1. Introduction
TheGreypixel Workshop Kft. (hereafter referred to as: Service Provider) as datacontroller, to record our internal data processing procedures, and to grantrights of the concerned parties, issues the following data protection notice(hereafter referred to as: Notice).
Privacypolicies related to the data controller activities of the Service Provider arecontinuously available at the web pages and online service providing surfacesof the Service Provider, and on any other online surfaces managed by them (e.g.Facebook, etc.), under the name Privacy Notice.
The ServiceProvider reserves the right to change the contents of this Notice as required,but according to prevailing legislation in effect.
The ServiceProvider notifies its clients and the visitors of the online content to theextent necessary.
If you haveany questions about this Notice, please send them to the following e-mailaddress, and we will reply in writing.
E-mail: info@thegreypixel.com
TheGreypixel Workshop Kft. is committed to the protection of personal data of itsclients, partners and employees, and considers it extremely important torespect the right of informational self-determination of all natural personsconcerned with data processing. The Greypixel Workshop Kft. shall treatpersonal data confidentially, and ensures the safety of these data withtechnical and organisational measures.
Please readthe data protection and data processing procedures described below.
2. Businessinformation
TheGreypixel Workshop Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság(The Greypixel Workshop Commerce and Service Provider Limited Company)
Headquarters:8200 Veszprém, Borsos József utca 2.1, Hungary
Registration number: 19 09 514393
Tax identification number: 23500477-2-19
Authorised representatives: József Lipka, Ákos Mátételki
3 Thepurpose and scope of the Privacy Notice
The purposeof this Notice is to provide appropriate information for the concerned partiesabout data controlled and processed by the Service Provider, their source, thepurpose, legal basis, and duration of data processing, the name, address anddata processing related activities of the party that may be involved with dataprocessing, and – in case of transferring personal data of the concerned party– the legal basis and recipient of the data transmission.
4Definitions
·personal data: anyinformation related to a natural person who is identified or is identifiable(“concerned party”); a natural person is identifiable if he or she – eitherdirectly or indirectly –, can be identified, especially by some kind ofidentifier, for example name, number, location data, online identifier or oneor more factors about the physical, physiological, genetic, mental, economic,cultural or social identity of the person
· data processing: Any kindof automatic or non-automatic operation or a set of operations performed on thepersonal data or personal data files, regardless of the procedure and methodused, i.e. by collecting, recording, systematising, grouping, storing,converting or changing, querying, viewing, use, transmission, dissemination orany other means of making these data accessible, synchronising or connecting,restricting, deleting or erasing.
· profiling: any kindof automatic processing of personal data during which personal data are used toevaluate certain personal traits related to a natural person, especially usedfor analysing or predicting characteristics related to workplace performance,economic situation, health status, personal preferences, interests,reliability, behaviour, location or movement
· pseudonymisation: the useof personal data in a way due to which it is not possible to establish withoutthe use of further information to which person the personal data is related,provided that this further information is stored separately, and it is ensuredby technical and organisational means that it is not possible to link thispersonal data to the identified or identifiable natural persons
· recording system: any fileof personal data, grouped in any way, based on either centralised,decentralised, functional or geographical aspects which is accessible on thebasis of defined criteria
· data controller: a naturalperson or legal entity, public authority, agency or any other organisationwhich determines the purpose and means of personal data processing, either ontheir own, or together with other parties; if the purpose and means of dataprocessing are determined by EU or member state legislation, the datacontroller or the special criteria for designating the data controller can alsobe determined by EU or member state legislation
· data processor: a personor legal entity, public authority, agency or any other organisation whichhandles or processes personal data or provides technical background andapplication logics for data handling on behalf of the data controller
· third party: a naturalperson or legal entity, public authority, agency or any other organisationdifferent from the concerned party, the data controller, data processor or anypersons authorised to process the personal data under the direct control of thedata controller or data processor
· consent of the concerned party:voluntary, concrete, appropriately informed and unambiguous expression of thewill of the concerned party, through which the concerned party testifies bystatement or an action explicitly expressing confirmation that he or she agreesto the processing of personal data related to him or her
· data protection incident: anybreach of security causing unintentional or illegal destruction, loss,alteration, unauthorised disclosure of or unauthorised access to the personal datatransferred, stored or in any other way processed
5 Use ofcookies
An HTTPcookie (often simply called cookie) is an information package sent by a serverto a web browser, which is then returned by the browser to the server everytime it sends a request to the server. Cookies are created either by the webserver or by Javascript, using the browser on the user’s computer, where theyare stored in a separate folder.
Thus, acookie is a small file that is created on the computer when you visit a webpage.
A cookiecan contain any information determined by the server, and its purpose is tointroduce the user status into the connection between the browser and theserver. Without cookies, each web page request would be an isolated event,thus, for example if a user logs into a page protected by a user name andpassword and views some content, then navigates to another page, the user nameand password would have to be requested again.
I.e., thepurpose of cookies is to facilitate the use of web pages and storing sessionrelated user information, but they are also suitable for collecting otherinformation, related to the use of the web site.
The ServiceProvider, within its web pages and online services, only uses cookies notsuitable to identify the users, for two purposes.
Cookiesfacilitating web site use
Theseenable us to remember your features, language, etc. selection for our web pagesand online services.
Performancecookies
We useGoogle Analytics cookies to gather information about how our visitors use ourweb page. These cookies are not capable to identify you as a person, and onlycollect information about what pages the visitor viewed, at what part of theweb page he or she clicked, how many pages he or she visited, and how long theviewing time was for the individual pages.
Refusingcookies
As wealready stated, the cookies used on our web pages and for our online servicesdo not store any information suitable for personal identification.Nevertheless, you have the option to prevent your browser from storing cookies.Cookies usually can be managed in the Tools/Settings menu of the browser, underData protection, cookies.
6 Thepurpose of data processing
The ServiceProvider provides counselling, graphical design, internet applicationdevelopment, search engine optimisation, domain registration, server hostingand translation services. The Service Provider only stores personal datanecessary to conduct business, with the purpose to maintain contact withclients and partners, and for contractual legal relationships and to performaccounting according to legislation.
7 The legalbasis of data processing
Whenformulating this Notice – and the underlying data protection impact assessment–, the provisions of the following EU legal norms and legislation wereconsidered:
· Regulation (EU) 2016/679 of the European Parliament and of the Council(27 April 2016) on the protection of natural persons with regard to theprocessing of personal data and on the free movement of such data, andrepealing Directive 95/46/EC (General Data Protection Regulation) ->hereafter referred to as GDPR
· Act CXII of 2011 on the right of informational self-determination andthe freedom of information -> hereafter referred to as the InformationAct
· Act V of 2013 on the Civil Code -> hereafter referred to as the CivilCode
· Act CVIII of 2001 on certain aspects of e-commerce services, andservices related to the information society -> hereafter referred to asthe E-commerce Act.
· Act C of 2000 on accounting -> hereafter referred to as the AccountingAct.
· Act CVIII of 2001 on certain aspects of e-commerce services, andservices related to the information society -> hereafter referred to asthe E-commerce Act.
· Act XLVIII of 2008 on basic requirements and certain restrictions ofeconomic advertising activities -> hereafter referred to as the CommercialAdvertisement Act.
· Act LXVI of 1995 on official documents, public archives and theprotection of private archive material (concerning data related to employmentrelationships)
· agreements – in the form of contracts – with clients
· the permission provided by the user unequivocally about data processing,either in writing, or on the online surfaces
8 Durationof data processing
As datacontroller, we only store those personal data in our records that are necessaryfor contacting and informing our clients, maintaining contractualrelationships, and for accounting, and only for the duration of the businessrelationship.
Theduration of the business relationship is determined so that it lasts from thetime of contact for sales or other purpose until a contractual relationshiprelated to the activities of the Service Provider exists with the client.
9 Scope ofthe personal data processed
We onlystore personal data in our records – on the basis of explicit client consent –necessary to conduct business, for contacting and informing the client,maintaining contractual relationship with him or her, and for accounting; theseare as follows:
· Name
· address (for businesses, headquarters), and mailing address, if required
· phone number
· e-mail address
· other means of communications, as provided by the client
· tax identifier (for businesses, tax identification number)
· bank account number
Of the dataprocessed, we only store those that are required for the legal relationshipwith natural persons; the tax identifier and bank account number are only usedin case of a contractual relationship, for maintaining the contract, and foraccounting (e.g. issuing invoices), where the legal basis for data processingis the service contract itself.
10Transferring data, further data controllers and processors
We canprovide part of our services and ensure the security of the built-in functionsand operating only by using content, IT solutions, or infrastructure ofexternal service providers.
Fordisplaying our online content, maintaining contact with our clients andproviding online services, the following data controllers and data processorsare involved in relation to the activities of the Service Provider:
WebonicKft.
The serverpark service provider hosting the servers for providing our services
· headquarters: 8000 Székesfehérvár Budai út 9-11., Hungary
· Registration number: 07-09-025725
· Tax identification number: 25138205-2-07
· E-mail: support@webonic.hu
Google Inc.
We use theGoogle Drive system provided by them for office applications
· Headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
11 Datasecurity
The ServiceProvider will take every action necessary to secure the personal data providedby the users both during network communications and during their storage.
Access topersonal data is strictly restricted in order to prevent their unauthorisedviewing, modification, or use.
The servercomputers used to store data are implemented in a redundant configuration inserver parks, and only the employees and businesses maintaining them havedirect access to the data stored on them.
12Enforcement and legal remedy
The ServiceProvider provides information about the rights concerning personal data, theirenforcement and legal remedy as follows:
Information
The ServiceProvider properly informs the party concerned. Upon written request of theconcerned party, we provide information about their data controlled andprocessed by us, their source, the purpose, legal basis, and duration of dataprocessing, and the name, address (headquarters) and data processing relatedactivities of the data controller and data processor, and – when personal dataof the concerned party are transferred – about who and for what purpose receivethese data.
We providethese information in writing, within 30 days after submitting the request.
Rectificationand deleting the data
The concernednatural person has the right to request rectification of their personal data,and that we perform this operation. The Service Provider is obliged to rectifyincorrect personal data.
We deletepersonal data, if
· their processing is against the law;
· it is requested by the concerned party;
· it is incomplete or wrong, and this state cannot be rectified lawfully;
· the purpose of data processing does not exist any more;
· the term for storing the data set forth in legislation has expired;
· the Court or
· the National Data Protection and Information Freedom Authority commandedso.
Fordeleting the data, another necessary condition in addition to the above is thatno act or other regulation excludes it.
Note thatthe rights of the concerned party for information, rectification or deletionmay be restricted by legislation
· for inner and outer security reasons of the Hungarian State (for thesafety of defence, national security, crime prevention, law enforcement, anddetention);
· for state or municipality economic or financial interest;
· for significant economic or financial interest of the European Union;
· for the prevention and exploration of labour law and occupational safetybreaches.
If wecannot perform the request of the concerned party for rectification or deletionfor the above reasons, we provide them written information about this within 30days.
Protest
The ServiceProvider makes if possible for the concerned party to protest againstprocessing his or her personal data if
· processing or transferring personal data is only required for thebenefit of our business or the party receiving the data;
· personal data are processed or transferred for direct marketing or asurvey.
We examinethe protest submitted in writing within 15 days from submitting it, and weinform the requester about the result in writing.
If theprotest is grounded, we cease to process and transfer the data, and we informall parties to whom the data was earlier transferred about the protest and therelated measures taken.
If you havefurther questions about the data controlling and data processing activities ofthe Service Provider, you can get more information at the following address:
TheGreypixel Workshop Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság(The Greypixel Workshop Commerce and Service Provider Limited Company)
Headquarters:8200 Veszprém, Borsos József utca 2.1, Hungary
Registration number: 19 09 514393
Tax identification number: 23500477-2-19, HU23500477
Authorised representatives: József Lipka, Ákos Mátételki
E-mail: info@thegreypixel.com
