About | Pántya Ágnes

Privacy Policy

This document is on the website operated by Pántya Kft. As a data controller ( https://pantyaagnes.com/ ).

Please read the information below carefully.

1. PURPOSE OF THIS DOCUMENT

Pántya Kft. A https://pantyaagnes.com/ During the operation of the informative website (hereinafter: the Website), the Visitor of the Website handles the personal data of the data subjects (hereinafter: the Data Subject, the User) in accordance with Act CXII of 2011 on the right to information self-determination and freedom of information. (hereinafter: the Information Act) and the General Data Protection Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: the Regulation, GDPR).

The purpose of this Data Management and Privacy Policy is to inform you (as the Customer of the Data Controller, your prospective customer or other Data Subject) before the data controller starts processing the data that the Data Controller why and what you use your personal information and what rights you have and how you can exercise it

2. GENERAL PROVISIONS ON THE HANDLING OF PERSONAL DATA

For a description of the most important terms used in data management, see Section 1. contained in Annex.

The data controller: The controller of the data published on the Website is Pántya Kft., As the data controller (hereinafter: Data Controller):

Registered office of the controller:

4030 Debrecen, Vécsey u. 24.

Company registration number of the data controller:

09-09-000542

E-mail address:

agnes.pantya@gmail.com

Phone number:

+36 30 285 7425

The Data Subject: The Data Controller informs you that if the Data Controller handles personal data on the basis of which you are or can be identified by the Data Controller (regardless of the purpose, legal basis and duration of the personal data processing), you are considered a Data Subject. Accordingly, you are entitled to the applicable data protection laws, in particular the GDPR and the Info. rights related to the processing and protection of personal data contained in the TV.

The Data Controller shall keep a register of data protection incidents and, if required by law, the Data Controller shall inform the Data Subject and the National Data Protection and Freedom of Information Authority (hereinafter: the National Data Protection and Freedom of Information Authority) of the occurrence of the data protection incident.

It is important to emphasize that the Data Controller handles each data for a legitimate purpose, each data is linked to a specific, at least one data management process. The goal must be fair and legitimate.

Personal data must be suitable and relevant for the purpose of their processing, and the Data Controller shall limit the scope of the data to the minimum necessary for that purpose.

Only the required amount of data can be collected or processed, so the data is expected to be relevant to the purpose of the data processing. It follows from this principle that it is “unnecessary”, without purpose, or Data processed without legal authorization is deleted by the Data Controller or deprived of their personal data (anonymised), as well as the fact that the Data Controller handles only data that is absolutely necessary to achieve the purpose of data management. Data cannot be accumulated.

If the Data Controller is obliged to delete personal data, it shall comply with this obligation to delete by actual, permanent and irreversible deletion / anonymisation, and shall also arrange for the complete destruction of any documents that may be destroyed pursuant to the obligation to delete.

The Data Controller may lawfully process data only for the period required by law to achieve the purpose, which is limited in terms of the duration of data processing. It follows from this principle that in the absence of an express legal requirement, the Data Controller is obliged to delete / anonymize the personal data at his / her disposal after a certain period of time. The data retention period is specified by the Data Controller below with regard to the relevant legislation.

The Data Controller informs the Data Subject that the data processing period of the Data Controller by the Data Controller will be extended (with the processing time of the personal data below; or the remaining time) if litigation, criminal proceedings or a receivables management procedure or other procedure is in progress, during which the processing of personal data by the Data Controller is necessary for the enforcement of its legal claim / fulfillment of the Data Controller's legal obligation.

If the Data Controller handles special data, it handles it in the minimum possible amount, subject to the strictest possible rules, minimizing the processing time and access to the data. It shall draw the data subject's attention to such data processing, if possible or reasonable.

If the personal data comes from you as a Data Subject, the registration forms by which your personal data has been processed by the Data Controller contain the types of personal data about you processed by the Data Controller.

The Data Controller will process your personal data in accordance with the applicable data protection legislation and the requirements of the NAIH, as defined in this Prospectus, and in compliance with the principles of personal data processing:

in a fair and transparent manner;
using personal data collected for a clear and legitimate purpose;
by processing data that are appropriate, relevant and necessary for the purpose of the processing of personal data (in accordance with the principle of data protection);
accurately and up-to-date as permitted by law;
in accordance with the principle of limited storage capacity;
applying technical measures to ensure adequate protection of personal data against unauthorized or unlawful processing, accidental loss, destruction or damage to personal data (based on the principles of integrity and confidentiality);
in accordance with the principles of default and built-in data protection and accountability.

The Data Controller ensures the exercise of your rights related to the processing of your personal data as a Data Subject.

The Data Controller handles his / her personal data only on the basis of the following legal bases in accordance with the applicable data protection legislation:

if the processing of your personal data is based on the fulfillment of a legal obligation to the Data Controller established by EU or Hungarian law; obsession
if the processing of your personal data is necessary to protect the vital interests of you or another natural person; obsession
if the processing of your personal data is necessary to protect the legitimate interests of the Data Controller or a third party, unless those interests take precedence over your interests or fundamental rights and freedoms that require the protection of your personal data, in particular if the Child concerned (legitimate interest as a legal basis for the processing of personal data)
if you have voluntarily given your specific, prior informed and unambiguous consent to the processing of your personal data by the Data Controller by one or more specific purposes (such as a written, electronic or appropriate oral statement); obsession
the processing of your personal data is necessary for the conclusion of a contract between the Data Controller or the Data Controller's agent and you, ie for the processing of personal data for the purpose of concluding a contract, in which you, as a Data Subject, are one of the Parties.

If your personal data is processed by the Data Controller, you have the following rights in connection with the processing of your personal data:

3. RIGHTS CONCERNED

Right to information and access

Upon the data subject's request, the Data Controller shall provide information on the data processed by him / her, their source, the purpose, legal basis, duration of the data processing, the circumstances of the possible data protection incident, its effects and measures taken to prevent it, and recipient.

The Data Controller shall provide the information in writing or at the request of the Data Subject in writing or, if the Data Subject has submitted the request electronically, electronically, as soon as possible after the submission of the request, but not later than within 25 days.

The information according to this section is free of charge, provided that the person requesting the information has not yet submitted an information request to the Data Controller regarding the same data set in the current year. In other cases, the Data Controller will request a fee for the information it provides.

In order to enforce the right of access, the Data Controller shall, upon request, inform the Data Controller thereof on the basis of a legal authorization:

whether your personal data is processed by the Data Controller himself or by a data processor acting on his or her behalf or on his or her behalf
or, if the data subject's personal data are processed by the Data Controller or a data processor acting on its behalf or at its disposal, the Data Controller shall make the data subject's personal data processed by him or her and on his or her behalf or at his or her disposal available to the Data Subject.
- the source of the personal data processed,
- the purpose and legal basis of the data processing,
- the scope of personal data processed,
- in the case of transfers of processed personal data, the scope of the recipients of the transfer,
- the period of retention of the personal data processed, the criteria for determining this period,
- a description of the data subject 's legal rights and how to exercise them; and
- the circumstances of the occurrence of data protection incidents related to the processing of the data subject's personal data, their effects and the measures taken to deal with them.

The Data Controller may restrict or refuse the exercise of the data subject's right of access and information in proportion to the intended purpose, if this measure is absolutely necessary (for the efficient and effective conduct of investigations or proceedings, such as criminal proceedings).

Right of rectification

The Data Controller shall correct the personal data in accordance with the legal authorization, if the personal data is inaccurate, incorrect or incomplete, if it is compatible with the purpose of data processing and the relevant legislation, the Info. as defined on TV.

Right to restrict data processing

The Data Controller restricts the processing of personal data if the Data Subject so requests, if permitted by law and if the Info. TV. according to its detailed rules.

Right of cancellation

The Data Controller shall provide the Data Subject with the possibility to delete the data without undue delay upon written request, if one of the following reasons exists in particular, but primarily taking into account that the Data Controller may not delete the Data Subject's data if further processing is required by law:

§ personal data is no longer required for the purpose for which they were collected or otherwise processed, or the deadline has expired in accordance with the law or the Data Management Information;

§ the data subject withdraws the consent on which the data processing is based and there is no other legal basis for the data processing;

§ the Data Subject objects to the data processing and there is no overriding legitimate reason for the data processing;

§ personal data is processed unlawfully;

§ the Data Subject so requests and there is no legal impediment to the deletion and the legitimate interests of others affected by the processing of the third party;

§ the data is incorrect, inaccurate, erroneous, however, taking into account the purpose of their processing and the related legal regulations;

§ personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the Data Controller.

The Data Controller shall immediately execute the deletion of the data processed by it, if its execution is ordered by a court judgment, or the NAIH finds that the data processing is unlawful, orders the deletion of the data and the Data Controller does not appeal against this decision.

Right to withdraw consent

If the legal basis for the processing of your personal data by the Data Controller is your consent, you may revoke your consent to the processing of the data. The Data Controller may continue to process your personal data for the purpose of fulfilling its legal obligation or enforcing its legitimate interests, even after the revocation of your consent, if the enforcement of the interest is proportionate to the restriction of the right to the protection of personal data.

Right to data portability

You have the right to request the Data Controller to transfer this data to another data controller if the data processing by the Data Controller is based on your consent or a contract concluded with the Data Controller in which you are one of the contracting parties and authorized by law.

Right to protest

You have the right to object to the processing of your personal data by the Data Controller with a legitimate interest or to the processing of your personal data for reasons related to your own situation in the cases specified in the GDPR.

Remedies, Right to apply to the Authority

In the event of a violation or imminent threat of a violation of your personal data in connection with the processing of your personal data, the National Data Protection and Freedom of Information Authority (abbreviated as NAIH; registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c., Postal address: 1534 Budapest, Pf .: 843, website: www.naih.hu , phone: +36 (1) 3911400 , fax: +36 (1) 3911410 , central email address: ugyfelszolgalat@naih.hu ) or go to court. In data management disputes, the competent court can be found at the following link: http://birosag.hu/ugyfelkonnectati-portal/illetekessegkereso

The Data Controller shall comply with / respond to requests related to the processing of personal data without undue delay, but no later than within 25 days from the submission of the request.

The Data Controller ensures that the data cannot be accessed by unauthorized persons, and appropriate protection measures are required against accidental data loss, unauthorized acquisition, destruction or damage.

The Data Controller shall endeavor to carry out its data management activities in such a way as to ensure the adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage to the data, by applying appropriate technical measures throughout the data processing.

Accordingly, the Data Controller or a natural or legal person with a contractual or other relationship with the Data Controller, or an organization without legal personality, shall ensure the security of the data in the manner expected of it and shall take all necessary technical and organizational measures. - thus, inter alia, establishing the procedural rules strictly necessary to ensure that the data security provisions contained in the legislation and in the rules on data protection, confidentiality and information security are enforced as far as possible.

The Data Controller does not use automated decision making or profile creation.

4. DATA MANAGEMENTS ON THE INFORMATION WEBSITE

The Data Controller hereby informs the User that when downloading certain parts of the website, the web server automatically delivers small data files, so-called places cookies ("Cookies", "Cookies") on the User's Device and then reads them back on a subsequent visit. In some cases, these data files are included in the Infotv. or according to the GDPR, as the browser returns a previously saved cookie, the cookie service provider has the possibility to link the User's current visit with the previous ones, but only with regard to its own content.

During its use, the website places a cookie called PHPSESSID on its user device, which is essential for its operation, in order to be able to identify the login user's session until it logs out and thus protect its user data. If you do not allow the acceptance of any cookies in your browser, including PHPSESSID, you will not be able to use the website. This cookie therefore does not require the user's consent.

In addition, the Data Controller uses Google Analytics to collect statistics, which places cookies in your Browser and thus sends data to the Data Controller about what you have visited on the Site. These cookies do not store personal information, they are used to track what the person did on the website. The placement of these cookies is based on the user's consent, so they will only be placed in possession of this consent, which is given by clicking on the OK button in the pop-up window.

The purpose of data management: to identify and differentiate users, to identify the users' sessions, to store the data provided during it, to prevent data loss, to identify users, to perform web analytical measurements, to operate the Website properly and to enhance the user experience.

The legal basis of the data management: the consent of the data subject, which the User gives by clicking on the OK button on the pop-up cookie alert, based on the relevant information contained in this prospectus. (Pursuant to Section 5 (1) (a) of the Information Act and Section 6 (1) (a) of the GDPR)

The scope of the managed data: identification number, date, time, and the previously visited page.

Purpose of use of each cookie, retention period:

The type of cookie

The purpose of using the cookie

Duration of cookie retention

Whether the data subject's consent is required

Google Analytics (_ga, _gat and _gid cookies)

The Website uses the Google Analytics Tool to gather information and perform analytics about how a User accesses and uses the Website. This information will help you to improve the Website. The collection of data - including the number of users of the Website, the fact that the User came to the Website and which pages he visited through the Website - takes place in an anonymous form. The collected data cannot be traced back to the User. Learn more about Google's privacy policy here.

On Google Analytics. first partycookies are created when a user visits the website because the Google Analytics tracking code has been installed on our portal. ACookies will be stored on the User Device for up to 2 years from the date indicated above. Click here for more information.

Yes, clicking on the I consent button will consent to the placement of the cookie.

Session ID (cookie named PHPSESSID)

The Session Cookie will allow the User to Recognize the User Tomorrow, so that the User does not have to re-enter the data already entered.

The information is stored until the end of the current session. A session is the duration of a visit to the WebsiteUser. At the end of the session, the collected data will no longer be available.

No, the placement of the cookie does not require your consent.

The User may accept or reject the use of Cookies on a case-by-case basis, or may refuse the use of all Cookies by setting the browser accordingly. More information on how to do this and on Cookies can be found at: https://www.youronlinechoices.eu/ . If the User chooses to disable cookies, he / she will have limited access to certain pages of the Website, and certain features or services of the Website may not work properly.

Place of data management: at the operator of the data processor 's website, at ... XY. Ltd.

Method of data storage: electronic

Data transfer: no data transfer.

Data processors: the following data processor is used during data management:

Name:

Headquarters:

Cg .:

Its data processing activities:

website operation

Possible consequences of non-provision of data: incomplete use of the website's services, inaccuracy of analytical measurements

Contact

If the data subject wishes to contact the Data Controller, he / she may do so via the contact details specified in Section 2 of this prospectus, which contain the data of the Data Controller.

The Data Controller reserves the right to unilaterally amend this document at any time.

Ownership of Information

We declare that Pántya Kft. Owns the information shown on the website. The content and design of www.pantyaagnes.com are protected by international and Hungarian law. The sale, alteration and republishing of information from us in any form is prohibited. We reserve all further rights to the published material and, if necessary, enforce it in court.

No. 1 Annex

Key terms used in data management

Data processing: the totality of data processing operations performed by a data processor acting on behalf of or at the request of the Data Controller;

data processor: a natural or legal person or an organization without legal personality who, within the framework and under the conditions specified by law or a binding act of the European Union, processes personal data on behalf of or at the request of the Data Controller;

data management: any operation or set of operations on data, regardless of the procedure used, in particular the collection, recording, recording, systematisation, storage, alteration, use, interrogation, disclosure, coordination or aggregation, blocking, erasure and destruction of data, and prevent further use of the data, take photographs, sound or images and record physical characteristics (eg fingerprints or palm prints, DNA samples, irises) that can be used to identify the person; data controller: a natural or legal person or an organization without legal personality who, within the framework set by law or a binding act of the European Union, determines the purpose of data processing, independently or together with others, for data processing (including the means used) make and implement relevant decisions or execute with the data controller;

informant: the body performing a public task which, if the data controller does not publish the data itself, publishes the data provided to it by the data controller on a website;

data destruction: the complete physical destruction of the data carrier;

data transfer: making the data available to a specific third party;

data erasure: making the data unrecognizable in such a way that it is no longer possible to recover it;

data protection incident: a breach of data security which results in the accidental or unlawful destruction, loss, alteration, unauthorized transmission or disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled;

data processing restriction: blocking of stored data by marking it to restrict further processing of the data;

pseudonymisation: the processing of personal data in such a way that, without the use of additional information stored separately from the personal data, it is not possible to determine to whom the personal data relate and by taking technical and organizational measures to ensure that it cannot be linked to an identified or identifiable natural person ;

anonymisation: the deprivation of data of a personal nature so that their contact with the data subject can no longer be re-established by the controller;

biometric data: any personal data obtained by specific technical procedures relating to the physical, physiological or behavioral characteristics of a natural person, which allow or confirm the unique identification of the natural person, such as facial image or dactyloscopic data;

criminal personal data: personal data generated during or before criminal proceedings in connection with a criminal offense or criminal proceedings, at bodies authorized to conduct criminal proceedings or to detect criminal offenses, as well as at the organization of the execution of a sentence;

recipient: the natural or legal person or organization without legal personality to whom personal data are made available by the Data Controller or the Processor;

data subject: any natural person identified or identifiable on the basis of any information;

third party: a natural or legal person or an organization without legal personality who is not the same as the Data Subject, the Data Controller, the Data Processor or persons who carry out the processing of personal data under the direct control of the Data Controller or Data Processor;

consent: a voluntary, unambiguous statement of the data subject's intention, based on appropriate and informed information, by which the data subject indicates, by means of a statement or other conduct unequivocally expressing his or her will, that he or she consents to the processing of personal data concerning him or her;

special data: all data belonging to special categories of personal data, ie personal data referring to racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data for the unique identification of natural persons, health data and personal data relating to the sexual life or sexual orientation of natural persons;

disclosure: making data available to anyone;

personal data: any information about the Data Subject;

confidentiality: the feature of data that is accessible only to a predetermined group of natural persons (rightholders) is a secret for everyone else. The loss of confidentiality is called disclosure, in which case the confidential information becomes known and accessible to unauthorized persons;

client: a natural or legal person, other organization whose rights or legitimate interests are directly affected by the matter, for whom the official register contains data, or who has been placed under official control. A law or government decree may specify the range of persons and entities that qualify as a customer by operation of law.