Privacy Policy

Privacy notice

Introduction

Website operated by FISCONT Zrt. (registered office: 2040 Budaörs, Szabadság út 117., tax number: 28792840-2-13) (hereinafter: Service Provider, data controller), agrees to be bound by the following information.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we provide the following information.

This Privacy Policy regulates the fct.hu website and other data processing by the data controller.

Amendments to this prospectus will enter into force upon publication at the above address.

The data controller and its contact details:

• Company name: FISCONT Zrt.
• Headquarters: 2040 Budaörs, Szabadság út 117.
• Company registration number: 13-10-042109
• Tax number: 28792840-2-13
  

 

Definitions

1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. “controller” means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
4. “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
5. “recipient” means a natural or legal person, public authority, agency or any other body, to which personal data are disclosed, whether a third party or not. Public authorities which may have access to personal data in the context of a specific investigation in accordance with Union or Member State law shall not be considered recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
6. ‘consent of the data subject’ means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
7. “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

Principles governing the processing of personal data

Personal data:

• processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
• collected for specified, explicit and legitimate purposes and not processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered incompatible with the initial purpose in accordance with Article 89(1) (‘purpose limitation’);
• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
• accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods only where the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to implementation of appropriate technical and organisational measures required by this Regulation to protect the rights and freedoms of data subjects (‘storage limitation’);
• processed in such a way as to ensure appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The controller is responsible for compliance with the above and must be able to demonstrate such compliance (“accountability”).

Data processing

Messaging, ordering, contacting

1. The fact of data collection, the scope of processed data and the purpose of data processing:

Personal data

Name, e-mail address, telephone, real estate address. / Purpose of data processing: Contact, identification.

Time of sending / Purpose of data processing: Performing a technical operation.

IP address at the time of messaging / Purpose of data processing: Performing a technical operation.

2. Data subjects: All data subjects sending a message or ordering on the website/requesting an offer.

3. Duration of data processing, deadline for erasure of data: Data processing lasts until the data subject’s request for deletion.

4. Potential data controllers entitled to access the data, recipients of personal data: Personal data may be processed by the controller, respecting the above principles.

5. Description of data subjects’ rights related to data processing:

• The data subject may request from the controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and
• object to the processing of such personal data, and
• The data subject has the right to data portability and the right to withdraw consent at any time.

6. Access to, deletion, modification or restriction of processing of personal data, data portability and objection to data processing may be initiated by the data subject in the following ways:

• by post at 2040 Budaörs, Szabadság út 117.,
• by e-mail at the info@fct.hu e-mail address,

7. Legal basis for data processing: consent of the data subject, Article 6 (1) (a), Privacy Act. Section 5(1) and Section 13/A(3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (hereinafter: Elker Act):

For the purpose of providing the service, the service provider may process personal data that are technically indispensable for the provision of the service. If other conditions are identical, the service provider shall choose and operate the means used in the provision of the information society service in such a way that personal data shall only be processed if this is strictly necessary for the provision of the service and the fulfilment of other purposes specified in this Act, but only to the extent and for the time necessary.

8. Please note that

• processing is based on your consent.
• You are obliged to provide personal data so that we can respond to your inquiry.
• Failure to provide data will result in us not being able to comply with your request.

Data processors used

1. Activity performed by the processor and name and contact details of the processor:

Hosting provider

SMB Best Admin Ltd.
Tax number: 11675334-2-42
Company registration number: 13-09-133447
Headquarters: 1163 Budapest, Máté utca 2.
Phone: (06 1) 607 8139

Providing technical background

SMB Best Admin Ltd.
Tax number: 11675334-2-42
Company registration number: 13-09-133447
Headquarters: 1163 Budapest, Máté utca 2.
Phone: (06 1) 607 8139

2. Fact of data processing, scope of processed data: All personal data provided by the data subject.

3. Data subjects: All data subjects using the website / managed by the data controller.

4. Purpose of data processing: To make the website available, to provide technical background.

5. Duration of data processing, deadline for erasure of data: Data processing lasts until the termination of the agreement between the data controller and the service provider or until the data subject’s request for erasure is addressed to the service provider.

6. Legal basis of data processing: consent of the User, Infotv. Section 5(1), Section 6(1)(a) and Section 13/A(3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services.

Manage cookies

1. Fact of data processing, scope of processed data: Unique identification number, dates, times
2. Data subjects: All data subjects visiting the website.
3. Purpose of data processing: Identification of users and tracking of visitors.
4. Duration of data processing, deadline for deletion of data.
5. Potential data controllers entitled to access the data: The data controller does not process personal data by using cookies.

6. Description of data subjects’ rights related to data processing: The data subject has the option to delete cookies from browsers. You can find information about the cookie settings of the most popular browsers and the implementation of restrictions at the following links:

• Google Chrome
• Firefox
• Microsoft Internet Explorer 11
• Microsoft Internet Explorer 10
• Microsoft Internet Explorer 9
• Microsoft Internet Explorer 8
• Safari

7. Legal basis for data processing: The consent of the data subject is not required if the sole purpose of using cookies is the transmission of communications via electronic communications networks or if it is strictly necessary for the service provider to provide an information society service expressly requested by the subscriber or user.

 

Use Google Adwords conversion tracking

1. The data controller uses the online advertising program called “Google AdWords” and uses Google’s conversion tracking service within its framework. Google conversion tracking is an analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
2. When the User accesses a website through a Google ad, a cookie necessary for conversion tracking is placed on his/her computer. These cookies have a limited validity and do not contain any personal data, so the User cannot be identified by them.
3. When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User clicked on the advertisement.
4. Each Google AdWords customer receives a different cookie, so they cannot be tracked through the websites of AdWords customers.
5. The information obtained through conversion tracking cookies is used to compile conversion statistics for AdWords customers who opt for conversion tracking. In this way, customers are informed about the number of users who clicked on their advertisement and were forwarded to a page with a conversion tracking tag. However, they do not receive any information that could be used to identify any user.
6. If you do not wish to participate in conversion tracking, you can opt out by disabling the option to install cookies in your browser. You will no longer be included in conversion tracking statistics.
7. Further information and Google’s privacy statement are available at: https://policies.google.com/privacy/

 

Use of Google Analytics

1. This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer to help analyze the use of the website visited by the User.
2. The information generated by cookies related to the website used by the User is usually transferred to a Google server in the USA and stored. By activating IP anonymization on the website, Google shortens the User’s IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area beforehand.
3. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate how the User has used the website, to compile reports on website activity for the website operator and to provide other services related to website and internet usage.
4. The IP address transmitted by the User’s browser within the framework of Google Analytics will not be merged with other Google data. The User may prevent the storage of cookies by setting his/her browser accordingly, however, please note that in this case not all functions of this website may be fully usable. You can also prevent Google from collecting and processing data generated by cookies about your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout

 

Complaint handling

1. The fact of data collection, the scope of processed data and the purpose of data processing:

Personal data

First and last name / Purpose of data processing: Identification, contact.
E-mail address / Purpose of data processing: Contact
Phone number / Purpose of data processing: Contact
Billing name and address / Purpose of data processing: Identification, handling quality complaints, questions and problems arising in connection with the ordered services.

2. Data subjects: All data subjects using the service and making quality complaints and complaints.

3. Duration of data processing, deadline for erasure of data: Copies of the minutes, transcripts and responses to the objection taken shall be kept for 5 years pursuant to Section 17/A (7) of Act CLV of 1997 on Consumer Protection.

4. Potential data controllers entitled to access the data, recipients of personal data: Personal data may be processed by the controller, respecting the above principles.

5. Description of data subjects’ rights related to data processing:

• The data subject may request from the controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and
• object to the processing of such personal data, and
• The data subject has the right to data portability and the right to withdraw consent at any time.

6. Access to, deletion, modification or restriction of processing of personal data, data portability and objection to data processing may be initiated by the data subject in the following ways:

• by post at 2040 Budaörs, Szabadság út 117.,
• by e-mail at the info@fct.hu e-mail address,

7. Legal basis for data processing: consent of the data subject, Article 6 (1) (a), Privacy Act. Section 5(1) and Section 17/A(7) of Act CLV of 1997 on Consumer Protection.

8. Please note that

• The provision of personal data is based on a contractual obligation .
• A prerequisite for entering into a contract is the processing of personal data.
• You are obliged to provide personal data so that we can handle your complaint.
• Failure to provide data will result in us not being able to handle your complaint.

 

Social media

1. The fact of data collection, the scope of data processed: Facebook / Google+ / Twitter / Pinterest / Youtube / Instagram etc. name registered on social media sites and the user’s public profile picture.
2. Data subjects: All data subjects who have registered on Facebook / Google+ / Twitter / Pinterest / Youtube / Instagram etc. social media sites and “liked” the website.
3. Purpose of data collection: To share, “like” or promote certain content elements, products, promotions of the website or the website itself on social media sites.
4. Duration of data processing, deadline for erasure of data, identity of potential data controllers entitled to access the data and description of the rights of data subjects related to data processing: The data subject may obtain information about the source of the data, their processing, as well as the method and legal basis of the transfer on the given social media site. Data processing takes place on social media sites, so the duration and method of data processing, as well as the possibilities of deleting and modifying data, are subject to the regulations of the respective social media site.
5. Legal basis for data processing: voluntary consent of the data subject to the processing of his or her personal data on social media sites.

 

Contact us by phone

1. The fact of data collection, the scope of processed data and the purpose of data processing:

Personal data

Name, telephone number, real estate address / Purpose of data processing: Contact, identification, business purpose, ordering services.

2. Data subjects: All data subjects in contact with the data controller by telephone.

3. Duration of data processing, deadline for erasure of data: Data processing lasts until the data subject’s request for deletion.

4. Potential data controllers entitled to access the data, recipients of personal data: Personal data may be processed by the controller, respecting the above principles.

5. Description of data subjects’ rights related to data processing:

• The data subject may request from the controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and
• object to the processing of such personal data, and
• The data subject has the right to data portability and the right to withdraw consent at any time.

6. Access to, deletion, modification or restriction of processing of personal data, data portability and objection to data processing may be initiated by the data subject in the following ways:

• by post at 2040 Budaörs, Szabadság út 117.,
• by e-mail at the info@fct.hu e-mail address,

7. Legal basis for data processing: consent of the data subject, Article 6 (1) (a), Privacy Act. § 5 (1).

8. Please note that

• processing is based on your consent .
• You are obliged to provide personal data so that we can respond to your inquiry.
• Failure to provide data will result in us not being able to comply with your request, not being able to carry out the work, etc.

 

Customer relations and other data processing

1. If the data subject has any questions or problems during the use of our data processing services, he or she may contact the data controller using the methods provided on the website (phone, e-mail, social media sites, etc.).
2. The Data Controller deletes the received e-mails, messages, data provided by phone, Facebook, etc., together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, after a maximum of 2 years from the date of disclosure.
3. Information on data processing not listed in this prospectus will be provided at the time of data collection.
4. At exceptional request from the authority or at the request of other bodies authorized by law, the Service Provider is obliged to provide information, disclose and transfer data and make documents available.
5. In these cases, the Service Provider shall provide personal data to the requester – provided that it has indicated the exact purpose and scope of the data – only to the extent and to the extent that is strictly necessary to achieve the purpose of the request.

 

Rights of data subjects

1. Right of access
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and the information listed in the Regulation.

2. Right to rectification
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to erasure
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay under certain conditions.

4. Right to be forgotten
Where the controller has made the personal data public and is obliged to erase the personal data, the controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure of any links to, or copy or replication of, those personal data.

5. Right to restriction of processing
You have the right to obtain from the controller restriction of processing where one of the following conditions is met:

• you contest the accuracy of the personal data, in which case the restriction applies for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you oppose the erasure of the data and request the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
• you have objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate reasons of the controller override your legitimate reasons.

6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (…)

7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, including profiling based on those provisions.

8. Objection in case of direct marketing
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing. If you object to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes.

9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

The preceding paragraph shall not apply where the decision:

• necessary for entering into, or performance of, a contract between you and the controller;
• is authorised by Union or Member State law to which the controller is subject and which also lays down appropriate measures to safeguard your rights and freedoms and legitimate interests; or
• It is based on your explicit consent.

10. Legal bases for data processing according to the Regulation:

a) the consent of the data subject,

(b) performance of a contract,

c) compliance with a legal obligation to which the controller is subject,

(d) the protection of the vital interests of the person concerned,

e) processing is carried out in the public interest or in the exercise of official authority vested in the controller,

f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

Time limit for action

The controller shall inform you without undue delay and in any event within 1 month of receipt of the request of the measures taken in response to the above requests.

If necessary, it may be extended by 2 months. The controller shall inform you of the extension of the deadline within 1 month of receipt of the request, indicating the reasons for the delay.

If the controller does not take action on your request, it shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Security of data processing

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing and the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, inter alia, where appropriate:

a. pseudonymisation and encryption of personal data;

b. ensuring the continued confidentiality, integrity, availability and resilience of systems and services used for processing personal data;

c. the ability to restore access to and availability of personal data in a timely manner in the event of a physical or technical incident;

d. a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to ensure the security of processing.

 

Communication of the personal data breach to the data subject

Where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and indicate the name and contact details of the data protection officer or other contact point providing further information; describe the likely consequences of the personal data breach; describe the measures taken or planned by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences resulting from the personal data breach.

The data subject need not be informed if any of the following conditions are met:

• the controller has implemented appropriate technical and organisational protection measures and those measures were applied to the data affected by the personal data breach, in particular those that render the personal data unintelligible to persons who are not authorised to access them, such as encryption;
• the controller has taken further measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;
• providing information would require disproportionate effort. In such cases, the data subjects shall be informed by means of publicly available information or a similar measure shall be taken to ensure that the data subjects are informed in an equally effective manner.

Where the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered whether the personal data breach is likely to result in a high risk, may order it to do so.

Report a personal data breach to the authority

The controller shall notify the personal data breach to the supervisory authority competent pursuant to Article 55 without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it shall be accompanied by reasons justifying the delay.

Possibility to lodge a complaint

A complaint may be lodged against a possible infringement of the data controller with the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information

1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, PO box: 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
Email: ugyfelszolgalat@naih.hu

Closing remarks

During the preparation of this prospectus, we took into account the following legal regulations:

• on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016
• 2011. évi CXII. törvény – az információs önrendelkezési jogról és az információszabadságról (a továbbiakban: Infotv.)
• 2001. évi CVIII. törvény – az elektronikus kereskedelmi szolgáltatások, valamint az információs társadalommal összefüggő szolgáltatások egyes kérdéseiről (főképp a 13/A. §-a)
• 2008. évi XLVII. törvény – a fogyasztókkal szembeni tisztességtelen kereskedelmi gyakorlat tilalmáról;
• 2008. évi XLVIII. törvény – a gazdasági reklámtevékenység alapvető feltételeiről és egyes korlátairól (különösen a 6.§-a)
• 2005. évi XC. törvény az elektronikus információszabadságról
• 2003. évi C. törvény az elektronikus hírközlésről (kifejezetten a 155.§-a)
• 16/2011. sz. vélemény a viselkedésalapú online reklám bevált gyakorlatára vonatkozó EASA/IAB-ajánlásról
• Recommendation of the National Authority for Data Protection and Freedom of Information on the data protection requirements of prior information
• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC