ensuring that CXII of 2011 on the right to informational self-determination and freedom of information made available by the data subject on the website or other forum or in another way. protect the data defined by law and respect the data subjects' right to self-determination of information. In this context, it contributes to the creation of safe internet access opportunities for those concerned by fully complying with the applicable laws in force.
SCOPE OF REGULATIONS
Temporal validity: These Regulations are effective from 05/25/2018 until further notice or withdrawal.
Personal scope: The scope of these Regulations covers the Time Trap, the persons whose data is included in the data processing covered by these Regulations, and also the persons whose rights or legitimate interests are affected by the data processing.
Subject scope: The scope of these Regulations covers all data processing involving personal data carried out in all organizational units.
Data Subject or User or Guest: any specific natural person identified on the basis of personal data or - directly or indirectly - identifiable;
Personal data: data that can be associated with the data subject - especially the data subject's name, identification mark, and one or more physical, physiological, mental, economic, cultural or social characteristics of the data subject - as well as the conclusion about the data subject that can be drawn from the data;
Consent: the voluntary and firm declaration of the data subject's will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data - in full or covering certain operations;
Data controller: a natural or legal person or an organization without legal personality who, independently or jointly with others, determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or implements them with the data processor it has commissioned . In terms of these regulations and the Time Trap, data controller: Pragmatika Szolgáltató Bt. 1075 Budapest Kazinczy u. 10.
Data management: regardless of the procedure used, any operation performed on the data or the set of operations, including, in particular, collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction, and preventing the further use of the data, taking photographs, audio or video recordings, as well as physical identification of the person
recording of objections;
Data transfer: making the data available to a specific third party;
Data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;
Data deletion: making data unrecognizable in such a way that their recovery is no longer possible;
Data blocking: providing the data with an identification mark for the purpose of limiting its further processing permanently or for a specified period of time;
Data destruction: complete physical destruction of the data carrier containing the data;
Data file: the totality of the data managed in a register;
Third party: a natural or legal person, or an organization without legal personality, who is not the same as the data subject, the data controller or the data processor;
Data protection incident: unlawful handling or processing of personal data, including in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage;
Website: the www.idocsapda.hu portal and all its subpages, operated by the Data Controller; The data provider declares that it also uses data processors for the operation of its website.
Facebook page: the page located on the portal https://www.facebook.com/idocsapda, maintained by the Data Controller.
PRINCIPLES OF DATA MANAGEMENT
Principle of proportionality and necessity: Only such personal data can be processed that is essential for the realization of the purpose of data management and suitable for achieving the purpose. Personal data can only be processed to the extent and for the time necessary to achieve the purpose.
Purpose-bound principle: Personal data can only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. In all stages of data management, the purpose of data management must be met, the collection and management of data must be fair and legal.
During data management, personal data will retain its quality as long as the relationship with the data subject can be restored. The relationship with the data subject can be restored if the data controller has the technical conditions necessary for restoration.
During data management, the accuracy, completeness and, if necessary, the up-to-dateness of the data must be ensured, as well as that the data subject can only be identified for the time necessary for the purpose of the data management.
Principle of voluntariness: Data provision by the data subject is voluntary. The Data Controller processes personal data with the consent of the data subject. Voluntary consent, as consent, should be understood as the user behavior by which the user, by using the website, accepts that all regulations related to the use of the website automatically apply to him.
STATEMENTS OF THE DATA CONTROLLER
The Data Controller declares that
CXII of 2011 on the right to information self-determination and freedom of information during data management. acts in accordance with the provisions of the law.
personal data obtained by the Data Controller in the course of data management can only be seen by those persons who have a working relationship with the Data Controller and who have a task in relation to the given data management.
ensures that the regulations in force at all times are continuously accessible to the person concerned, thus enforcing the principle of transparency.
the website treats visitors' personal data confidentially in accordance with the applicable legal regulations, ensures their security, takes technical and organizational measures, and develops procedural rules in order to fully comply with the principles of data protection.
handles the personal data of the players playing at Időcsapda confidentially, in accordance with the applicable legal regulations, ensures their security, takes technical and organizational measures, and develops procedural rules in order to fully comply with the principles of data protection.
in order to preserve the data managed by it, it takes and ensures all IT and other measures related to data storage, processing and data transmission that promote secure data management.
in the manner expected of him, he will do everything in order to protect the personal data he manages against unauthorized access, change, disclosure, deletion, damage, destruction, and to guarantee the necessary technical conditions.
does not check the personal data provided to him, and disclaims responsibility for their correctness.
transfer personal data to third parties only exceptionally and in that case, and connect the database it manages with another data controller only if the data subject consents to it or if the law allows it, and if the conditions of data management for each individual personal data
operates exclusively in Hungary, does not belong to a multinational company group, therefore it is not necessary to introduce and operate mandatory organizational regulations.
keeps a register for the purpose of monitoring the measures related to the data protection incident and for informing the data subject, which includes the scope of personal data concerned, the scope and number of those affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, as well as in the legislation prescribing data management specified other data.
The Data Controller excludes responsibility for the legality of the data management of a contractual partner with a legal relationship with the Data Controller.
By applying appropriate security measures, in order to protect the personal data stored in automated data files, the Data Controller ensures that accidental or unlawful destruction or accidental loss, as well as unlawful access, alteration or distribution are prevented.
SCOPE OF ACTIVITIES AND DATA AFFECTED BY DATA MANAGEMENT
VI.1 Use of services
As part of the provision of services, the management of all data related to the data subject is based on voluntary consent, and its purpose is to ensure the provision of the service and to maintain contact. With the exceptions included in each subsection, the Data Controller keeps the personal data contained in this point for a period of time in accordance with the applicable tax law and accounting regulations, and deletes them after the deadline.
For some services, it is possible to enter additional data that helps to fully understand the needs of the Guest, but these are not conditions for using the services.
In the event of a reservation, the Data Controller requests/can request the provision of the following data from the Guest:
Number of players*
Data marked with * must be filled in.
Booking is voluntary.
The activity and process involved in data management are as follows:
After consultation, the Data Controller stores the data on the Google Drive interface for a period of time in accordance with the legal requirements. Google data protection: https://policies.google.com/privacy
The data sent to the Data Controller are handled by the Data Controller's employees working in a position authorized for this purpose.
VI.3 Booking through a booking engine
During the reservation on the http://foglalas.idocsapda.hu website, the Data Controller requests/may request the following data from the Guest:
Number of players*
Data marked with * are mandatory.
The activity and process involved in data management are as follows:
If the data subject makes a reservation and informs the Data Controller about this orally or in writing, the Data Controller will take the steps related to the reservation.
On the part of the Data Controller, its administrators working with it enter the data provided by the data subject into the booking interface.
VI.4 Gift voucher
Time trap allows the Guest to purchase different gift vouchers, which can be used for their service in the given value.
Ordering and using the gift voucher is voluntary.
Ordering the gift voucher and the range of data affected by data management: The person concerned can order the voucher in the amount specified by him in person at Időcsapda, or by phone, in his e-mail to firstname.lastname@example.org, or on the website https://idocsapda.hu/ajandekutalvany in addition to specifying: In the case of a personal order:
Which track do you choose*
Name of recipient*
Data marked with * are mandatory.
The data controller issues an invoice for the amount of the agreed and ordered voucher and, after receiving the amount, issues a serially numbered voucher and delivers it to the specified address.
The Data Controller stores the provided personal data in a separate data file, separately from other data provided. This data file can only be accessed by authorized employees of the Data Controller.
The employee does not forward individual data or the entire data set to third parties and takes all security measures to ensure that unauthorized persons cannot access them.
The Data Controller stores the data for a period of time in accordance with current tax law and accounting regulations, and deletes them after such a deadline.
The Data Controller provides more information about the data management related to the Gift Voucher to the e-mail address email@example.com. Deletion from the data file can also be requested here.
VI.12 Facebook page
The Data Controller and the services operated by the Data Controller are available on the Facebook social portal.
The purpose of data management is to share the content on the website. With the help of the Facebook page, the Guest can find out about the latest promotions.
By clicking on the "like" link on the Facebook page of the Data Controller, the data subject consents to the Data
to publish operator news and offers on your own message wall.
Data manager also publishes pictures/videos about various current events on his Facebook page. If it is not a mass recording, the Data Controller will ask for the written consent of the data subject before publishing the images.
VI.13 Website visit data
References and links
1/1. The Data Controller's website may also contain links that are not operated by the Data Controller and are only for the information of visitors. The Data Controller has no influence on the content and security of the websites operated by the partner companies, so it is not responsible for them.
What cookies do I use? To find out more about what cookies your browser uses, please visit one of the following websites corresponding to your browser:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Windows Internet Explorer: http://support.microsoft.com/kb/196955
If you use a mobile device, you can find information on the following pages:
Blackberry: http://docs.blackberry.com/en/smartphone_users/deliverables/3200 /Turn_off_cookies_in_the_browser_60_1072866_11.jsp
Safari iOS: http://support.apple.com/kb/PH5042
Anchor Using Google Adwords Conversion Tracking
The data controller uses the online advertising program called "Google AdWords", and also uses Google's conversion tracking service within its framework. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google")
When a User accesses a website through a Google ad, a cookie required for conversion tracking is placed on their computer. The validity of these cookies is limited and they do not contain any personal data, so the User cannot be identified by them.
When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User has clicked on the ad.
Each Google AdWords customer receives a different cookie, so they cannot be tracked through the websites of AdWords customers.
The information - obtained with the help of conversion tracking cookies - serves the purpose of creating conversion statistics for customers who choose AdWords conversion tracking. In this way, clients are informed about the number of users who click on their ad and are redirected to a page with a conversion tracking tag. However, they do not get access to information that could identify any user.
If you do not want to participate in conversion tracking, you can refuse this by disabling the installation of cookies in your browser. After that, you will not be included in the conversion tracking statistics.
Anchor Data processing in order to provide the Google Adwords service
The fact of the data processing, the scope of the processed data: E-mail address, which is encrypted and pseudonymized during the service, so that their personal data character is lost. More information: https://support.google.com/adwords/answer/6334160
Scope of stakeholders: All stakeholders registered on the website.
Purpose of data processing: Publishing targeted Google ads to users.
Duration of data processing, deadline for deletion of data: Data processing lasts until the consent statement is revoked.
The person of the possible data processors entitled to access the data: Data that is no longer classified as personal data can be handled by the data processor's employees, in compliance with the above principles.
The affected person can initiate the following ways to prevent their personal data from being forwarded to the data processor:
by post 1075 Budapest Kazinczy u. 10
by e-mail at the e-mail address firstname.lastname@example.org.
by phone at +36 20 311 9471.
legal basis: voluntary consent of the person concerned, Infotv. Paragraph (1) of § 5.
Anchor The application of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User.
The information created by cookies related to the website used by the User is usually sent to and stored on one of Google's servers in the USA. By activating IP anonymization on the website, Google shortens the User's IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.
The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.
Within the scope of Google Analytics, the IP address transmitted by the User's browser is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the User's website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=en
VII DATA PROCESSING RELATED TO NEWSLETTER SUBSCRIPTION
Our company keeps in touch with its guests by means of a newsletter, to whom it recommends its services, and informs about news and special offers related to its operation.
Controller of personal data: Pragmatika Szolgáltató Bt. 1075 Budapest Kazinczy Utca 10.
Purpose of data management: maintaining contact with potential guests
Legal basis for data management: the consent of the data subject - Article 6 (1) point a) GDPR.
Designation of legitimate interest: maintaining and developing business relationships with partners and guests
The range of personal data processed: name, e-mail address, date of birth, who you played with, which field you played on
Duration of data management: our company manages e-mail addresses until you unsubscribe from the newsletter.
Use of a data processor: our company uses the help of the IT service provider that sends the online newsletter as follows.
Data processor name Description of data processor task
The Rocket Science Group LLC Newsletter Database Storage
By accepting this data management information, the data subject gives his express consent to the Data Processor using additional data processors in order to make the service more convenient and customized as follows:
Possible consequences of not providing data: The person concerned will not receive a newsletter from our company.
The rights of the data subject: the data subject (the person whose personal data is managed by our company)
you can request access to your personal data,
you can request their correction,
you can request their deletion,
you can apply to restrict the processing of personal data if the conditions set out in Article 18 of the GDPR exist (that is, that our company does not delete or destroy the data until a court or authority is consulted, but for a maximum of thirty days, and does not process the data for any other purpose beyond that) ,
can object to the processing of personal data,
you can exercise your right to data portability. Pursuant to the latter right, the data subject is entitled to receive his/her personal data in word or excel format, and is also entitled to have this data forwarded to another data controller by our company upon request.
You can unsubscribe from the newsletter at any time by sending a letter to our company at email@example.com or by clicking on the unsubscribe icon in the newsletter. In this case, we will immediately delete your e-mail address from our database.
Other information related to data management: our company takes all necessary technical and organizational measures to avoid a possible data protection incident (e.g. damage, disappearance of files containing personal data, access to unauthorized persons). In the event of an incident that still occurs, we keep a register for the purpose of checking the necessary measures and informing the person concerned, which includes the range of personal data concerned, the range and number of people affected by the data protection incident, the date, circumstances, effects of the data protection incident and the measures taken to prevent it, and
int the other data specified in the law that prescribes data management.
Our company undertakes to obligatorily apply the data protection and data management guarantees required by the data processor contract in the event of the use of an additional data processor, and in view of this, we also ensure the legal processing of personal data in the case of the data processor.
VIII. STORAGE OF PERSONAL DATA, INFORMATION SECURITY
Personal data only in VI. in accordance with the activities according to chapter, it can be handled according to the purpose of the data management.
The purpose of data management: establishing contact and maintaining contact with the data subject, marketing, increasing the level of service that fits the profile of the Data Controller, market research and survey of consumer habits.
Legal basis for data management: voluntary consent of the data subject based on prior information from the Data Controller.
Duration of data management: up to 15 working days from the termination of the customer relationship, if they do not need to be used to enforce the rights and obligations arising from the customer relationship, or until the data subject's request is deleted or until the permission to process their data is revoked.
It is possible to modify and delete personal data, withdraw voluntary consent, and request information about the handling of personal data by sending a notification to firstname.lastname@example.orgérhetözés.
The Data Controller ensures the IT environment used for the management of personal data during the provision of the service in such a way that it connects the personal data provided by the data subject only and exclusively with the data and in the manner specified in these regulations, and ensures that the personal data is accessed only by employees of the Data Controller to whom this is absolutely necessary for the performance of their duties arising from their job duties, all changes to the data will be made by indicating the date of the change.
Incorrect data will be deleted within 24 hours based on the request of the data subject.
The data is backed up.
The Data Controller provides the required level of protection during the processing of the data - especially their storage, correction, deletion - when requesting information or protesting.
Data transmission takes place with the consent of the data subject, without prejudice to his interests, confidentially, with the provision of a fully adequate IT system, and in compliance with the purpose, legal basis and principles of data management. The Data Controller will not forward the data subject's personal data or make them available to third parties without their consent, unless this is required by law.
The other data concerned, which cannot be linked directly or indirectly, and cannot be identified - hereafter anonymous - are not considered personal data.
VIII. LEGAL REMEDIES
The person concerned can request information about the management of his personal data, as well as request the correction of his personal data, or - with the exception of data management mandated by law - the deletion or blocking of his personal data at the email address email@example.com, or within the scope of certain activities involved in data management, according to what is recorded there.
At the request of the data subject, the Data Controller provides information on the data it handles, the purpose, legal basis, duration of data processing, data processor data, if a data processor has been used, the circumstances and effects of the data protection incident and the measures taken to prevent it, and - in the case of forwarding the personal data of the data subject - the the legal basis, purpose and recipient of data transfer.
The Data Controller corrects or deletes inaccurate personal data if:
handling is illegal;
the data subject requests;
c. is incomplete or incorrect - and this state cannot be legally remedied - provided that deletion is not precluded by law;
d. the purpose of data management has ceased, or the statutory period for data storage has expired;
e. it was ordered by the court or the National Data Protection and Freedom of Information Authority.
The Data Controller will notify the data subject of the correction and deletion, as well as all those to whom the data was previously transmitted for the purpose of data management. The notification can be omitted if this does not harm the legitimate interests of the data subject in view of the purpose of the data management.
The data subject may object to the processing of his personal data if
the processing (forwarding) of personal data is necessary only to enforce the rights or legitimate interests of the data controller or the data recipient, except in the case of mandatory data processing;
personal data is used or forwarded for the purpose of direct business acquisition, public opinion polls or scientific research;
c. the exercise of the right to protest is otherwise permitted by law.
The Data Controller - with the simultaneous suspension of data management - examines the objection as soon as possible from the submission of the request, but no later than 15 working days, and reports on the result
informs the applicant in writing. If the applicant's objection is well-founded, the Data Controller shall terminate the data management, including further data collection and transmission, and block the data, and shall notify all those to whom the personal data affected by the objection was previously transmitted of the objection and the measures taken based on it, and who are obliged to take measures to enforce the right to protest.
If the person concerned does not agree with the Data Controller's decision, or if the Data Controller misses the deadline referred to in point 6, he has the right to appeal to the court within 30 days of its notification.
Legal enforcement: The data subject can go to court in the event of a violation of his rights. The court acts out of sequence in the case. The Data Controller is obliged to prove that the data management complies with the provisions of the law.
In the event of a violation of your right to self-determination of information, you can file a report or complaint with the National Data Protection and Freedom of Information Authority and the Court.
These Regulations enter into force on September 1, 2018.
Budapest, September 1, 2018.
Time Trap Team