.svg)
TASNADI Group Korlátolt Felelősségű Társaság (Registration number: 01 09 405698; Tax Number: 32081404-2-41; Seat: 1054 Budapest, Bajcsy-Zsilinszky út 58. 2. em. 1.), as data controller (hereinafter: "Data Controller"), recognizes the content of the present Privacy and Data Protection Policy (hereinafter referred to as “Privacy Policy” or “Policy”) as binding on itself. It undertakes to ensure that all data management related to its activities comply with the regulations set out below and the applicable national and EU legislation. Please read the following summary of how our website works carefully. You may trust that data management is transparent and fair, and that we will do everything we can to manage your data carefully and responsibly.
Data Controller reserves the right to amend its Privacy Policy, of which the visitors of www.tasnadi.co will be notified in due course.
Data Controller treats personal data confidentially and takes all technical and organizational measures to guarantee data security.
Tasnadi.co describes its data management principles below. Its basic data management principles are in line with the applicable legislation on data protection, and in particular with the following:
Personal data: Personal data is any information relating to an identified or identifiable natural person (data subject). A natural person can be identified directly or indirectly, in particular by an identifier - for example name, number, location data, online identifier - or one or more of the natural person's physical, physiological, genetic, mental, economic, cultural or social identity. can be identified based on a factor.
Data controller: A natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data processor: the natural or legal person, public authority, agency or any other body who processes personal data on behalf of the data controller.
Limitations of the data processor:
Data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying.
We collect and use your personal data only to the extent that is necessary for the operation of the website and the provision of our content and services. We collect and use your personal data exclusively in accordance with the legal bases and principles defined in the GDPR regulation.
The security of your personal data is extremely important to us. Therefore, we have implemented specific technical and organizational measures in order to protect the data we manage, thus preventing their loss or their misuse by third parties.
Our employees performing data management tasks are subject to mandatory confidentiality rules. The security of your personal data is also guaranteed by the fact that they are transmitted encrypted; for example, we use SSL (Secure Sockets Layer) to communicate with your browser. A lock symbol will appear in your browser to let you know when the SSL connection is established.
In order to ensure that your data is always protected, we regularly review the technical security measures and, if necessary, modify them according to new technological requirements. These principles also apply to companies that manage and use data on our behalf and according to our instructions.
We process and store personal data only as long as they are necessary for the purpose of data management, or as long as we are required to do so by law or other provisions. As soon as the purpose ceases or is fulfilled, your personal data will be deleted or its access restricted. Limited access means that the data will be deleted as soon as the retention periods specified in the legislation, articles of incorporation or contracts allow this, unless there is otherwise a reason based on which we can assume that the deletion would endanger your legitimate interest and provided that the deletion does not require a disproportionately heavy resource expenditure due to the unique conditions of storage.
In the following, we are to explain the specific processes during which your personal data is processed. In doing so, we also explain the legal basis, purpose and duration of the processing of personal data.
When visiting the website www.tasnadi.co, the web server automatically logs the user's activity, that is, during each visit to our website, certain data is automatically collected for technical reasons.
Purpose of data management: operation of the website. With this data, we can ensure the functionality of the website and we can use them to properly present the content of same. We also use this data to optimize our website and ensure the security of our IT systems. As a general rule, we use this technical data only to the extent that it is necessary for the purpose described above, and in addition, in the event of a hacker attack, this data helps to identify the source of the attack and even helps to clarify a police report.
Legal basis for data management: the data controller has a legitimate interest in ensuring that its website functions properly and in a user-friendly manner. [Article 6 (1) GDPR (f)].
Type of personal data handled: access to the website (date, time and frequency), how the website has been reached (sending page, hyperlink, etc.), the amount of data sent, settings and version number of the browser you use, also the operating system in use, as well as the internet service provider, furthermore the scope of interest, demographic data, location data, identifiers, etc. - of the IP address assigned to your computer when you connect to the internet.
You may find information regarding the data collected by Google here: https://policies.google.com/privacy?hl=hu
The IP address is a series of numbers that your internet service provider assigns to your computer for the purpose of connecting to the internet and with which the computers and mobile devices of users accessing the internet can be clearly identified. IP addresses can even be used to locate the visitor using a given computer geographically. The address of the pages visited, as well as the date and time data are not suitable for identifying the data subject by themselves, but when combined with other data (e.g. provided during registration) they are suitable for drawing conclusions regarding the user.
Duration of data management: The period of the respective visitor session.
Data processors:
Tasnadi.co does not connect the data generated during the statistical analysis of the log files with other information and does not attempt to identify the user.
The date, time and frequency data are not in themselves suitable for identifying the data subject, however, when combined with other data (e.g. provided during registration), they are suitable for drawing conclusions about the user.
The independent measurement and auditing of the visitor and other web analytics data of the website www.Tasnadi.co is also supported by an external service provider. The data controllers provide detailed information on the management of measurement data at the following addresses:
Tasnadi.co is therefore committed to providing you with the highest possible level of service. Our goal is to maintain your trust in us. Accordingly, we would like to provide clear information on how we use and store the cookies of our www.tasnadi.co website.
The purpose of data management: to identify users, distinguish them from one another, identify the users' current sessions, store the data provided during each session, prevent data loss, identify and track users, display personalized offers using the data recorded during website visits.
Legal basis for data management: data controller has a legitimate interest in identifying users and preventing abuses [GDPR Article 6 paragraph (1) point a)]
Cookies, web analytics services and social media plug-ins are subject to a separate Cookie Policy.
When you contact us by phone, e-mail or via the contact form, we store the data you provide.
Purpose of data management: We store your data in order to be able to contact you again when you provide your answer. In addition, we log the contact so that in case of future disputes, it is possible to prove the reality of the circumstances in accordance with the facts.
Legal basis for data management: Processing of the data subject’ personal data for one or more specific purposes upon consent based on Article 6 Paragraph (1) Section a) of the GDPR.
The range of personal data handled: name, e-mail address, date of request, and other personal data specified in the message, and your voice in case of a call.
Duration of data management: A maximum of 5 years after contact.
Pursuant to the Act XLVIII of 2008 Section 6 on the Basic Conditions and Certain Limitations of Economic Advertising Activities, Client may give prior and express consent to Tasnadi.co’s advertising offers and other electronic mailings to be sent using the contact information provided at the time of their visit.
Furthermore, the visitor of the Website may, bearing in mind the provisions of the present Policy, consent to Tasnadi.co handling personal data necessary for sending newsletters and sadvertising offers.
Tasnadi.co declares that it does not send unsolicited advertising messages, and that the recipient of the newsletter can unsubscribe from recieving of above offers free of charge without limitation or justification. In this case, Tasnadi.co will delete all personal data necessary for sending advertising messages from its records and will not contact the client/visitor with further advertising offers. Clients/visitors can unsubscribe from newsletters or advertisements by clicking on the respective link within the message.
The scope of data subjects: All clients/visitors subscribing to newsletter services.
Purpose of data management: Identification, enabling subscription to the newsletter; Execution of technical operation; sending electronic messages containing advertising (e-mail, sms, push message) to the person concerned, providing information about current information, services, promotions, new opportunities, etc.
Legal basis for data management: Consent of the data subject.
The range of personal data handled: Name; Email address; Date of registration; IP address at the time of visit;
Duration of data management: Data processing lasts until the consent statement is revoked, i.e. until unsubscription.
When transferring personal data, we always provide the highest possible level of security, therefore we only transmit your data to service providers and partners with contractual obligations that have been carefully selected in advance.
We inform our Users that data transfer to our Newsletter Service Provider specified in Section 7 is considered data transfer to a third country.
This data transfer is conducted upon the exclusive consent of our Users subscribing to the service.
Third countries involved in this paragraph are primarily – but not exclusively – are the following:
Data may also be transferred to other countries depending on the whereabouts of servers or partner companies of our Provider.
Such data transfers require particular attention under the European Union’s Data Protection Regulation (GDPR) as the EU strictly regulates the transfer of EU citizens’ data to third countries.
Our chosen Provider (Mailchimp) therefore applies Standard Contractual Clauses (SCCs), which provide legal guarantees to ensure data security when transferring data outside the EU.
In order to operate and optimize the website, as well as to fulfill contracts, various service providers are commissioned to perform certain tasks on our behalf, e.g. provision of central IT services, hosting of our website. We forward the information collected for each purpose to these service providers (e.g. name, address).
Some of these companies act on our behalf in order to manage and fulfill orders and thus can only use the data provided according to our instructions. In this case, we are legally responsible for ensuring that the companies we commission take appropriate data security precautions. Therefore, we agree on specific data security measures with these companies and regularly check these measures.
Finally, we may transfer your personal data to third parties or public administration bodies in accordance with applicable data protection legislation, if we are legally required to do so (e.g. based on an order from an administrative authority or court) or if we are entitled to do so (e.g. because it is necessary to investigate a crime or to prove and enforce our rights and interests).
You have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information
You may use the following contacts at no cost, except for the costs that your service provider may charge for forwarding the message:
For your own security, we reserve the right to request additional information to verify your identity when responding to an inquiry. If identification is not possible, we also reserve the right to refuse to respond to the request.
a) Right for information
You have the right to request information from us regarding the personal data stored about you.
b) Right for rectification
You are entitled to request the immediate correction and/or addition of personal data stored about you. If you have asserted your right to rectification, erasure or restriction of data processing, we will notify all recipients of your personal data explaining how we have corrected or deleted the data or that there is now a restriction on the processing of the data, unless this is impossible or requires a disproportionate effort.
c) The right to restrict data processing
You have the right to request the limitation of the processing of your personal data if you dispute the accuracy of the data stored about you, if the data processing is illegal and we no longer need the data, but you do not want us to delete the data and you need them to present, assert or enforce legal claims or to defend against them or if you objected to data processing.
d) Right for deletion
You have the right to request the deletion of your personal data stored by us, unless the preservation of the data is necessary for the free expression of opinion, freedom of information, compliance with legal obligations, public interest, presenting or defending against legal claims or exercising rights.
e) Right for data portability
You have the right to request a copy of your data provided to us and to request that we send it to you or a third party in a segmented, widely used and machine-readable form. If you request the data be sent directly to another data controller, we will only do so if this is technically possible.
f) Right to protest
If we process your personal data on the basis of a legitimate interest in accordance with Article 6 (1) point f) of the GDPR, you have the right to object to data processing at any time in accordance with Article 21 of the GDPR.
g) Right to withdraw consent
You have the right to withdraw your consent to the collection of data at any time with effect for the future. This does not affect the data collected until withdrawal. We hope you understand that it may take some time to process the withdrawal of consent for technical reasons and that you may still receive messages from us during this time.
h) Complaints to the data controller or data protection officer:
Please contact the data protection officer in the first instance with a complaint related to data management.
i) Right for court procedure:
In the event of a violation of rights, the data subject may apply to the court against the data controller. The court acts out of sequence in the case.
j) Procedure at the Data Protection Authority
You may file a complaint at the National Data Protection and Freedom of Information Authority.
The fastest, easiest and most convenient way to exercise the right torectification and deletion is to log in to your account and directly edit ordelete the data stored there. We only restrict access to that data, but do notdelete the data, if we are obliged to store the data based on legal orcontractual obligations, in order to prevent the data from being used for otherpurposes.
The security of your personal data is extremely important to us. Therefore, we protect your data stored by us with technical and organizational measures to effectively prevent their loss and manipulation by third parties.
Tasnadi.co and its data processors implement appropriate technical and organizational measures, taking into account the state of technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons in order to guarantee a level of data security appropriate to the degree of risk.
Tasnadi.co selects and operates the IT tools used to manage personal data during the provision of the service in such a way that the managed data:
a) accessible to those authorized to do so (availability);
b) its authenticity and authentication are ensured (authenticity of data management);
c) its immutability can be verified (data integrity);
d) be protected against unauthorized access (data confidentiality).
Tasnadi.co takes appropriate measures to protect the data, especially against unauthorized access, change, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in the technology used.
Tasnadi.co, in order to protect the data files managed electronically in its various registers, ensures with a suitable technical solution that the stored data cannot be directly linked and assigned to the data subject, unless permitted by law. Tasnadi.co takes care of the security of data management with technical, organizational and organizational measures that provide a level of protection corresponding to the risks arising in connection with data management, in view of the current state of technology.
During its data management activity tasnadi.co aims to preserve:
a) confidentiality: protect the information so that only those who are authorized to do so can access it;
b) integrity: protects the accuracy and completeness of the information and the method of processing;
c) availability: ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.
The IT system and network of tasnadi.co and its partners involved with data management are both protected against computer-supported fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures.
We inform users that electronic messages transmitted on the Internet, regardless of the protocol (email, web, ftp, etc.), are vulnerable to network threats that lead to unfair activity, contract disputes, or the disclosure or modification of information. In order to protect against such threats, the data controller takes all necessary precautions. Monitors systems to capture any security discrepancies and provide evidence for any security incidents. In addition, system monitoring also makes it possible to check the effectiveness of the precautions used.
Tasnadi.co, as a data controller, keeps records of possible data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy same.
In order to ensure that our Privacy and Data Protection Policy complies with the legal requirements in force at all times, we reserve the right to amend it if necessary. This also applies to cases where the above Policy needs to be amended to introduce new or modified products or services.
7 October, 2024.
.webp)
