PRIVACY POLICY
With this data and information management sheet (hereinafter: Data and Information Management Sheet), the Data Controller complies with the provisions of the European Parliament and the Council (EU) 2016/679 Regulation (hereinafter: Regulation) of its prior information obligation according to Article 12 (1). Those concerned can familiarize themselves with this Data Management Notice without restrictions on the website indicated above. CXII of 2011. is also required by law.
Definitions
“Personal data”: any information relating to an identified or identifiable natural person (“data subject”); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified.
“Data management”: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making it available, coordinating or connecting, limiting, deleting or destroying.
“Data controller”: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law.
“Data processor”: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller.
“Recipient”: the natural or legal person, public authority, agency or any other body to whom or to which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the handling of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the data management.
“Consent of the data subject”: the voluntary, concrete, and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates, through a statement or an act clearly expressing the confirmation, that he gives his consent to the processing of personal data concerning him.
“Data protection incident”: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.
CHAPTER I.
NAME OF DATA PROCESSOR
The publisher of this information, at the same time data processor:
Company name: Váradiné Diener Szilvia entrepreneur (Number of entrepreneur: 9448967513)
Headquarters: UK Liverpool, International House, 307 Cotton Exchange Old Hall St. L39QL
Representative: Váradiné Diener Szilvia
E-mail address: hello@continentsurfer.com
Website: https://continentsurfer.com/
(hereinafter: Data Processor)
CHAPTER II.
NAME OF DATA PROCESSORS
The data processor is the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller; (Regulation, Article 4, 8) Using a data processor does not require the prior consent of the data subject, but it is necessary to inform them. Accordingly, we provide the following information:
1. IT service provider
For the maintenance and management of the Data Controller’s IT systems, it uses a data processor who provides the IT services (hosting service, e-mail service, system operation, CRM service) and within this framework – up to the content of our existing contract with it – manages it on the website, e-mails, and the services personal data provided in other ways in connection with its provision.
The names of these data processors are as follows:
Company name: Skaleway
Headquarters: 8 rue de la Ville l’Evêque, 75008 Paris, France
Website:https://skaleway.com
Service type: software, database
Company name: Trello-Atlassian Pty Ltd.
Headquarters: c/o Atlassian, Inc. 350 Bush Street, Floor 13, San Francisco, CA 94104
Website: https://trello.com
Service type: CRM
Company name: Stripe inc./ Stripe payments UK ltd
Headquarters: 9th Floor, 107 Cheapside, London, EC2V 6DN
Website:https://stripe.com/
Service type: payment processing system
Company name: Google Technology Company
Headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Website: www.google.com
Service type: correspondence, drive documents
Data controller’s accounting service provider
In order to fulfill its tax and accounting obligations, the data controller uses an external service provider with an accounting service contract, who also manages the personal data of natural persons who have a contract or payment relationship with the data controller, in order to fulfill the tax and accounting obligations imposed on the data controller. The name of this data processor is as follows:
Company name: Strike Consulting Ltd.
Headquarters: 4 Cam Road, Stratford – London E15 2SN
CHAPTER III.
DATA PROCESSING RELATED TO SERVICE PROVISION
Management of contracted partners’ data
The data controller processes the name, birth name, date of birth, mother’s name, residential address, tax identification number, tax number, entrepreneur’s and primary producer’s card number, identity card number of the natural person contracted with him for the purpose of concluding, fulfilling, terminating the contract and providing contractual benefits. , residential address, address of registered office, location, telephone number, e-mail address, website address, bank account number. This data management is considered legal, even if the data management is necessary to take steps at the request of the data subject prior to the conclusion of the contract. Recipients of personal data: employees of the data controller performing tasks related to customer service, contractual partners performing accounting and taxation tasks, and data processors. Duration of processing personal data: 5 years after the termination of the contract.
Contact details of legal entity clients and representatives of natural persons
(1) Scope of personal data that can be handled: name, address, telephone number, e-mail address of the natural person
(2) Purpose of processing personal data: fulfillment of the contract concluded with the partner of the legal entity of the data controller, business relationship, legal basis: the legitimate interest of the data controller
(3) Recipients of personal data and categories of recipients: employees of the data controller performing tasks related to customer service.
(4) Duration of storage of personal data: up to 5 years after the existence of the business relationship or the quality of representative of the person concerned.
1. Special data management related to the provision of individual services
(1) In order to provide its various services, the data controller manages the data subject’s data, including various sensitive information.
(2) The range of processed personal data may differ depending on the type of service. The scope of data processing related to individual services:
Service related to residence permit/visa
• Range of processed data: mother’s name, place of birth, residential address, tax number, social security number, residence permit number and photocopy, passport photocopy, other business assets, travel information, gender, marital status, bank account number, criminal and court history, religion, ethnic affiliation, health status.
• Recipients of personal data and categories of recipients: employees of the data controller performing tasks related to customer service, as well as authorities, state bodies and business partners involved in the service (immigrant enforcement authorities, schools, banks, insurance brokers and private insurers, real estate brokers, rental property owners). In some cases, it is necessary to manage the data of family members, the scope of which and the recipients of the data are the same as the scope of the Data Subject’s managed data and the recipients of their data.
(3) The purpose of processing personal data:
1. Provision of the ordered service
2. Administration based on the customer’s request
(4) The legal basis for data management is the consent of the data subject and the fulfillment of the provisions of the concluded contract.
(5) Employees of the Company performing IT services as data processors.
(6) Duration of storage of personal data: 5 years or until the consent of the data subject is withdrawn (deletion request).
CHAPTER IV.
DATA PROCESSING BASED ON LEGAL OBLIGATION:
- Data Processing in order to fulfill tax and accounting obligations
(1) The data processor manages the legally defined data of natural persons entering into business relations for the purpose of fulfilling legal obligations, tax, and accounting obligations prescribed by law (bookkeeping, taxation).
(2) The period of storage of personal data is 8 years after the termination of the legal relationship, giving the legal basis.
(3) Recipients of personal data: the Company’s employees and data processors performing tax, accounting, payroll, and social security tasks.
CHAPTER V.
INFORMATION ON YOUR RIGHTS RELATED TO DATA MANAGEMENT
This chapter summarizes the rights arising from data management.
Right to information: the data subject has the right to receive information about the facts and information related to data processing before the data processing begins.
Right of access: the data subject has the right to receive feedback from the data controller whether his personal data is being processed, and if such data processing is in progress, he is entitled to receive access to the personal data and related information specified in the Regulation.
Right to rectification: the data subject has the right to have inaccurate personal data corrected without undue delay upon request by the Data Controller. Taking into account the purpose of the data management, the data subject is entitled to request the completion of incomplete personal data, including means of a supplementary statement.
The right to erasure: the data subject has the right to have the data controller deleted the personal data concerning him without undue delay upon request, and the data controller is obliged to delete the personal data concerning the data subject without undue delay if one of the reasons specified in the Regulation exists.
The right to limit data processing: the data subject has the right to request that the data controller limit data processing if the conditions specified in the order are met.
Notification obligation related to the correction or deletion of personal data or the restriction of data processing: the Data Controller shall inform all recipients of all corrections, deletions, or data processing restrictions to whom or to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort need. At the request of the data subject, the Data Controller informs about these recipients.
The right to data portability: under the conditions set out in the Regulation, the data subject has the right to receive the personal data concerning him/her that he/she has provided to a Data Controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller without, that the data manager to whom the personal data was made available would be prevented from doing so.
Informing the data subject about the data protection incident: if the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the Data Controller will inform the data subject about the data protection incident without undue delay.
The right to lodge a complaint with a supervisory authority (right to an official remedy): the data subject has the right to lodge a complaint with a supervisory authority – in particular in the Member State of his or her habitual residence, place of work or the place of the suspected infringement – if, in the opinion of the data subject, the handling of relevant personal data violates the Regulation.
CHAPTER VI.
SUBMISSION OF REQUESTS RELATED TO DATA MANAGEMENT, PROCEDURES OF THE DATA CONTROLLER:
(1) The Data Controller shall inform the data subject without undue delay, but in any case within one (1) month from the receipt of the request, of the measures taken following his request to exercise his rights.
(2) If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two (2) months. The data controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one (1) month from the date of receipt of the request.
(3) If the data subject submitted the application electronically, the information must be provided electronically, if possible, unless the data subject requests otherwise.
(4) If the data controller does not take measures following the data subject’s request, it shall inform the data subject without delay, but at the latest within one (1) month from the receipt of the request, of the reasons for the failure to take action, and of the fact that the data subject may file a complaint with a supervisory authority, and can exercise his right to judicial remedy.
(5) The Data Controller shall provide the information according to Articles 13 and 14 of the Regulation and information on the rights of the data subject (Articles 15-22 and 34 of the Regulation) and measures free of charge. If the data subject’s request is clearly unfounded or – especially due to its repetitive nature – excessive, the data controller, taking into account the administrative costs associated with providing the requested information or taking the requested measure:
a) can charge you the fee of 6.350,-HUF or
b) can refuse to take actions based on the request.
It is the responsibility of the data controller that the request is clearly unfounded or excessive.
(6) If the Data Controller has reasonable doubts about the identity of the natural person who submitted the request, it may claim the provision of additional information necessary to confirm the identity of the person concerned.
September 12., 2022. Budapest