1. Introduction and principles
We at ApPello are committed to protecting our visitor’s privacy. We have prepared this Data Protection Policy based on the relevant requirements of the Hungarian legislation, by personal data provided through our website (including email addresses published on our website) or any software application consent to ApPello using your data to editing works, market research, direct marketing, supplying of services or sending advertisements subject to keeping the requirements of the relevant legislation as necessary.
Please note that all data service is voluntary and that you are entitled to request information about the data processing or the modification or cancellation of your data at any time by sending a letter to ApPello at 1075 Budapest, 13-14 Madach Imre út, Madach Trade Center, 2nd floor, or an email to firstname.lastname@example.org.
We are not responsible for the authenticity of the information has been provided to us.
2. Basic definitions
This Data Protection Directive and information (hereinafter called Data Protection Directive) defines the data control regulations of ApPello (registered address: 1075 Budapest, 13-14 Madach Imre út – Madach Trade Center 2nd floor, company registration number: Cg. 01 09 673842, represented by Béla Vér, chief executive officer, e-mail address: email@example.com), acting as a data controller (hereinafter called Data Controller) regarding the visitors of the https://appello.eu and other websites that can be reached at the other addresses specified therein (hereinafter called Website) and the users (hereinafter called Users) of the software applications of ApPello (hereinafter called Application) in respect of the control of their personal rights defined in the present Data Protection Directive in accordance with Act CXII of 2011 on the right informational self-determination and the freedom of information (hereinafter called Info Act) and Act VI of 1998 promulgating the Convention for the protection of individuals with regard to automatic processing of personal data, done in Strasbourg on 28 January 1981.
The Data Controller controls the personal data of the Users based on the present Data Protection Directive and in accordance with the Info Act, taking into account the guidelines of the authority responsible for data protection (National Office for Data¬ Protection and Freedom of Information Authority, having its seat at 1024 Budapest, Szilágyi Erzsébet fasor 22/C.; www.naih.hu) and the court practice made public. By accepting this Data Protection Directive, the User consents to the Data Controller controlling his/her data in accordance with this Data Protection Directive.
4. Modification of the directive
The Data Controller reserves the right to unilaterally modify this Data Protection Directive, of which it informs the Users. The Data Controller posts the amended Data Protection Directive on the Website on the fifth (5th) day before the entry into force of the amended Data Protection Directive. The User declares that he/she has the Internet access necessary to use the Website and that he/she checks his the Web¬site on a regular basis. By accepting this Data Protection Directive, the User declares that he/she consents to contacting him/her at the contacts he/she provided during web-forms or when using the Website.
5. Data providers
The users of the Website or the Application are able to provide personal data during their activity at our website (hereinafter called Website Activity). Based on his/her data provided during the Website Activity, the User (hereinafter, a Subscriber) may use the services provided on the Website or through the Application subject to the terms and conditions (hereinafter called Contract) governing their use (hereinafter called Services). All User who is not a Subscriber, but using the Services also accept the provisions of the present Data Protection Directive as binding by the User visiting the Website to obtain information and/or entering the site and using the Website through his/her activities and using the applications.
Based to the Data Protection Directive, a person can provide data during Website Activity and made the declarations in the paragraph 7 of this Data Protection Directive (hereinafter called Declarations) before using the Website or the Application and accepted to be bound by the provisions of the Contract applicable to him/her and of this Data Protection Directive.
6. Objective of the Data Protection Directive
This Data Protection Directive aims to determine the scope of personal data of the User (under paragraph 9) and controlled by the Data Controller, the method of data control and to ensure the respect of the privacy of the natural person Users in accordance with the Info Act and other relevant legislation and the enforcement of the requirements of data protection and data security, as well as to prevent unauthorized access to the User’s personal data and the alteration or unauthorized disclosure or use of the data.
7. User Declaration
By making any Website Activity or using the website without it, the User confirms to have fully familiarized with and read this Data Protection Directive and accepted to be bound by the provisions contained therein, and gives his/her voluntary, informed and express consent to the Data Controller controlling his/her personal data defined in the Data Protection Directive for the data control purposes defined therein subject to compliance with the provisions of the Info Act and this Data Protection Directive.
The User declares that he/she came to know and read the provisions of the Contract simultaneously with the acceptance of this Data Protection Directive, which is a condition to the validity of the Website Activity and the use of the Web and the software application(s).
By making any Website Activity and/or using the Application, the User consents to the Data Controller controlling his voluntarily given personal and other data for any required editorial work, market research, direct marketing, the provision of services or sending advertisements. Obviously, he/she can revoke such consent at any time at any of the contacts defined in section 1 of this Data Protection Directive.
The User declares that the data provided is true and do not infringe the personal rights of other persons.
The User declares to have understood the information provided by the Data Controller and, based on the same, consents to the Data Controller placing cookies on his/her terminal equipment (device) used for accessing the Services for a period of one (1) year, and consents to the associated data control.
Obviously, Users may revoke their consent at any time by disabling cookies. Please note that disabling cookies can have a technical impact on how the Data Controller will be able to supply the individual Services to the given User.
8. Data Controll Purposes
The personal data of the Users are controlled in order to enable the use, supply, maintenance and protection of the Services provided by the Data Controller through the Website or the Application and the fulfilment of the conditions of the Contract, to improve the Services and develop new services, protect the Data Controller and the Users, display of the Data Controller’s activity related to the Services, including, in particular the display of the contents on the Website or the application, the preparation and arrangement of the activities launched or initiated on the Website or the application, as well as to support the Data Controller’s activity and associated promotional purposes (sending newsletters and recommending products/services).
The Data Controller may use the anonymized personal data of the User for statistical purposes.
9. Scope of controlled Personal Data
The provisions concerning the protection of the Users’ personal rights apply only to natural persons as personal data may only be understood in relation to natural persons. Therefore, this Data Protection Directive covers only the control of the personal data of natural persons.
The Data Controller captures only personal data provided by the User on a voluntary basis. By providing his/her personal data, the User consents to entering his/her personal data in the Data Controller’s database in accordance with the terms of this Data Protection Directive.
9.1. Personal data controlled in order to identify the Users
- The Data Controller controls the following personal data for the purposes of identification:
- personal identification data of the user: first name and last name.
- E-mail address of the user provided during Website Activity.
- Home address or mailing address of the User.
- Direct telephone and fax number of the User.
- Personal information provided by the User (for example, address for notices, occupation, position, area of interest, company) and other data.
- The Data Controller may request additional personal data of the Users for certain activities on the Website/Application. Such data control is also governed by this Policy.
9.2. Data controlled for using the services
- IP address of the User’s computer
- Start and end times of using the Website/Application, and
- Depending on the settings of the User’s computer, type of the browser and the operating system,
- Data concerning the User’s activity concerning the Website/Application.
This information is automatically logged in the system. Such information is not suitable for identifying persons, and the Data Controller does not link the data in the log file with other personal data, but only uses the data for analysing trends, preparing site usage statistics, the administration of services, analysing and satisfying user requirements, which contribute to improving the quality of the Services.
For every all advertising or promotional e-mail sent by the Data Controller, if any, the Data Controller offers the User the possibility to unsubscribe from them, so the User will not subsequently receive them.
10. Data Control Methods and Regulation
The Data Controller controls the Users’ personal data solely for the purposes set out in paragraph 8 of this Data Protection Directive and for the duration defined in paragraph 11 of this Data Protection Directive and ensures that data control takes place in accordance with the purpose of the data control in all phases of the data control. By accepting this Data Protection Directive, the User declares that he/she granted consent to the data control and subsequently provides data in all cases based on his/her voluntary, informed and express consent pursuant Section 5(1) of the Info Act. Such voluntary, informed and express consent provides the legal basis of data control by the Data Controller under this Data Protection Directive.
11. Duration of Data Control
The duration of the data control is five (5) years from the termination of the possibility to use the service (including, in particular, the cancellation of Website Activity), given that this is the time limit within which the Data Controller or third party may bring a civil law claim against the User or against the Data Controller due to the User’s activity, so it ensures that the identity of the User can be tracked back and enables the Data Controller to enforce, if necessary, a claim for damages incurred by the Data Controller or a third party or any other civil law claim.
12. Data Security
In accordance with its obligation set out in Section 7 of the Info Act, the Data Controller is using its best efforts to ensure the security of your data and to implement appropriate technical and organizational measures and establish rules of procedure that are necessary in order to enforce the Info Act and other data protection and confidentiality rules.
Links: it is possible that the Data Controller’s Website includes links to pages maintained by other providers (including buttons and logos directing to login and share possibilities), where the Data Controller has no influence on the practices concerning the control of personal data. Users should note that clicking on such links can move them to sites of other service providers. In such cases, we recommend that you make sure to read the data protection rules governing the use of such sites. This Data Protection Directive only applies to the Website operated by the Data Controller. If the User changes or cancels any of his/her personal data only any external website, data control by the Data Controller will not be affected, and the User should make such changes on the Website as well.
13. Data Transmission and Interconnecting Data
The personal data of the User may be transmitted to third parties and data control may be interconnected only based on the prior and informed consent of the User in accordance with this Data Protection Directive or in order to fulfil the Data Controller’s statutory obligation and based on the request of the competent authorities, provided, that the conditions of data control are fulfilled with respect to each personal data. Before fulfilling official data requests, the Data Controller examines with respect to each data, whether the legal basis and the obligation to transmit data prevail.
By accepting this Data Protection Directive, the User declares that he/she is aware that the data controlled by the Data Controller are transmitted to persons engaged in data processing and customer service under the Data Controller’s assignment and body entitled for dispute settlement under the law. The entities receiving personal data as above provide services to the Data Controller and are primarily operating in Hungary or the European Economic Area. These entities act in respect of the data as instructed by the Data Controller and may not use the data for any other purpose and are subject to and data protection and confidentiality obligation.
14. Anonymous User Identifier (Cookies) at our Website
Anonymous user identifiers (cookies) are a string for unique identification or the storage of profile information that the providers place on the User’s computer. It is important to know that such a string itself can in no way identify the User but can identify the User’s computer only. In the network world of the Internet, information associated with persons and customized services can only be provided if the service providers can uniquely identify their customers’ habits and needs. Service providers apply anonymous identification in order to obtain more information account the clients’ habits in terms of information use on the one hand, to enable them to improve their service level, and to offer customization possibilities to their clients on the other hand.
For example, cookies help to store the Users’ preferences and settings; they help with login; can display personalized advertisements and analyse the operation of the website. To this end, we user services to collect and track the data of User activities such as relevance, offers, searches, opening and the most important and most frequently used functions.
We use Flash cookies, for example, to tell us if the User has ever visited our Website and to help us identify the functions/services that may be of interest to the User the most. Search and the Flash cookies enhance the online experience by information about the User’s preference while staying on a particular site. Neither the search engine nor Flash cookies can identify the User personally, and the User can refuse browser cookies in the browser settings, however, he/she will not be able to exploit all the services of our website without such cookies.
If the User does not want to have such an identification string placed on his/her computer, he/she can set the browser in a way not to allow placing an identification string. In this case, however, it is possible that the User will not reach the Services at all or in the form as if he/she allowed the placing of identifiers.
A large number of Users use the Services in a variety of software and hardware environments, and with different purposes and in different areas. The improvement of the Services can be best adapted to the needs and possibilities of our Users if we receive a comprehensive picture of their user habits and needs. However, due to the large number of our Users, it is an effective supplementary tool in addition to personal contacts and feedback to collect and analyse their habits and the data concerning the running environment of the Services by using an automated method as well.
15. Rights of Users and Enforcing Rights
Users may request information about the data control and request rectification and blocking of their personal data or erasure in case the data is inaccurate. The data subjects can exercise their rights in the context of data control by means of notices sent to the e-mail addresses provided during Website Activity. Users can send requests for information or erasure by e-mail to the e-mail address in paragraph 2 of this Data Protection Directive.
Users may request information about the control of their personal data under paragraph a) of Section 14 of the Info Act. Upon request, the Data Controller provides information to the User about the his/her data controlled by it, the purpose, legal basis and duration of the data control, the name and address (registered office) of the data controller and its activity related to data control, about whether it controls the User’s data in accordance with the paragraph 8 of this Data Protection Directive and its activities concerning data control, as well as the persons(s) who receive the data and the purpose thereof. The information must also include the rights and remedies of the user in relation to the data control. The request for information should be sent by e-mail to the e-mail address in paragraph 2 of this Data Protection Directive, and the data subject will receive the response within thirty (30) working days. Such information will be provided free of charge if the person requesting it has not submitted any request for information to the Data Controller during the given year in relation to the same dataset. In other cases, the data Controller may fulfil the request for information subject to the payment of a fee. Information can be provided within the data control time limit defined in paragraph 11.
The Data Controller will erase the personal data if requested by the User with regard to the provisions below.
If, due to a previously incurred dispute or based on the law or a supervisory procedure under the law, or due to the Contract made with the User that is still in effect, the personal data must be retained or the data includes the personal data of others in an inseparable and non-erasable way (for example, photo), a request for immediate erasure does not necessarily mean the full unavailability of the recording, however, the recording may subsequently be used only for a purposes that excludes the erasure. The Data Controller must carry out the erasure free of charge. Users can notify the Data Controller about their claim to erase their personal data by using the menu item to that effect on the Website or by e-mail to the e-mail address shown in paragraph 2 of this Data Protection Directive. At the User’s voluntary decision and request, the Data Controller will erase the data within thirty (30) days from the receipt of the claim for erasure. By revoking his/her consent to the control of personal data or making a request for the erasure of data, the User waives all his/her rights related to any activity linked to Website Activity. Erasure is free of charge in all cases.
The Data Controller will notify the data subject about the rectification and the erasure, unless the omission of notice does not harm the data subject’s legitimate interests.
Instead of erasure, the Data Controller will block the personal data if requested by the User or it can be assumed on the basis of the available information that erasure would harm the legitimate interests of the data subject. Personal data blocked in this manner will only be controlled by the Data Controller only for as long as the purpose of data control that excluded the erasure of the personal data prevails.
The Data Controller identifies the personal data it processes if the User disputes the correctness or the accuracy thereof, but the incorrectness or inaccuracy of the disputed personal data cannot be defined clearly.
If the Data Controller does not fulfil the User’s request for rectification, blocking or erasure, it will declare the reasons for refusing the request for rectification, blocking or erasure within thirty (30) days of the receipt of the request and inform the User about the possibility to turn to the court or the data protection authority for remedy.
16. Right to be Object and Legal Remedies
16.1. Right to object
The User or any person whose data is obtained by the Data Controller, has the right to object to the control of his/her personal data if:
- the control (transmission) of personal data is necessary solely for enforcing a right or legitimate interest of the Data Controller, unless the data control is ordered or permitted by the law;
- the exercise of the right to object is otherwise made possible by the law.
Simultaneously with the suspension of data control, the Data Controller examines the objection not later than within fifteen (15) days of the receipt of the request, and informs the applicant of the results thereof in writing. Where the objection is justified, the Data Controller stops the data control and blocks the data. The Data Controller must give notice about the objection and the measures it has taken on the basis thereof to all to whom it has previously transmitted the personal data affected by the objection and the latter must take action to enforce the right to object.
If the User disagrees with the decision taken by the Data Controller based on the objection or if the Data Controller missed the time limit for decision-making, the User has the right to bring an action in the court of law within thirty (30) days of the last day of the time limit.
16.2. Enforcing of rights
Users may enforce rights based on the Info Act and the Civil Code (hereinafter called “Civil Code”). In the case of an infringement of rights, Users may turn to the court or the data protection authority referred to in paragraph 3 of this Data Protection Directive. Any person has the right to notify the data protection authority and request an investigation alleging an infringement relating to the processing of his or her personal data, or if there is imminent danger of such infringement. The court competent for the Data Controller’s registered address has jurisdiction for hearing the case. If so requested by the data subject, the action may be brought before the court in whose jurisdiction the data subject’s home address (temporary residence) is located. The detailed legal regulations regarding the method of enforcing rights and the obligations of the Data Controller are set out in the Info Act and the Civil Code.
17. Further guarantees protecting data subjects
Every User has the right to:
- be notified of the automated file containing personal data, its main purposes and of the person controlling the data file (including the usual place of residence or registered office of this person);
- be notified regularly and without excessive costs or delay as to whether his/her data is stored in an automated data file and to be informed of the content of these data in a comprehensible form.
18. Data Protection Officer
The data protection officer appointed by the Data Controller helps the Users in making decisions concerning data protection and securing the rights of data subjects via the e-mail address in paragraph 2 of this Data Protection Directive.
19. Other Provisions
Users acknowledge and consent to that all members of the group in which the data Controller is a member through a direct or indirect ownership participation of not less than 50% or an entity acquiring all or the substantial part of the Data Controller’s assets are considered as the beneficiary/assignee of the Data Controller in terms of the rights and obligations provided in this Data Protection Policy. Such undertakings are entitled to directly enforce or refer to any provisions of this Data Protection Policy that include any advantage or right in their favour. Users may not transfer or assign their rights or obligations set out in this Data Protection Policy to third parties.