Website address: https://menyegzofotos.hu

Szabó Sándor E.V. 8000 Székesfehérvár, Budai út 82. 4/10. (56423545-1-27) (hereinafter referred to as the "Service Provider", "Data Controller") hereby submits to the following information.

Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information states that the data subject (in this case the website/user, hereinafter referred to as the "user") must be informed before the processing of the data is started that the processing based on consent or compulsory.

The data subject must be informed clearly and in detail of all the facts relating to the processing of his or her data before the processing starts, in particular about the following. its purpose and legal basis, the the identity of the controller and the data processor, and the processing of data about the duration of. The person concerned must be informed about the Info tv. 5 (1) that personal data may be processed if.

1. it is ordered by law or, on the basis of the authorisation granted by law, within the scope specified therein, in the case of data that are not special categories of data or personal data in the criminal field, by an ordinance of a local authority for a purpose in the public interest,
2. it is strictly necessary for the performance of the controller's lawful tasks and the data subject has given his or her explicit consent to the processing of the personal data,
3. from a) except as provided for in point (a), to protect the vital interests of the data subject or of another person, or the life, limb or property of a person

is necessary and proportionate to avert or prevent an imminent threat, or

1. in the absence of (a), the personal data have been explicitly disclosed by the data subject and the disclosure is necessary and proportionate for the purposes of the processing.

The information should also cover the rights and remedies of the data subject in relation to the processing.

This privacy notice governs the processing of the following websites:

About me

The amendments to the prospectus will enter into force when published at the above address. We have also included a legal reference behind each part of the prospectus.

Definitions of terms (REGULATION (EU) 2016/679/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data

on the protection of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation

Regulation) Article 4)

1. 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to a physical, physiological, genetic, mental, economic, cultural or physical characteristic of the natural person

or social identity can be identified by one or more factors;

2. "processing" means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. "restriction of processing": the marking of stored personal data for the purpose of restricting their future processing;
4. "profiling" means any form of automated processing of personal data whereby personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with that person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
5. "pseudonymisation" means the processing of personal data in such a way that it is no longer possible to identify the natural person to whom the personal data relate without further information, provided that such further information is kept separately and technical and organisational measures are taken to ensure that no association with identified or identifiable natural persons is possible;

6. "filing system" means a set of personal data, structured in any way, whether centralised, decentralised or structured according to functional or geographical criteria, which is accessible on the basis of specified criteria;
7. 'controller' means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law;
8. "processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
9. "recipient" means a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
10. "third party" means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;

11. "the data subject's consent" means a freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
12. "data breach" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
13. "genetic data" means any personal data relating to the inherited or acquired genetic characteristics of a natural person which contains specific information about the physiology or state of health of that person and which results primarily from the analysis of a biological sample taken from that natural person;
14. 'biometric data' means any personal data relating to the physical, physiological or behavioural characteristics of a natural person obtained by means of specific technical procedures which allow or confirm the unique identification of a natural person, such as facial image or dactyloscopic data;
15. "health data" means personal data relating to the physical or mental health of a natural person, including data relating to the provision of health services to a natural person which contains information about the health of the natural person;
16. "head office" means: a) in the case of a controller established in more than one Member State, the place of its central administration within the Union, but where the personal data are

decisions on the purposes and means of its processing are taken in another place of activity of the controller within the Union and the latter place of activity has the competence to implement those decisions, the place of activity which takes those decisions shall be considered the centre of activity; (b) in the case of a processor having its place of business in more than one Member State, the place of its central administration within the Union or, where the processor does not have a central administration in the Union, the place of business of the processor within the Union where the main processing activities in relation to the activities carried out at the place of business of the processor take place, where the processor is subject to obligations under this Regulation;

17. 'representative' means a person established or resident in the Union and appointed by the controller or processor as a representative of the
18. a natural or legal person designated in writing pursuant to Article 3, who represents the controller or processor in relation to the obligations incumbent on the controller or processor under this Regulation;
19. "enterprise" means any natural or legal person carrying on an economic activity, regardless of its legal form, including partnerships or associations carrying on a regular economic activity;
20. "group of undertakings" means the controlling undertaking and the undertakings controlled by it;
21. "binding corporate rules" means the rules on the protection of personal data adopted by a controller established in a Member State of the Union.

or a processor in one or more third countries in respect of a transfer or series of transfers of personal data by a controller or processor within the same group of undertakings or the same group of undertakings engaged in joint economic activities;

21. 'supervisory authority' means an independent public authority established by a Member State in accordance with Article 51;
22. 'supervisory authority concerned' means a supervisory authority which is concerned by the processing of personal data for one of the following reasons: (a) the controller or processor is established in the territory of the Member State of that supervisory authority; (b) the processing significantly affects or is likely to significantly affect data subjects residing in the Member State of the supervisory authority; or (c) a complaint has been lodged with that supervisory authority;
23. 'cross-border processing of personal data' means (a) the processing of personal data within the Union in the context of activities carried out by a controller or processor established in more than one Member State at sites located in more than one Member State; or (b) the processing of personal data within the Union in the context of activities carried out by a controller or processor at a single site, where the processing significantly affects or is likely to significantly affect data subjects in more than one Member State;
24. 'relevant and reasoned objection' means an objection to a draft decision, raised in relation to whether or not this Regulation has been infringed or whether the controller or the

whether the envisaged measure concerning the processor is in conformity with the Regulation; the objection must clearly demonstrate the significance of the risks posed by the draft decision to the fundamental rights and freedoms of data subjects and, where applicable, to the free flow of personal data within the Union;

25. 'information society service' means a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council ( 1 );
26. "international organisation" means an organisation governed by public international law, or its subsidiary organs, or any other body which is established by or under an agreement between two or more States.

Legal basis for processing (Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information 5.

1. Personal data may be processed if
2. it is ordered by law or, on the basis of the authorisation granted by law, within the scope specified therein, in the case of data that are not special categories of data or personal data in the criminal field, by an ordinance of a local authority for a purpose in the public interest,
3. from a) except as provided for in point (a), is strictly necessary for the performance of the controller's lawful tasks and the data subject has given his or her explicit consent to the processing of the personal data,
4. from a) necessary and proportionate for the protection of the vital interests of the data subject or of another person, or for the prevention or elimination of an imminent threat to the life, limb or property of a person, or

1. from a) unless otherwise specified in point (a), the personal data have been explicitly disclosed by the data subject and the disclosure is necessary and proportionate for the purposes of the processing.

Lawfulness of processing (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data

and repealing Directive 95/46/EC (General Data Protection Regulation) Article 6

The processing of personal data is lawful only if and to the extent that at least one of the following conditions is met:

1. the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
2. processing is necessary for the performance of a contract to which the data subject is a party or for the purposes of taking steps at the request of the data subject prior to entering into the contract;
3. processing is necessary for compliance with a legal obligation to which the controller is subject;
4. processing is necessary for the protection of the vital interests of the data subject or of another natural person;
5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
6. the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject

The first subparagraph f) shall not apply to the processing of data by public authorities in the exercise of their functions.

Principles governing the processing of personal data (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016

on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Article 5

• Personal data:

1. must be lawful, fair and transparent for the data subject ("lawfulness, fairness and transparency");
2. collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; and
3. Further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes ("purpose limitation") shall not be considered incompatible with the original purpose, in accordance with Article 3(1);
4. be adequate and relevant for the purposes for which the data are processed and limited to what is necessary ("data minimisation");
5. be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without undue delay ("accuracy");
6. be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data must be kept for longer than is necessary for the purposes for which the personal data are processed.

may be stored only if the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures as provided for in this Regulation to safeguard the rights and freedoms of data subjects ("limited storage");

1. be carried out in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage ("integrity and confidentiality"), by implementing appropriate technical or organisational measures.
   • The controller is responsible for compliance with paragraph 1 and must be able to demonstrate such compliance ("accountability").

Information to be provided

1. Pursuant to Article 5 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, the following must be specified for the operation of the website/webpage:

1. the fact of data collection,
2. the range of stakeholders,
3. the purpose of the data collection,
4. the duration of the processing,
5. the identity of the potential controllers who have access to the data,
6. the rights of data subjects with regard to data processing.

2. The fact of data collection, the scope of the data processed:

Website:

• Customer's email address
• Name
• Phone number

3. Data subjects: all users registered on the website/.

4. The purpose of the data collection:

Website:

Email:

• marketing the target
• periodic promotion is the aim
• the aim is to send a newsletter
• customer relationship is the goal

Name (First name and/or surname, company name):

• marketing the target
• periodic promotion is the aim
• the aim is to send a newsletter
• customer relationship is the goal

Phone number

• marketing the target
• periodic promotion is the aim
• the aim is to send a newsletter

• customer relationship is the goal

5. Duration of data processing, deadline for deletion of data: immediately upon cancellation of registration. Except in the case of accounting records, since, pursuant to Article 169(2) of Act C of 2000 on Accounting, these records must be kept for 8 years.

The accounting documents (including general ledger accounts, analytical or detailed records) directly and indirectly supporting the accounting accounts must be kept for at least 8 years in a legible form, retrievable by reference to the accounting records.

6. Potential data controllers who may have access to the data: personal data may be processed by the controller's staff, in compliance with the principles set out above.

7. Description of data subjects' rights in relation to data processing: the following data can be modified on the websites:
   • website e-mail address
   • website name
   • the telephone number on the website

The data subject may request the deletion or modification of personal data in the following ways:

• by e-mail at szabosandor@menyegzofotos.hu.

8. Legal basis for processing: the User's consent, in accordance with 5.

• (1), and Article 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (hereinafter: Elker Act):

The service provider may process personal data that are technically necessary for the provision of the service. The provider must, other conditions being equal, choose and in any case operate the means used in the provision of the information society service in such a way that personal data are processed only to the extent strictly necessary for the provision of the service and for the fulfilment of the other purposes laid down in this Act, but only to the extent and for the duration necessary.

Data of the hosting provider (website) used for data management:

Name: Tárhely.Eu Szolgáltató Kft.

Address: 1144 Budapest, Ormánság u. 4. 10/241.

E-mail: gdpr@tarhely.eu 

The following legislation has been taken into account in the preparation of this leaflet:

2.Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)

3.Act CVIII of 2001 on electronic commerce services and the

on certain aspects of information society services (in particular § 13/A) 4.Act XLVII of 2008 - Unfair Commercial Practices against Consumers

prohibiting;

5. Act XLVIII of 2008 - on the basic conditions and certain restrictions of economic advertising (in particular § 6)

6.Act XC of 2005 on the Freedom of Electronic Information

7. Act C of 2003 on Electronic Communications (specifically § 155)

Opinion No 8.16/2011 on the EASA/IAB Recommendation on best practice for behavioural online advertising

9.AZ   EUROPEAN PARLIAMENT AND COUNCIL (EU)

REGULATION (EU) No 2016/679 of 27 April 2016 on the

on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation)