Data processing information
The City of Short Distances Foundation (hereinafter referred to as: service provider, data controller)
submits to the following information.
The rights of natural persons with regard to the processing of personal data
on the protection of personal data and on the free movement of such data, and Regulation 95/46/EC
repealing the General Data Protection Regulation (GDPR) THE EUROPEAN
According to REGULATION (EU) 2016/679 OF THE PARLIAMENT AND OF THE COUNCIL (27 April 2016)
we provide the following information.
This data protection notice applies to the following page and its related subpages.
data processing is regulated by: szineserzsebetvaros.hu (and subpages of this site and
microsites)
THE DATA CONTROLLER AND ITS CONTACT DETAILS:
Name: City of Short Distances Basic Desire
Headquarters: 1077 Budapest, Wesselényi Street 13.
E-mail: info@kistavolsagokvarosa.hu
CONCEPT DEFINITIONS
1. “personal data”: data relating to an identified or identifiable natural person (“data subject”)
any information relating to; the natural person who is directly
or indirectly, in particular by means of an identifier such as a name, number,
location data, online identifier or physical, physiological,
a statement concerning one's genetic, intellectual, economic, cultural or social identity
or can be identified based on several factors;
2. "data processing" means any operation performed on personal data or data files by automated or
any operation or set of operations performed in a non-automated manner, including
collection, recording, organization, structuring, storage, transformation or alteration,
query, view, use, disclosure, transmission, distribution or other
by making it accessible in a way, coordination or linking,
restriction, erasure or destruction;
3. "data controller" means a natural or legal person, public authority or agency
or any other body that determines the purposes and
determines its means independently or together with others; if the purposes and
means are determined by Union or Member State law, the controller or the
specific aspects of the designation of a data controller are set out in the EU or Member State
may also be determined by law;
4. "data processor" means a natural or legal person, public authority or body,
agency or any other body that processes personal data on behalf of the controller
manages data;
5. "recipient" means a natural or legal person, public authority, agency or
any other body to which the personal data is communicated, regardless of
whether it is a third party. Public authorities that conduct an individual investigation
in accordance with Union or Member State law, have access to personal data
data, are not considered recipients; the said data are the property of these public authorities
processing by the data controller must be in accordance with the purposes of the data processing
applicable data protection rules;
6. "consent of the data subject" means any freely given, specific and appropriate indication of the data subject's will
an informed and clear statement by which the statement concerned
or indicates by an action that unambiguously expresses the affirmation that
gives consent to the processing of personal data concerning him/her;
7. ‘data breach’ means a breach of security that compromises the integrity of transmitted, stored or
accidental or unlawful destruction of personal data otherwise processed,
loss, alteration, unauthorized disclosure or access to them
results in unauthorized access.
PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
a) Personal data: a) processed lawfully and fairly, and
must be carried out in a transparent manner for the person concerned ("legality, due process and
transparency”);
b) collected only for specified, explicit and legitimate purposes, and those purposes are
not be processed in a manner incompatible with those purposes; Article 89(1)
does not qualify as incompatible with the original purpose, in accordance with paragraph
negotiable for archiving purposes in the public interest, scientific and historical research
further processing for specific purposes or statistical purposes (“purpose limitation”);
c) they must be adequate and relevant in relation to the purposes of the data processing,
and should be limited to what is necessary (“data economy”);
(d) be accurate and, where necessary, kept up to date; all reasonable
measures must be taken to ensure that the purposes of data processing are achieved
to delete or immediately delete inaccurate personal data
correct (“accuracy”);
e) must be stored in a form that allows the identification of the data subjects only
allows the processing of personal data for the period necessary to achieve its purposes;
Personal data may only be stored for a longer period of time if:
if the processing of personal data is subject to Article 89(1)
for archiving purposes in the public interest, scientific and historical research purposes
or for statistical purposes, the rights and obligations of data subjects are protected in this Regulation.
appropriate technical and organizational measures required to protect your freedoms
subject to the implementation of measures (“limited storage capacity”);
f) must be processed in such a way that appropriate technical or organizational measures are taken
measures are taken to ensure that personal data is properly protected
security, unauthorized or unlawful processing of data, accidental
protection against loss, destruction or damage
including (“integrity and confidentiality”).
The data controller is responsible for compliance with the above and must be able to do so.
to demonstrate compliance (“accountability”).
DATA PROCESSING
DATA PROCESSING RELATED TO THE OPERATION OF THE SITE
1. The fact of data collection, the scope of data processed and the purpose of data processing:
Data processed: Last name and first name
Purpose of data processing: Keeping in touch
Data processed: Email address
Purpose of data processing: Keeping in touch
Data processed: Phone number
Purpose of data processing: Keeping in touch
Data processed: Date of registration
Purpose of data processing: Performing a technical operation.
Data processed: IP address at the time of registration
Purpose of data processing: Performing a technical operation.
2. Scope of data subjects: All data subjects registered on the website.
3. Duration of data processing, deadline for data deletion: registration
will be deleted immediately upon deletion.
4. The identity of potential data controllers entitled to access the data, the personal
Recipients of data: Personal data are provided to the data controller's employees and volunteers.
may be handled, respecting the above principles.
5. Description of the rights of data subjects regarding data processing:
• The data subject may request from the data controller access to personal data concerning him/her.
access, rectification, erasure or restriction of processing, and
• object to the processing of such personal data, and
• the data subject has the right to data portability, and consent can be withdrawn at any time
to withdraw at any time.
6. Access to, deletion of, modification of, or
restriction of processing, data portability, objections against data processing
The affected party can initiate a protest in the following ways:
– by post at the data controller’s registered office,
– by e-mail to hello@szineserzsebetvaros.hu,
7. Legal basis for data processing:
7.1. Article 6(1)(b) of the GDPR,
7.2. Electronic commerce services and information services
Act CVIII of 2001 on certain issues of social services.
Act (hereinafter referred to as the Elker Act) Section 13/A. (3):
The service provider may process personal data for the purpose of providing the service:
which are technically essential for the provision of the service. The
service provider, other conditions being the same, must choose and
in all cases, it must operate in a way that is compatible with the information society
tools used in the provision of related services to ensure personal
data should only be processed if it is necessary for the provision of the service and for the
is absolutely necessary for the fulfillment of other purposes specified by law,
however, even in this case, only to the extent and for the time necessary.
7.3. In case of issuing an invoice in accordance with accounting regulations, Article 6 (1)
paragraph c).
7.4. In the event of enforcement of claims arising from the contract, the Civil
According to Section 6:21 of Act V of 2013 on the Code, 5 years.
§ 6:22 [Limitation]
(1) Unless otherwise provided by this Act, claims shall expire after five years.
(2) The limitation period begins when the claim becomes due.
(3) An agreement to change the limitation period must be in writing.
(4) An agreement excluding the limitation period is void.
DATA PROCESSORS REQUIRED
Hosting provider
Activity provided by the data processor: Hosting service
Name and contact details of the data processor:
Name: Hostinger International Ltd.
Registered office: 61 Lordou Vironos Street Larnaca 6023 Cyprus
Email address: gdpr@hostinger.com
Physical location of data processing: Data is stored in Lithuania (Europe) by Hostinger
on its servers, IP address: 45.84.207.176.
The fact of data processing, the scope of data processed: All data provided by the data subject
personal data.
Scope of data subjects: All data subjects using the website.
Purpose of data management: Making the website available and operating it properly,
keeping in touch, sending newsletters.
Duration of data processing: between the data controller and the hosting provider
until the termination of the agreement, or until the data subject's request to the hosting service provider
Data processing continues until you request deletion.
Legal basis for data processing: Article 6(1)(c) and (f) and
electronic commerce services and the information society
Act CVIII of 2001 on certain issues of related services, Section 13/A
(3) paragraph.
COOKIE MANAGEMENT
Website-specific cookies for the so-called "password-protected session"
cookies used", "shopping cart cookies" and "security cookies",
the use of which does not require prior consent from the data subjects.
The fact of data processing, the scope of data processed: Unique identification number, dates,
dates
Scope of data subjects: All data subjects who visit the website.
Purpose of data processing: Identification of users, the "shopping cart"
to record and track visitors.
Duration of data processing, deadline for data deletion:
Possible data controllers authorized to view the data: cookies
The data controller does not process personal data using
Description of the rights of the data subjects regarding data processing: The data subject has the right to
you have the option to delete cookies in your browser's Tools/Settings menu
usually under the Privacy menu settings.
Legal basis for data processing: Consent from the data subject is not required if the
the sole purpose of using cookies via electronic communications networks
communication transmission or expressly authorized by the subscriber or user
requested, for the provision of information society services,
service provider is absolutely necessary.
USING GOOGLE ADWORDS CONVERSION TRACKING
The data controller uses the online advertising program "Google AdWords", and
within its framework, it uses Google's conversion tracking service.
Google Conversion Tracking is an analytics service provided by Google Inc. (1600 Amphitheatre
Parkway, Mountain View, CA 94043, USA; "Google").
When a User reaches a website through a Google ad, a
A cookie required for conversion tracking will be placed on your computer. These cookies
are of limited validity and do not contain any personal
data, so the User cannot be identified by them.
When the User browses certain pages of the website and the cookie has not yet been
expired, then both Google and the data controller can see that the User has responded to the ad
clicked.
Every Google AdWords customer receives a different cookie, so they are used by AdWords.
cannot be tracked through its customers' websites.
The information – obtained using conversion tracking cookies – is
are intended to provide AdWords conversion tracking to its customers
generate conversion statistics. This way, customers can get information about their ads
Users redirected to a page with clicker and conversion tracking tags
However, they do not have access to information that any
user could be identified.
If you do not wish to participate in conversion tracking, you can opt out by:
to disable the installation of cookies in your browser. Then you will not
be included in conversion tracking statistics.
More information and Google's privacy policy can be found on the following page.
available at: www.google.de/policies/privacy/
USING GOOGLE ANALYTICS
This website uses Google Analytics, a service provided by Google Inc.
(“Google”) web analytics service. Google Analytics uses so-called “cookies”,
uses text files that are saved on your computer, thus facilitating
Analysis of the use of the website visited by the user.
Created with cookies related to the website used by the User
information is usually transferred to and stored on a Google server in the USA.
By activating IP anonymization on the website, Google will store the User's IP address in the
Within the Member States of the European Union or the European Economic Area
in other states party to the agreement, it is shortened beforehand.
The full IP address is transmitted to a Google server in the USA and stored there.
shortening will only be done in exceptional cases. The operator of this website
on behalf of Google, this information will be used to
evaluate how the User used the website, and whether the website
to prepare reports related to the website activity for the operator, and,
to provide additional services related to website and internet use
to fulfill.
Within the framework of Google Analytics, the IP address transmitted by the User's browser
is not combined with other Google data. The storage of cookies is controlled by the User.
You can prevent this by setting your browser accordingly, however, we would like to remind you
Please note that in this case it is possible that not all features of this website will be available.
will be fully functional. You can also prevent Google from
collect and process information related to the User's use of the website through cookies
(including your IP address) if you download and install it from the following link
available browser plugin.
COMMUNITY SITES
The fact of data collection, the scope of data processed: Facebook and Instagram social networks
registered name on the pages and the fact of identification by Facebook.
Scope of data subjects: All data subjects who are registered on Facebook and Instagram
on social media and visited the website.
Purpose of data collection: Activity on social media, individual pages of the website
activities performed with its content elements, or with the website itself
activity identification.
Duration of data processing, deadline for data deletion, data
the identity of potential data controllers and data subjects entitled to know
description of your rights related to data processing: About the source of the data, its
on the handling, the method of transfer and its legal basis on the given social media site
the data subject can obtain information. Data management is carried out on social media sites, so the
the duration and method of data processing, as well as the right to delete and modify data
its possibilities are subject to the regulations of the given social network.
Legal basis for data processing: voluntary consent of the data subject, personal data
for management on social media.
RIGHTS OF THE DATA SUBJECTS
Right of access
You have the right to receive feedback from the data controller regarding:
whether your personal data is being processed and, if so,
is in progress, has the right to access personal data and the information specified in the regulation
access to the listed information.
The right to rectification
You have the right to request that the data controller provide you with the following information without undue delay:
correct inaccurate personal data concerning you. Taking into account the
the purpose of data processing, you have the right to request incomplete personal data –
including by means of an additional declaration.
The right to erasure
You have the right to request that the controller erase your personal data without undue delay.
personal data concerning you, and the data controller is obliged to
erase the personal data concerning you without undue delay for specific
conditions.
The right to be forgotten
If the data controller has made the personal data public and is obliged to delete it, the
taking into account available technology and implementation costs
reasonably foreseeable steps, including technical measures, to
in order to inform the data controllers who process the data that you
requested links to the personal data in question or this personal data
deletion of copies or duplicates of data.
Right to restriction of data processing
You have the right to request that the data controller restrict data processing if the
one of the following conditions is met:
• You dispute the accuracy of the personal data, in which case the restriction applies to that
applies for a period of time that allows the data controller to check the
the accuracy of personal data;
• the processing is unlawful and you oppose the erasure of the data and request its deletion instead
restriction of its use;
• the data controller no longer needs the personal data for the purposes of data processing,
but you require them to establish, exercise or defend legal claims
for its protection;
• You have objected to the processing of your data; in this case, the restriction will apply for that period
applies until it is established that the legitimate grounds of the data controller
Do they take precedence over your legitimate reasons?
The right to data portability
You have the right to have the data concerning you made available to a data controller.
personal data provided in structured, widely used, machine-readable formats
format, and you are also entitled to have this data transferred to another
to the data controller without being hindered by the data controller to which
provided the personal data to you (…)
The right to protest
You have the right to object at any time for reasons relating to your own situation.
against the processing of your personal data by (…), including in accordance with the aforementioned provisions
based profiling.
Objection to direct marketing
If personal data is processed for direct marketing purposes, you
You have the right to object at any time to the processing of your personal data.
against processing for the purposes of direct marketing, including profiling, where this is
If you object to the direct processing of your personal data,
against processing for marketing purposes, then the personal data will be
they cannot be further processed for this purpose.
Automated decision-making in individual cases, including profiling
You have the right not to be subject to processing that is solely automated.
the scope of a decision based on data processing, including profiling, which affects him/her
would have legal effect or would similarly significantly affect him/her.
The previous paragraph shall not apply if the decision:
• In order to enter into or perform a contract between you and the data controller
necessary;
• is made by EU or Member State law applicable to the data controller
which protects your rights and freedoms and legitimate interests
also establishes appropriate measures for the protection of; or
• Based on your express consent.
ACTION DEADLINE
The data controller shall, without undue delay, but in any case, respond to the request
will inform you within 1 month of receipt of the above requests
on the measures taken.
If necessary, this can be extended by 2 months. About the extension of the deadline
the data controller shall notify the recipient of the request, indicating the reasons for the delay
will inform you within 1 month of the date of
If the controller fails to take action on your request without delay,
but will inform you no later than one month after receipt of the request
the reasons for the lack of action and that you can file a complaint
with a supervisory authority and may exercise their right to judicial remedy.
SECURITY OF DATA PROCESSING
The data controller and the data processor are subject to the state of science and technology and the
implementation costs, as well as the nature, scope, circumstances and
objectives and the changing impact on the rights and freedoms of natural persons
appropriate technical and safety measures, taking into account the probability and severity of the risk
implements organizational measures to reduce the level of risk
guarantees an appropriate level of data security, including, inter alia, where applicable:
a) pseudonymisation and encryption of personal data;
b) the systems and services used to process personal data are continuously
ensuring confidentiality, integrity, availability and resilience
ability;
c) in the event of a physical or technical incident, the ability to access personal
access to data and the availability of data in a timely manner
can be set;
d) technical and organizational measures taken to guarantee the security of data processing
to regularly test, assess and evaluate the effectiveness of measures
procedure.
INFORMING THE DATA SUBJECT ABOUT THE DATA PROTECTION INCIDENT
If the data breach is likely to pose a high risk to the natural
rights and freedoms of individuals, the controller shall not be subject to undue delay
informs the data subject about the data protection incident without
The information provided to the data subject must clearly and in an understandable manner describe the
the nature of the data protection incident and the data protection officer or the
the name and contact details of any other contact person who can provide further information;
the likely consequences of a data breach;
the steps taken by the data controller to remedy the data protection incident or
planned measures, including, where applicable, the measures resulting from the data protection incident
measures to mitigate possible adverse consequences.
The data subject does not need to be informed if any of the following conditions are met:
• the data controller has implemented appropriate technical and organizational security measures
and these measures will be implemented for the data affected by the data breach
applied in terms of, in particular, measures such as
use of encryption – which do not allow access to personal data
they make the data unintelligible to authorized persons;
• the data controller has taken further measures following the data protection incident,
which ensure that the rights and freedoms of the data subject are protected to a high degree
risk is unlikely to materialize in the future;
• providing information would require a disproportionate effort. In such cases, the
data subjects must be informed through publicly published information or through
similar measures should be taken to ensure that those affected have similarly effective
information.
If the data controller has not yet notified the data subject of the data protection incident, the
supervisory authority, after considering whether the data protection incident
whether it is likely to involve a high risk, it may order the person concerned to be informed.
REPORTING A DATA PROTECTION INCIDENT TO THE AUTHORITY
The data protection incident shall be reported by the data controller without undue delay and if
possible, no later than 72 hours after becoming aware of the data breach
notified to the supervisory authority competent under Article 55, unless the
A data breach is unlikely to pose a risk to the natural
rights and freedoms of persons. If the notification is not made 72
within 1 hour, the reasons justifying the delay must also be attached.
COMPLAINT POSSIBILITY
You can file a complaint against a possible violation of the data controller with the National Data Protection and
Freedom of Information Authority can be contacted:
National Data Protection and Freedom of Information Authority
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, PO Box: 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
THE POSSIBILITY OF CHANGE
Our data management solutions and circumstances may change. Therefore, we reserve the right to
to amend this privacy policy at any time. About the amendment
We provide information on our website.
Budapest, June 1, 2025.