Privacy policy
Table of contents
- Introduction, Data controller details, contact details
- Scope of the Policy
- Temporal scope
- Personal scope
- Material scope
- Processing, its legal basis, purpose, duration, scope of data processed
- Sending of newsletters and promotional offers
- Profiling
- Data processors
- Data transfer
- Data processing of a technical nature related to the use and operation of the [email protected] website
- Data subjects’ rights, remedies
- Security of data processing
1. Introduction, Data controller details, contact details
In accordance with the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (General Data Protection Regulation, hereinafter referred to as “GDPR”), the following information is provided about the processing of data in connection with the website [email protected].
By using the Website, the data subject declares that he or she is at least 16 years of age. A person under the age of 16 is not allowed to register on the Website, to use services or subscribe to newsletters, given that, pursuant to Article 8(1) GDPR, the validity of his/her declaration of consent to data processing requires the consent of his/her legal representative. The Data Controller is not in a position to verify the age and entitlement of the person giving consent, so the data subject warrants that the data he/she has provided is accurate. The data subject is responsible for the accuracy of the data provided.
THE CONTROLLER AND CONTACT DETAILS:
Name: PROMO SOLUTIONS LTD
Address: EUROPE, HUNGARY, BUDAPEST, 1091 ÜLLŐI ÚT 169-179 F 9/37
Company registration number: HU26174073
Tax number: HU26174073
Email: [email protected], [email protected]
Phone number: +36207764647
CONTACT DETAILS OF THE DATA PROTECTION OFFICER
Name: Zoltán Koren
Address: EUROPE, HUNGARY, BUDAPEST, 1091 ÜLLŐI ÚT 169-179 F 9/37
Email: [email protected], [email protected]
Phone number: +36207764647
If you would like to contact our Company, you can do so using the contact details provided in this notice, the contact details on the website or the central e-mail address in the “Contact” section of the www.creativapublicidad.es website.
The personal data processed by the Controller may be disclosed to the employees of the Controller to the extent necessary for the purposes of the processing as set out in point 2.
2. Scope of the Policy
1. Temporal scope:
This Policy is effective until August 2020. 1 July 2020 until further notice or until revoked.
2. Personal scope:
The personal scope of this Policy shall include:
- the Data Controller, and
- persons whose data are included in the processing covered by this Policy, and
- persons whose rights or legitimate interests are affected by the processing The Data Controller therefore primarily processes the data of natural persons who are
- through any means or means available to them, such as by electronic means, by sending their data to any e-mail address of the Controller, through a social networking site, by telephone or in person
- by contacting the Data Controller,
- used or requested the services of the Controller and provided their data in doing so; or
- they have registered for a reason or purpose other than to establish contact;
- natural person Partners of the Controller, representatives, contact persons, or other employees of non-natural person Partners.
3. Material scope:
The scope of this notice covers all processing of the above-mentioned categories of persons carried out by all the Data Controller’s departments, whether carried out electronically and/or on paper. In the case of paper-based processing, the Data Controller shall also introduce a separate set of rules on paper-based processing, which shall complement the general provisions of this Policy and shall be considered as an annex to this Policy.
The scope of this Policy covers the processing of personal data transmitted in connection with the use of services on the website of the Data Controller www.creativapublicidad.es and its sub-sites, on its online portal www.facebook.com/oohweb, and in its headquarters/premises/shops.
The Data Controller reserves the right to unilaterally modify this information at any time. It shall notify the data subject of any such modification at least 15 days before it takes effect. Amendments to this notice shall enter into force upon publication on the Controller’s website.
The scope of the present notice covers the processing of personal data transmitted in connection with the use of the services on the Company’s online portal www.creativapublicidad.es (on the subpages accessible from here), www.facebook.com/oohweb, on the one hand, and on the other hand, at the Company’s headquarters/premises/shops.
3. Processing, legal basis, purposes, duration and scope of the data processed
The Data Controller processes personal data on the following legal basis, for the following purposes and for the following duration.
Note: the following processes are in preparation and therefore not yet active.
| Type of processing | Legal basis for processing | Scope of data processed | Purpose of processing | Duration of processing |
|---|---|---|---|---|
| Processing of data relating to a registered customer | Necessary for the use of the service (performance of the contract) (Article 6(1)(b) GDPR) | Last name, first name, email address, telephone number, gender, language | Activation and management of user account | Until the data subject requests the deletion of the data or until 5 years after the last login (statute of limitations according to the Civil Code) |
| Processing of invoicing data | Fulfillment of legal obligation on the controller (Article 6(1)(c) GDPR) | Name, address | Invoicing of the value of goods and services | Until the time limit set by the accounting Act, i.e. 8 years |
| Sending of newsletters | Consent of the data subject (Article 6(1)(a) GDPR) | Name, email address | Sending promotional offers, information, advertisements (newsletter) by electronic means, providing information on current information, products, promotions, new features | Until the data subject’s consent is withdrawn. |
| Contact by the data subject | Consent of the data subject or action taken at the request of the data subject (Article 6(1)(a) and (b) GDPR) | Data provided by the data subject | Answering a question or sending an offer to the data subject in response to an email request | Until 30 days after the question was asked, or 3 years in the case of a consumer question. |
Without the mandatory data, the Data Controller cannot provide the service that the Data Subject wishes to use, for example, it cannot create and manage the user account or fulfil the order.
1. Sending newsletters and promotional offers
Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities, the Data Subject may expressly consent in advance to the Data Controller contacting him/her with advertising offers and other mailings at the e-mail address provided when registering or subscribing to a newsletter and processing his/her data for this purpose.
The Data Controller shall not send unsolicited commercial communications and the Data Subject may unsubscribe from receiving offers and newsletters without restriction and without giving any reason, free of charge. In this case, the Data Controller will not contact the Data Subject with further promotional offers. The Data Subject may unsubscribe from the advertisements by clicking on the link in the message or by contacting the Data Controller.
4. Profiling
The Data Controller does not carry out profiling.
5. Data processors
The Data Controller may transfer the data to the following processors for the purposes of registering requests for quotations and orders, fulfilling contracts, operating the website, sending newsletters and complying with the requirements of the Accounting Act.
The Processors shall carry out the processing in accordance with the instructions of the Controller, shall not take any substantive decisions concerning the processing, shall process the personal data of which they become aware only in accordance with the provisions of the Controller, shall not process the personal data for their own purposes, and shall store, retain and delete the personal data in accordance with the provisions of the Controller. In the course of processing, the data may be known to the employees of the processors.
| Name of data processor | Address of data processor | Data processing activity | Data processed |
|---|---|---|---|
| PROMO SOLUTIONS LTD | EUROPE, HUNGARY, BUDAPEST, 1091 ÜLLŐI ÚT 169-179 F 9/37 | Online payment | Customer name, payment amount, date, time |
6. Transmission of data
The data controller does not transfer data.
We inform the Data Subjects that the court or other authorities or other bodies authorised by law may request the Controller to provide information, data or documents.
The Data Controller shall disclose personal data to public authorities only in accordance with the request of the public authority.
7. Processing of data of a technical nature related to the use and operation of the website www.creativapublicidad.es
The Website does not currently use cookies. The following cookies are in preparation:
| Cookie name | Purpose and scope of data stored | How long will the data be stored? |
|---|---|---|
| _Fbp facebook | Used to identify user to facebook | One session - until browser is closed |
| Fr facebook | Used to identify user to facebok | 3 months |
| _ga | Used for user identification for Google Analytics | 2 years |
| _gid | User identification for Google Analytics | 24 hours |
Google AdWords remarketing: during visits to the website, the website sends one or more cookies to the visitor’s computer, which will uniquely identify the visitor’s browser(s). These cookies are provided by Google and are used through the Google Adwords system. These cookies are only sent to the visitor’s computer when certain sub-pages are visited, i.e. they only store the fact and time of the visit to the sub-page in question and no other information. Google will use these cookies to store if the data subject has previously visited the advertiser’s website and, on this basis, display advertisements to the user on the websites of partners of external service providers, including Google. Users can opt out of Google cookies by visiting the Google advertising opt-out page (you can also indicate to users that you can opt out of cookies from third-party service providers by visiting the Network Advertising Initiative opt-out page): www.google.com/ads/preferences/
8. Data subjects’ rights, remedies
Right of access: the Data Subject has the right to request information from the Data Controller on whether his/her personal data are being processed by the Data Controller. The Data Subject has the right to access his or her personal data processed by the Controller.
The Data Subject also has the right of access to the information contained in this notice.
Right of rectification: the Data Subject has the right to obtain from the Controller, without undue delay, the rectification of inaccurate personal data relating to him or her or the completion of incomplete personal data.
Right to erasure (“right to be forgotten”): the Data Subject shall have the right to obtain from the Controller, upon his or her request, the erasure of personal data relating to him or her without undue delay. In the event of a request for erasure, the Data Controller will examine the exact legal basis for the processing (whether there is a legal basis other than consent) and, if the conditions for erasure are met, will erase the data. In the case of erasure, the Controller shall ensure that the data are erased by all those to whom the data have been disclosed through the Controller.
Right to restriction: the Data Subject shall have the right to request restriction of processing if he or she contests the accuracy of the processing, opposes the erasure of the data in case of unlawful processing, the Controller no longer needs the data but the Data Subject requests them for the purposes of enforcement or the Data Subject has exercised his or her right to object to the processing. The Data Controller shall inform the Data Subject in advance of the lifting of the restriction. The Controller shall inform all recipients to whom the personal data have been disclosed of the restriction.
Right to data portability: the Data Subject has the right to receive personal data relating to him or her in a structured, commonly used, machine-readable format, to transmit it to another controller (or to have it transmitted to the controller if technically feasible). This right is available to the Data Subject where the processing is based on consent or a contract and the processing is carried out by automated means.
The right to object: the Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to processing where it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or where the processing is based on the legitimate interests of the controller or a third party (including profiling).
The data subject may object at any time to the direct marketing (advertising offers, sending of newsletters) and profiling activities of the controller. The Data Controller does not currently carry out profiling.
The Data Controller shall provide the requested information in writing as soon as possible after the request is made (without undue delay), but no later than 30 days after the data subject’s request, or delete the data in the event of withdrawal of consent. In the event of rectification or erasure, the Controller shall inform all recipients to whom the data have been disclosed.
If the Data Controller is unable to comply with the data subject’s request, it shall inform the Data Subject within 30 days.
The Data Controller shall inform the data subject that the withdrawal of consent to the processing of data shall not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal.
The data subject may exercise his or her rights in relation to the processing at the contact details of the Controller specified in point 1.
The data subject may lodge a claim with the National Authority for Data Protection and Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c., postal address: 1530 Budapest, Pf.: 5., www.naih.hu, telephone: +36 (1) 391-1400, fax: +36 (1) 391-1410, [email protected]) or, at his/her option, with the competent court of law at the place of the Data Controller’s registered office, residence or domicile.
9. Security of processing
The Data Controller shall select and operate the IT tools used for the processing of personal data in the provision of the service in such a way that the processed data:
- is accessible to authorised persons (availability);
- its authenticity and authenticity are ensured (authenticity of processing);
- its integrity can be verified (data integrity);
- is protected against unauthorised access (data confidentiality).
The Data Controller shall ensure the security of processing by technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with the processing.
The Data Controller shall, during the processing, keep
- confidentiality: it shall protect information so that only those who are entitled to have access to it have access to it;
- integrity: to protect the accuracy and integrity of the information and the processing method;
- availability: it ensures that when the authorised user needs it, he has effective access to the information and the means to obtain it.
The Data Controller’s IT system and network are protected against computer fraud, espionage, sabotage, vandalism, fire and flooding, computer viruses, computer intrusions and attacks leading to denial of service. The operator ensures security through server-level and application-level protection procedures.
Data Subjects are informed that electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that could lead to fraudulent activity, contract disputes, or disclosure or modification of information. The Data Controller will take all reasonable precautions to protect against such threats. It monitors systems in order to record any security discrepancies and to provide evidence of any security incidents. The monitoring of the system also allows the effectiveness of the precautions taken to be checked.