SE Hungary Privacy Policy (Data Management Information)
From July 30, 2024, until revoked
Privacy Policy
Effective: from July 30, 2024, until revoked
This Privacy Policy expresses Somatic Events Ltd.'s firm commitment to personal rights and data protection. Somatic Events Ltd. (hereinafter: Data Controller) handles personal data in its possession with the utmost care, in accordance with this Privacy Policy, the provisions of the Fundamental Law of Hungary, Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: Info Act), and the General Data Protection Regulation (EU) 2016/679 (April 27, 2016) (hereinafter GDPR).
1. DATA CONTROLLER INFORMATION
-
Name of Data Controller: Somatic Events Oktatási és Szolgáltató Korlátolt Felelősségű Társaság
-
Short name: Somatic Events Ltd.
-
Headquarters: 2045 Törökbálint, Fácán utca 144. 2a.
-
Email address: hello@sehungary.com
2. CUSTOMER SERVICE OF THE DATA CONTROLLER
The Data Controller primarily communicates with its clients and inquiries electronically, through contact forms on our websites, and via email.
Based on GDPR Article 37, the Data Controller is not required to appoint a Data Protection Officer, so inquiries regarding data processing can be made through the central contact (email: hello@sehungary.com).
3. VALIDITY OF THE PRIVACY POLICY
This Privacy Policy applies to all activities and processes of the Data Controller and all websites operated by the Data Controller, primarily but not exclusively to the website accessible at sehungary.com, as well as this website.
4. PHYSICAL LOCATION OF DATA STORAGE
The Data Controller stores all personal data in high-security cloud systems provided by the Data Processors listed in point 5. The Data Controller does not store personal data on its own computers, mobile phones, or mobile storage devices. The Data Controller makes every effort to monitor and request information about the data processing conducted by its Data Processors.
5. DATA PROCESSORS
The Data Controller utilizes the following Data Processors for handling personal data:
Newsletter Software Provider:
Wix.Com Ltd.
Headquarters: 40 Namal Tel-Aviv St., Tel Aviv 6350671 Israel
Tax Number: EU442008451
Legal Basis for Data Processing: Explicit consent of the data subject (typically, by ticking the relevant checkbox).
Scope of Transferred Data: The data subject’s name, email address.
Purpose of Data Transfer: Notifications about campaigns, business inquiries, general contact maintenance.
Duration of Data Processing: Until the data subject unsubscribes or requests data deletion.
Hosting Service Provider:
Wix.Com Ltd.
Headquarters: 40 Namal Tel-Aviv St., Tel Aviv 6350671 Israel
Tax Number: EU442008451
Legal Basis for Data Processing: Explicit consent of the data subject (typically, by ticking the relevant checkbox).
Scope of Transferred Data: The data subject’s name, email address.
Purpose of Data Transfer: Notifications about campaigns, business inquiries, general contact maintenance.
Duration of Data Processing: Until the data subject unsubscribes or requests data deletion.
Website Analytics Software Provider:
Google Information Technology Services Limited Liability Company
Headquarters: 1023 Budapest, Árpád fejedelem útja 26-28.
Company Registration Number: 01-09-861726
Tax Number: 13561677-2-41
Legal Basis for Data Processing: Legitimate interest of the Data Controller.
Scope of Transferred Data: The data subject’s IP address, visit time, duration, list of visited subpages, operating system used by the data subject, browser type, screen resolution.
Purpose of Data Transfer: Conducting statistical analyses to check and improve the quality of the Data Controller’s services.
Duration of Data Processing: 2 years.
Note: Statistical data collection and analysis are carried out using the Google Analytics service. The data collected during website visits are not linked to specific individuals, meaning the data can only be analysed in aggregate and completely anonymously.
Detailed information about Google Analytics operation is available at:
Comments
When submitting comments to blog posts, in addition to the information provided in the comment form, the commenter’s IP address and browser identification string are collected for filtering unsolicited content.
An anonymized string (a "hash") created from the email address is sent to the Gravatar service. The terms of the Gravatar service can be viewed at: Gravatar Privacy
After comment approval, the content of the comment and the profile picture associated with the email address will be publicly displayed.
6. DATA PROCESSING, DATA STORAGE, BACKUP SECURITY
6.1. Providing personal data is voluntary. Subscription to blog notifications and marketing newsletters is conducted via a double opt-in system. This means that until the data subject clicks the confirmation link sent to the email address provided during the subscription process, the Data Controller temporarily stores the provided data. If the data subject does not click the confirmation link, the data is automatically deleted by the software after three days.
6.2. The Data Controller processes and stores the provided personal data in accordance with applicable laws and does not transfer it to any third parties or business entities under any circumstances other than those specified for Data Processors in point 5. Data Processors regularly create and store security backups of the data due to technical necessity.
6.3. Subscription to blog notifications and marketing newsletters can be terminated at any time by clicking the unsubscribe link found at the bottom of any email sent by the Data Controller. Data modification can be requested by the data subject either by clicking the data modification link or by sending an email to the Data Controller's email address.
6.4. The Data Controller does not verify the authenticity of the data provided by the data subjects.
6.5. The Data Controller does not conduct profiling based on the behaviour, interests, or other data provided by inquiries, clients, visitors to its websites, subscribers, or requesters, and does not apply automated decision-making, categorization, or recommendations.
6.6. Identifying website visitors is not the Data Controller's goal, and no measures are taken to achieve this.
6.7. Data subjects can use the Data Controller's services without subscribing to marketing newsletters.
7. DATA SUBJECT RIGHTS
Data subjects can request information about the processing of their personal data, as well as request correction, deletion, or withdrawal of their personal data (except for mandatory data processing), and exercise their rights to data portability and objection in the manner indicated when data was collected or through the contact details provided in point 1.
7.1. Right to Information
The Data Controller takes appropriate measures to ensure that all information regarding the processing of personal data, as mentioned in GDPR Articles 13 and 14, as well as all information according to Articles 15-22 and 34, is provided to the data subject in a concise, transparent, intelligible, and easily accessible form, clearly and understandably.
The Data Controller will provide the information within 14 days of receiving the request (but no later than within 1 month).
The information is provided free of charge, except when the data subject has already requested information about the same data category within the current year. Any fees already paid by the data subject will be refunded by the Data Controller if the data was processed unlawfully or if the request for information led to a correction.
The Data Controller may only refuse to provide information in cases specified by law, indicating the legal basis, and providing information about the possibility of judicial review and filing a complaint with the Authority.
The Data Controller will notify the data subject, as well as those to whom the data was previously provided for processing purposes, of any corrections, blocking, marking, or deletion of personal data, except when failure to notify does not infringe upon the data subject’s legitimate interests.
7.2. Right to Access Data
The data subject has the right to obtain confirmation from the Data Controller as to whether their personal data is being processed, and if so, to access their personal data and the following information:
-
The purposes of data processing;
-
The categories of personal data concerned;
-
The recipients or categories of recipients with whom or which the personal data has been shared or will be shared, including particularly recipients in third countries or international organizations;
-
The planned duration of data storage;
-
The right to request rectification, erasure, or restriction of processing, and the right to object;
-
The right to lodge a complaint with a supervisory authority;
-
Information on the sources of the data;
-
The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
The Data Controller will provide the information requested by the data subject within one month of receiving the request.
7.3. Right to Rectification
The data subject may request the rectification of inaccurate personal data and the completion of incomplete data handled by the Data Controller.
The data subject may independently make modifications or additions to their data through a link to the data modification form provided in the Data Controller’s email or request the Data Controller to make such changes by sending an email to the central email address (hello@sehungary.com).
7.4. Right to Erasure of Data
The data subject has the right to request that the Data Controller erase their personal data without undue delay under the following circumstances:
-
The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
-
The data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
-
The data subject objects to the processing and there are no overriding legitimate grounds for the processing;
-
The personal data has been unlawfully processed;
-
The personal data must be erased for compliance with a legal obligation applicable to the Data Controller;
-
The personal data was collected in relation to the offering of information society services.
Erasure of data cannot be requested if the processing is necessary for:
-
Exercising the right to freedom of expression and information;
-
Compliance with a legal obligation that requires processing under EU or member state law applicable to the Data Controller;
-
Performing a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
-
Public health purposes, archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes based on public interest;
-
Establishing, exercising, or defending legal claims.
The Data Controller will register the withdrawal of consent within 14 days.
The Data Controller may continue to process certain data even after consent has been withdrawn if necessary to comply with legal obligations or for legitimate interests.
Practical Note: In practice, if the data subject requests erasure of their data related to blog notifications or marketing newsletters and clicks the unsubscribe link in an email, the data will be deleted immediately from the blog notification or newsletter management software. The request will be executed promptly, without a 14-day wait. However, data that the Data Controller is required to retain by law (e.g., for purchases, payments, invoices for 8 years) cannot be erased.
7.5. Right to Restrict Processing
The data subject may request the Data Controller to restrict processing of their personal data if one of the following conditions applies:
-
The data subject contests the accuracy of the personal data – the restriction applies for the period necessary to verify the accuracy of the data;
-
The processing is unlawful, but the data subject opposes erasure of the data and requests restriction of its use instead;
-
The Data Controller no longer needs the personal data for processing, but the data subject requires it for the establishment, exercise, or defence of legal claims;
-
The data subject has objected to the processing – the restriction applies during the period necessary to determine whether the Data Controller’s legitimate grounds override those of the data subject.
When processing is restricted, the personal data may only be processed with the data subject’s consent, or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of significant public interest in the EU or a member state.
7.6. Right to Data Portability
The data subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format, and to transmit those data to another data controller.
Upon request, the Data Controller will provide the data subject’s data in PDF and/or CSV format. The request should be sent to the Data Controller’s central email address (hello@sehungary.com).
7.7. Right to Protest
The data subject has the right to protest, on grounds related to their particular situation, to processing of their personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or for the legitimate interests of the Data Controller or a third party, including profiling based on these provisions.
In the event of an objection, the Data Controller may no longer process the personal data unless there are compelling legitimate grounds for the processing which override the data subject’s interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defence of legal claims.
If the data subject protests to the processing of their personal data, the Data Controller will review the objection within 14 days of receiving the request (but no later than 1 month) and inform the data subject in writing of its decision. If the Data Controller decides that the objection is well-founded, processing – including further data collection and transfer – will be ceased, and the data will be restricted. The Data Controller will notify those who received the data of the objection and the measures taken.
The Data Controller may refuse to comply with the request if it can demonstrate compelling legitimate grounds for processing that override the data subject’s interests, rights, and freedoms, or if the processing is necessary for legal claims. If the data subject disagrees with the decision or if the Data Controller fails to meet the deadline, they can go to court within 30 days from the decision notification or the last day of the deadline.
Note: If you encounter any issues, please contact us by email (hello@sehungary.com) or by sending a registered letter to our headquarters, and we will do our best to resolve the issue promptly.
7.8. Right to Seek Judicial Remedy
The data subject may seek judicial remedy if their rights are violated. The court will handle the case on an expedited basis.
Data protection cases fall under the jurisdiction of the court, which can be either the court of the data subject's residence or the court of their habitual residence. Foreign nationals may also file a complaint with the relevant supervisory authority in their place of residence.
Note: Before filing a complaint with a court or supervisory authority, please contact us by email (hello@sehungary.com) or by sending a registered letter to our headquarters to discuss and resolve the issue as quickly as possible.
7.9. Right to Lodge a Complaint
The data subject has the right to lodge a complaint with the supervisory authority:
National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Mailing Address: 1530 Budapest, Pf.: 5.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat@naih.hu
Website: https://naih.hu
For more information: https://naih.hu/panaszuegyintezes-rendje.html
8. SENDING AND RECEIVING MARKETING MESSAGES
The data subject may give their consent to the Controller to use their personal data for marketing purposes by making a declaration when subscribing to blog notifications or newsletters, or later by modifying the personal data stored on the newsletter and/or direct marketing registration interface, thus clearly expressing their intention.
In this case, according to Section 6 of Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities (Grtv.), the Controller will process the data subject’s data for direct marketing and/or newsletter sending purposes until the consent is withdrawn, and will send marketing materials, notifications, and offers, and/or forward newsletters to the data subject.
The data subject may give their consent for direct marketing and the newsletter either jointly or separately and may withdraw such consent free of charge and at any time.
The Controller considers the cancellation of the subscription (i.e., "unsubscribing") as the withdrawal of consent in all cases. However, the Controller does not interpret the withdrawal of consent for direct marketing and/or newsletter purposes as a withdrawal of consent for data processing in general.
9. USE OF COOKIES ON THE CONTROLLER'S WEBSITES
Cookies are small data files (hereinafter: cookies) that are placed on the visitor’s computer through the website for customized service, saved and stored by the visitor's internet browser, and read during subsequent visits.
If the browser returns a previously saved cookie, the cookie controller can link the user's current visit to previous ones, but only concerning their own content.
General functions of cookies:
-
Collect information about visitors and their devices;
-
Remember visitors' individual settings, which can be used for online transactions, so they do not need to be re-entered;
-
Facilitate website use;
-
Provide a quality user experience.
Most commonly used internet browsers (Chrome, Firefox, Internet Explorer, Safari, Edge, Opera, etc.) accept and allow the download and use of cookies by default. Visitors can refuse or block cookies by modifying their browser settings. Users can also delete cookies already stored on their computers.
Some cookies do not require the visitor's prior consent (e.g., authentication, multimedia player, load balancing, session cookies that assist in user interface customization, and user-centric security cookies).
Websites provide brief information about both non-consent-required and consent-required cookies when the website is first opened, i.e., when the first visit begins, and request the user's consent for the use of cookies.
The Controller does not use or permit the use of cookies that allow a third party or company to collect data about the data subject without their consent.
Acceptance of cookies is not mandatory; however, the Controller does not take responsibility if websites do not function as expected in the absence of cookie acceptance.
Further information about cookie usage is provided in the "Help" section of individual browsers, but it is also summarized here:
-
Chrome: https://support.google.com/accounts/answer/61416?hl=hu
-
Firefox:
https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami
-
Internet Explorer:
https://support.microsoft.com/hu-hu/help/10607/microsoft-edge-view-deletebrowser-history
System cookies (i.e., "Strictly Necessary Cookies")
Legal Basis: No consent required.
Description: These cookies ensure that visitors can browse the Controller's website smoothly and use its functions and available services. The validity of such cookies lasts until the end of the browsing session (session), and they are automatically deleted from the computer or other device used for browsing when the browser is closed.
Purpose of data processing: To improve user experience.
Duration: Browser session (session).
Statistical (third-party) cookies
Legal Basis: Explicit consent of the data subject (provided by enabling the relevant switch).
Description: The Controller also uses Google Analytics cookies on its websites. By using Google Analytics, a statistical service, information is collected about how visitors use the websites. This data is used to improve the website and enhance user experience. These cookies remain on the visitor’s computer or device until their expiration or until the visitor deletes them.
Purpose of data processing: To improve user experience.
Duration: Up to 180 days.
Detailed information about third-party cookies can be found here:
https://www.google.com/policies/technologies/types/
Detailed information about Google Analytics privacy can be found here:
https://www.google.com/analytics/learn/privacy.html?hl=hu
10. OTHER DATA PROCESSING ISSUES
The Controller may only transmit the data subject's data within the legal framework specified by law and ensures, through contractual terms with Data Processors, that they do not use the data subject’s personal data for purposes contrary to the data subject’s consent.
Courts, public prosecutors, the police, the National Tax and Customs Administration (NAV), and the National Authority for Data Protection and Freedom of Information (NAIH) may request information, data disclosure, or documents from the Controller. In these cases, the Controller must comply with the data provision obligation, but only to the extent necessary for achieving the purpose of the request.
The Controller’s collaborators and employees involved in data processing and/or data processing are entitled to know the data subject’s personal data only to the extent predetermined, under confidentiality obligations.
The Controller protects the data subject's personal data with appropriate technical and other measures, ensuring data security, availability, and protecting against unauthorized access, modification, damage, disclosure, and any other unauthorized use.
The Controller controls physical access through organizational measures, continuously educates collaborators and employees, and keeps paper documents securely stored. Technical measures include encryption, password protection, and antivirus software used by the Controller and Data Processors.
The Controller does everything possible to make processes as secure as possible, but cannot assume full responsibility for data transmission over the web due to current IT circumstances. The Controller adheres to strict regulations to ensure the security of the data subject’s data and to prevent unlawful access.
Note: Please be aware that data transmission over the internet cannot be considered entirely secure despite all measures. For security issues, please help by carefully protecting your access credentials and password and not sharing the password with anyone. Also, please cooperate by using a computer with ensured virus protection while using our websites.
Budapest, July 30, 2024