Privacy Policy

Table of contents

1. Purpose of the data management information
2. Data of the controller

2.1 Data Protection Officer

3. Scope of personal data processed

3.1. Technical data

3.2 Cookies

3.2.1 The function of cookies

3.2.2 Strictly Necessary Session Cookies

3.2.3. Third-party cookies (analytics)

3.2.4. List of cookies on the data controller's websites

4 General data management policies, name, use, legal basis and retention period

4.1 Online ordering data

4.2 Data related to online administration

4.3 Telephone administration data

4.4 Newsletter / eDM related data

4.5 Customer contact information

4.6 Invoicing data

4.7 Personal data to be provided during registration

5 Physical storage locations of data

6 Data transfer, data processing, the circle of people who know the data

6.1 Transfer to a third country

7 Rights and enforcement possibilities of the data subject

7.1 Right to information

7.2 Right of access of the data subject

7.3 Right of rectification

7.4 Right to erasure

7.5 Right to restrict data processing

7.6 Right to data portability

7.7 Right to object

7.8 Automated decision-making in individual cases, including profiling

7.9 Right of withdrawal

7.10 Right to go to court

8 Other provisions

1. PURPOSE OF THE DATA MANAGEMENT INFORMATION

Foundation for More Lives (address: 1111 Budapest, Budafoki út 17. C. lph. 1.em./7., hereinafter referred to as the service provider, data controller) as data controller, acknowledges that it is bound by the content of this legal notice.

It undertakes that all data processing related to its activities complies with the requirements set out in this Policy and in the national legislation in force, as well as in european union acts.

The privacy policy related to the data management of the Data Controller is continuously available at the imadsaghaza.org address.

The Data Controller reserves the right to change this notice at any time. Of course, you will inform your audience in due time of any changes.

If you have any questions about this communication, please write and we will answer your question.

The Data Controller is committed to the protection of the personal data of its clients and partners, and considers it of the utmost importance to respect its clients' right to informational self-determination. The Data Controller treats personal data confidentially and takes all security, technical and organizational measures that guarantee the security of the data.

The Data Controller describes its data management practices below.

2. DATA OF THE CONTROLLER

If you would like to contact the company, you can contact the data controller at the kapcsolat@imadsaghaza.org email address.

Még Több Életért Foundation

Registered office: 1111 Budapest, Budafoki út 17. C. lph. 1.em./7.

TAX NUMBER: 19108388-1-43

Email:

2.1 DATA PROTECTION OFFICER

The Controller does not carry out any activity that would justify the appointment of a data protection officer.

3. SCOPE OF PERSONAL DATA PROCESSED

3.1. TECHNICAL DATA

The Controller selects and operates the IT tools used for the processing of personal data in the course of providing the service in such a way that the processed data:

accessible to authorised persons (availability);

authenticity and authentication are ensured (authenticity of data processing);

can be verified (data integrity);

protected against unauthorised access (confidentiality of data).

The Data Controller protects the data by appropriate measures against unauthorized access, alteration, transmission, disclosure, erasure or destruction, as well as against accidental destruction.

The Data Controller ensures the protection of the security of data processing by means of technical, organizational and organizational measures that provide a level of protection appropriate to the risks associated with data processing.

The Data Controller retains confidentiality during the processing: it protects the information so that it can only be accessed by those who are entitled to it; integrity: protects the accuracy and completeness of the information and the method of processing; availability: ensures that, when the authorised user needs it, he or she can really access the information they want and have the means to do so.

3.2 COOKIES

3.2.1 THE FUNCTION OF COOKIES

Cookies collect information about visitors and their devices; note the individual preferences of visitors, which are used(s) e.g. when using online transactions, so that they do not have to be re-typed; facilitate the use of the website; quality user experience.

In order to provide customized service, the user places a small data package, called a cookie, on his computer and reads it back during the subsequent visit. If the browser returns a previously saved cookie, the service provider handling the cookie has the possibility to link the user's current visit with the previous one, but only with respect to its own content.

3.2.2 STRICTLY NECESSARY SESSION COOKIES

The purpose of these cookies is to allow visitors to browse the imadsaghaza.org's website fully and smoothly, to use its functions and the services available therein. This type of cookie has a validity period until the end of the session (browsing), when you close your browser, this type of cookies is automatically deleted from your computer or other device used for browsing.

3.2.3. THIRD-PARTY COOKIES (ANALYTICS)

Google Analytics also uses third-party cookies on its website imadsaghaza.org. By using google analytics for statistical purposes, imadsaghaza.org collect information about how visitors use websites. It uses the data for the purpose of improving the website and improving the user experience. These cookies also remain on the visitor's computer or other device used for browsing, in their browser, until they expire, or until the visitor deletes them.

3.2.4. LIST OF COOKIES ON THE DATA CONTROLLER'S WEBSITES

4 GENERAL DATA MANAGEMENT POLICIES, NAME, USE, LEGAL BASIS AND RETENTION PERIOD

The data processing of the data controller's activities is based on voluntary consent or legal authorization. In the case of data processing based on voluntary consent, the data subjects may withdraw their consent at any stage of the processing.

In some cases, the processing, storage and transmission of a set of data provided is mandatory by law, about which we inform our clients separately. We would like to draw the attention of the data providers to the Data Controller that if they do not provide their own personal data, the data provider is obliged to obtain the consent of the data subject. Its data management principles are in accordance with the applicable data protection legislation, in particular Act CXII of 2011 on the right to informational self-determination and freedom of information (Infotv.);

Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation, GDPR); Act V of 2013 on the Civil Code (Civil Code); Act C of 2000 on Accounting (Nov. tv.); Act LIII of 2017 on the Prevention and Prevention of Money Laundering and Terrorist Financing (Pmt.); Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises (Hpt.).

The data controller has prepared data maps, on this basis the scope of the data processed, their use, legal basis and retention period have been determined.

4.1 ONLINE ORDERING DATA

It is possible to order services through the website, the personal data required during the ordering process:

Name (required field)

Email address (required field)

Phone number (optional field, optionally fillable, to initiate a callback)

For certain services, such as website maintenance, additional personal data may be transferred.

Purpose of data processing, intended use of the processed data: The data will be used to fulfill the order.

The legal basis for data processing is a contractual order.

Retention period: the duration of a business relationship or a request for cancellation.

4.2 DATA RELATED TO ONLINE ADMINISTRATION

Personal data retrieved during the contact:

Name (required field)

Email address (required field)

Phone number (optional field, optionally fillable, to initiate a callback)

Purpose of data processing, intended use of the processed data: The data will be used for contacting and fulfilling the order.

The legal basis for data processing is voluntary consent.

Retention period: the duration of a business relationship or a request for cancellation.

4.3 TELEPHONE ADMINISTRATION DATA

Personal data retrieved during the contact:

Name (required field)

Phone number (optional field, optionally fillable, to initiate a callback)

Intended use of the processed data: The data will be used to contact you and fulfill your order.

Purpose of data processing, intended use of the processed data: The data will be used for contacting and fulfilling the order.

The legal basis for data processing is voluntary consent.

Retention period: the duration of a business relationship or a request for cancellation.

4.4 NEWSLETTER / EDM RELATED DATA

Personal data obtained during the newsletter subscription:

Name (required field)

Email address (required field)

The newsletter is available after learning about and accepting the data management policy. The privacy policy is adopted by accepting an unfilled mandatory check box.

After signing up, the subscriber will receive an email informing them about the subscription, which must be confirmed, and the subscription will take effect thereafter.

In all related processes, the client still has the possibility to unsubscribe, the possibility of unsubscribing is included in the form of a link, it is easily accessible by clicking on one.

Since the newsletter contains the name of the business and the contact details of its website, it is considered advertising, eDM.

Purpose of data processing, intended use of the processed data: The data are used for sending newsletters containing advertising. The news article contains the address of the website, so it is already considered advertising.

The legal basis for data processing is voluntary consent.

Retention period: until unsubscribing.

4.5 CUSTOMER CONTACT INFORMATION

I store the following personal data and contact details of the managers and contact persons of the clients:

Name

Email address

Telephone number

Purpose of data processing, intended use of the processed data: The data are used for contact and contact purposes.

The legal basis for data processing is a legitimate interest.

Retention period: the duration of a business relationship or a request for cancellation.

4.6 INVOICING DATA

The Data Controller concludes a contract with its clients about the services ordered, during which it stores the following data:

Name

Email address

Address

Purpose of data processing, intended use of the processed data: invoicing.

Legal basis for data processing: legal requirement.

Retention period: statutory reference year + 5 years

4.7 PERSONAL DATA TO BE PROVIDED DURING REGISTRATION

There is no registration option on the imadsaghaza.org pages.

5 PHYSICAL STORAGE LOCATIONS OF DATA

Your personal data (i.e. data that may be related to you) may be processed in the following way:

on the one hand, in connection with the maintenance of the Internet connection, technical data related to the computer, browser, internet address and pages visited are automatically generated in our computer system,

on the other hand, you may provide your name, contact details or other information if you wish to contact us in person when using the website. Data technically recorded during the operation of the system: data of the data subject's log-in computer recorded by the imadsaghaza.org systems as an automatic result of technical processes.

The data to be automatically recorded will be automatically logged at the time of entry or exit without a separate statement or action by the data subject.

This data may not be linked to other personal user data, except in cases required by law. Only imadsaghaza.org have access to the data.

6 DATA TRANSFER, PROCESSING, CIRCLE OF PEOPLE WHO KNOW THE DATA

In the framework of its business activities, the Data Controller uses the following data wall workers:

Hosting service:

Scope of data known: imadsaghaza.org content of websites, emails sent to email addresses based on these domains.

Invoicing:

No billing.

Google Analytics:

Google Inc., Mountain View, California, U.S.

Scope of data obtained: the IP address of the visitors of the imadsaghaza.org website, which is anonymized and not personally identifiable.

Facebook page:

Facebook Inc.

Menlo Park, California, U.S.

Privacy Policy: https://www.facebook.com/about/privacy/update

The scope of the data we know: username, comment.

6.1 TRANSFER TO A THIRD COUNTRY

Data is transferred to the United States of America, which issued an adequacy decision on July 12, 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en).

The adequacy decision also applies to Mailchimp https://mailchimp.com/legal/privacy/, Google (https://policies.google.com/privacy/frameworks) and Facebook (https://www.facebook.com/about/privacyshield).

7 RIGHTS AND ENFORCEMENT POSSIBILITIES OF THE DATA SUBJECT

The data subject may request information on the processing of his or her personal data and may request the rectification of his or her personal data or, with the exception of mandatory data processing, erasure, revocation, exercise of his right to data portability and right of objection as indicated at the time of the data collection or at the above contact details of the controller.

7.1 RIGHT TO INFORMATION

The Controller shall take appropriate measures to provide the data subjects with all the information on the processing of personal data referred to in Articles 13 and 14 of the GDPR and each piece of information pursuant to Articles 15 to 22 and 34 in a concise, transparent, comprehensible and easily accessible form, in clear and comprehensible terms.

7.2 DATA SUBJECT'S RIGHT OF ACCESS

The data subject shall have the right to receive feedback from the controller as to whether or not his personal data are being processed and, if such processing is in progress, to have access to the personal data and the following information:

the purposes of data processing;

the categories of personal data concerned;

the categories of recipients or recipients to whom the personal data have been or will be disclosed, including in particular third-country recipients or international organisations;

the planned duration of the storage of personal data;

the right to rectification, erasure or restriction of processing and the right to object;

the right to lodge a complaint with the supervisory authority;

information on data sources;

the fact of automated decision-making, including profiling, as well as understandable information on the logic used and the significance of such processing and the likely consequences for the data subject.

The controller shall provide the information within a maximum of one month from the submission of the request.

7.3 RIGHT TO RECTIFICATION

The data subject may request the rectification of inaccurate personal data processed by the Data Controller concerning him or her and the completion of incomplete data.

7.4 RIGHT TO ERASURE

The data subject has the right to delete the personal data concerning him/her without undue delay at the request of the Data Controller for one of the following reasons: personal data are no longer needed for the purposes from which they were collected or otherwise processed; the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing; the data subject objects to the processing and there is no overriding legitimate reason for the processing; the personal data have been processed unlawfully; personal data must be deleted in order to comply with a legal obligation imposed by Union or Member State law applicable to the controller; personal data were collected in connection with the provision of information society services.

Erasure of data cannot be initiated if processing is necessary: for the purpose of exercising the right to freedom of expression and information; to fulfil an obligation under Union or Member State law applicable to the controller requiring the processing of personal data or to carry out a task carried out in the public interest or in the exercise of official authority conferred on the controller; for purposes of public health or archiving, scientific and historical research or statistical purposes, on grounds of public interest; or to bring, enforce or defend legal claims.

7.5 RIGHT TO RESTRICT DATA PROCESSING

At the request of the data subject, the Data Controller restricts the processing if one of the following conditions is met: the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the accuracy of the personal data to be verified; the processing is unlawful and the data subject opposes the erasure of the data and instead requests the restriction of their use; the controller no longer needs the personal data for the purposes of data processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or the data subject objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject.

Where processing is restricted, personal data may be processed with the consent of the data subject, with the exception of storage, or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person, or in the important public interest of the Union or of a Member State.

7.6 RIGHT TO DATA PORTABILITY

The data subject shall have the right to receive the personal data concerning him or her which he has made available to the controller in a structured, widely used, machine-readable format and to transmit such data to another controller.

7.7 RIGHT TO OBJECT

The data subject shall have the right to object at any time, for reasons relating to his or her situation, to the processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority conferred on the controller, or to the processing necessary for the enforcement of the legitimate interests of the controller or a third party, including profiling based on those provisions. In the event of a objection, the controller may no longer process the personal data unless it is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which relate to the establishment, exercise or defence of legal claims.

7.8 AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES, INCLUDING PROFILING

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which would have legal effect on him or her or similarly significantly affect him or her.

7.9 RIGHT OF WITHDRAWAL

The data subject shall have the right to withdraw his or her consent at any time.

7.10 RIGHT TO GO TO COURT

In the event of a violation of the data subject's rights, the data subject may apply to the court against the controller. The court will hear the case out of turn. 8.11 Data protection authority procedure Complaints can be lodged with the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information Registered office: 1125 Budapest, Elisabeth Szilágyi fasor 22/C. Mailing address: 1530 Budapest, Pf.: 5. Phone: 0613911400 Fax: 0613911410

E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu

8 OTHER PROVISIONS

We will provide information about data processing not listed in this notice when the data is collected. We inform our clients that the court, the public prosecutor, the investigating authority, the infringement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the National Bank of Hungary or other bodies may contact the data controller for the purposes of providing information, disclosing data, handing over data or making documents available. The Controller shall disclose personal data to the authorities only to the extent and to the extent strictly necessary for the purpose of the request, if the authority has indicated the exact purpose and scope of the data.

(This privacy notice was prepared on the recommendation of the Budapest Chamber of Commerce and Industry.)