Privacy Policy

1. The data controller:
Name of service provider: Dorottya Kiss Individual Entrepreneur
Service provider’s registered office: 6000 Kecskemét, Hargita u. 6 6.
Registration number: 36093491
E-mail address: dorottya.kiss@youhu.hu
2. Contact information of the data protection officer
I do not carry out any activity that would justify the employment of a data protection officer.
3. Purpose and legal basis of data management
Tracking website visits, sending informative newsletters. We handle all data only with the user’s owner’s approval.
a. Newsletter, eDM
I will send a newsletter about our news and promotions to those who agreed to it. Newsletters and eDM letters contain the company’s name and contact information, so they are classified as advertising. You can subscribe to the newsletter by entering your name and e-mail address.
b. Meta pages
We also encounter personal data (name, comments) on our Meta pages, which is operated for the purpose of providing online contact, commenting on news, expressing opinions, advertising businesses, and acquiring potential customers, to which the data subject has consented. It is also possible to send private messages.
c. Invoicing
If you order one of my services, we will usually conclude a contract and issue an invoice for the remuneration for the work performed, which is required by law, for this I will ask for the billing name and address, and the email address at which we will agree the data (this is usually already in my possession during the contact ).
d. Contact by phone
When calling the phone number posted on the website, I will see your phone number. You’ll probably introduce yourself, so I’ll get to know your name. The former is definitely necessary data, I will not accept calls from unknown numbers. Based on your consent, I process this data in order to be able to call you back if I cannot answer the phone. If we don’t develop a business relationship, I didn’t leave a phone number or name associated with it.
e. Contact details of business and professional partners
In the course of my business / professional relationships, I handle the personal data of my partners’ managers, employees, and contacts based on legitimate interests: name, phone number, email address.
4. Cookies
A cookie is an information package consisting of letters and numbers that websites usually send to your browser with the aim of saving certain settings, facilitating the use of the website and contributing to the collection of some relevant, statistical information about visitors. Cookies do not contain personal information and are not suitable for identifying an individual user. Cookies often contain a unique identifier – a secret, randomly generated string of numbers – stored on your device. Some cookies are deleted after closing the website, and some are stored on your computer for a longer period of time.
You can block all activities related to cookies and delete data files placed during your previous visits. The exact method of doing this can be found in the instructions of your browser, which you can find on the following pages:
Manage cookies and website data in Chrome,
Információ a sütikről Firefox-hoz,
Managing cookies in Internet Explorer and Edge.
Some browsers also allow you to automatically delete your browsing data every time you close it.
When you download certain parts of the website, the visit analysis software we use (Google Analytics operated by Google Inc. (“Google”)) automatically places small data files, in some cases containing your personal data, on your computer. In accordance with the currently valid legislation, you will be notified of this happening when you first visit the site, and we ask for your approval for this. The data files are necessary for the operation of certain functions of the website, information obtained through previous data files received during your visits is sent to the operator. You can find information about the exact name of these data files (_ga, _gat, _gid) and their function on this page. Google Analytics stores the IP number obtained through the browser anonymously (anonymized), and cannot connect it to the user. The data is kept for 26 months, the beginning of which time period restarts if a new event occurs regarding the user (e.g. starting a new session).
If you want to prevent Google Analytics from adding your visit to the analytics on any website, use this extension (available for any browser).
Google also uses cookies (“DSID”, “IDE”, “NID”) that are used to connect the user’s activities on different devices, if he/she has previously signed in to his Google account on them. It does all this in order to coordinate the ads displayed to the user across devices and to measure conversion events. If you do not want Google ads to be displayed to you in a coordinated way across your devices, you can turn off the personalization of ads using the Advertising settings.
If you previously received a cookie from Facebook – either because you have an account or because you visited facebook.com – your browser will send data related to this cookie when you visit a website with a “Like” button or other social plug-in (like this website) you visit. You can find more information about this here.
My newsletter software uses several types of cookies to store language data, speed up performance, and transmit analytics.
The Facebook Like button on the page and embedded content (e.g. YouTube video) can also place cookies on your device.
If we have a user account and are logged in to this website, we set temporary cookies in order to determine whether the browser accepts cookies. These cookies do not contain personal information and are deleted when you close your browser.
When logging in to the website, we create several cookies that save the login information and the display options of the editing interface. Login cookies are valid for two days, and cookies storing the display options of the editing interface are valid for one year. If the “Remember me” option is selected, the registration will continue for two weeks. Login cookies are removed when you log out.

5. Withdrawal of consent
My data processing is always based on consent, including in the following cases:
Sending a newsletter containing advertising
Visit Facebook page, Follow (Like)
Management of visitor statistics
Consent can be withdrawn at any time.
In the case of newsletters, you can withdraw your consent by clicking on the unsubscribe link at the end of the newsletter.
In the case of a Facebook page, you can withdraw it by unliking the page, in the case of a private message and comment, by deleting it.
In case of other consent-based data management operations, please write a short message to the email address dorottya.kiss@youhu.hu.
Data processing prior to withdrawal of consent is considered lawful.

6. Contract and legal obligation
Keeping the billing data and issuing the invoice is my legal obligation. If my client does not provide the requested data, it will be impossible for me to perform the agreed service.
After ordering my services, a written or verbal contract is established with the customer. My business basically enters into contracts with legal entities, but it may happen that my contracts include personal data, such as the name, phone number, e-mail address of the contact person, or the name of the representative of the legal entity. The condition for concluding a contract is that I know these data, I need to know who the other party is and where I can reach them. Without knowing the data, I do not consider the contract concluded and I cannot perform the service.
7. Name of legitimate interest
I handle the contact details and names of the managers or contacts of my business partners, business associates based on legitimate interest. By business partners I mean those persons with whom I work during a work process, e.g. the marketing manager of a large client company, who gives orders and instructions for specific work, or the printing house that prints my professional materials, the programmer who helps with web work, etc.
I received these personal data from the people involved during our previous correspondence and meetings going back many years, and the people involved were already convinced of the confidentiality.
However, I have completed the interest assessment test, which is essential for the legal handling of personal data, and my partners can view this on request. I grant the right to object to all my partners.
8. Duration of data storage
Contact form (name, email address) – until withdrawn by the person concerned
Subscribe to the newsletter (name, email address) – until you unsubscribe
Billing name and address – for the period prescribed by law, in the case of sole proprietors, the current year + 5 years
Data of business partners (name, e-mail address, phone number) – until the existence of a business relationship, until a deletion request
Facebook page (name, comment) – until the page is deleted, until the affected person withdraws the page like, until the affected person deletes it
Data of registered individuals (name, e-mail address) until registration is cancelled.
Cookies from the website – until the validity period of the cookies, or until the user deletes them from their browser
Google Analytics traffic statistics – 26 months
9. Security measures
In my business, I take appropriate security measures to protect personal data against, among other things, unauthorized access, wrongful disclosure or unauthorized alteration. My laptop and desktop computer can be accessed after entering a password, which is protected from viruses by AVG AntiVirus FREE. I use my phone with fingerprint identification. I enter Facebook with 2FA authentication. In the case of my website, I do everything possible to prevent it from being hacked by unauthorized persons.
When developing the appropriate security measures, I took into account the current state of science and technology, the nature, scope, circumstances, and goals of data management, and the risk of variable probability and severity to the rights and freedoms of natural persons.
10. Our partners
My business uses data processors to perform some of its tasks.
Our hosting provider:
Webonic Kft.
8000 Székesfehérvár
Budai út 14.
webonic.hu
Receive and send emails:
Webonic Kft.
8000 Székesfehérvár
Budai út 14.
webonic.hu
Newsletter program:
Mailchimp
The Rocket Science Group, LLC
675 Ponce de Leon Ave NE
Suite 5000
Atlanta, GA 30308 USA
https://mailchimp.com/legal/
Facebook page:
Facebook Inc.
Menlo Park, California, USA
Data management information: https://www.facebook.com/about/privacy/update
(Access to the user’s name and comments.)
Google Analytics:
Google Inc., Mountain View, California, USA
(Access to the anonymized, non-personally identifiable IP address of website visitors.)
11. Third country
The only third country to which data is transferred is the United States of America. A compliance decision was reached with the USA in 2016. on July 12 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en), which Google (https: //policies.google.com/privacy/frameworks) and Facebook (https://www.facebook.com/about/privacyshield).
12. Rights of the data subject
a. Access to personal data
My website visitors, clients, and partners are entitled to request feedback on whether their personal data is being processed, and if so, they are entitled to receive access to the following information:
• purposes of data management
• categories of personal data concerned
• recipients to whom the personal data have been or will be communicated, including recipients in third countries and international organizations,
• the planned duration of data storage, if this is not possible, the criteria for determining this duration,
• the right of the data subject to request from the data controller the correction, deletion or restriction of processing of personal data concerning him/her and to object to the processing of such personal data
I provide you with a copy of the personal data that is the subject of data management. I charge a reasonable fee for additional copies for administrative costs. If the request was submitted electronically, I will provide the information in a widely used electronic format (.doc, .pdf, .xls, .jpg, etc.), unless the data subject requests otherwise.
The right to request a copy must not adversely affect the rights and freedoms of others.
b. Right to rectification
My website visitors, clients, and partners are entitled to have inaccurate personal data corrected upon request. Taking into account the purpose of data management, incomplete personal data can be supplemented. I must inform all recipients to whom I have communicated personal data about the correction, unless this is impossible or requires a disproportionately large effort. I will inform the person concerned about the recipients upon request.
c. Right to erasure
Without undue delay, I am obliged to delete the personal data relating to my client, client or website visitor at their request, or even without a request, if
• personal data are no longer needed for the purpose for which they were collected or otherwise processed;
• the principal/customer/visitor withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;
• the principal/customer/visitor objects to data processing and there is no overriding legal reason for data processing;
• I handled personal data illegally;
• personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the data controller;
• the collection of personal data took place in connection with the offering of services related to the information society.
If I have disclosed personal data that I need to delete, I will take reasonable steps, taking into account the available technology and the costs of implementation, to inform the data controllers handling the data that my client/client/website visitor has requested links to the personal data in question or deleting a copy or duplicate of these personal data.
I do not need to delete personal data if the data management is necessary for the submission, enforcement or protection of legal claims. If a request to delete such data is received, I will consider it and respond to my decision in writing.
I must inform all recipients to whom I have communicated personal data about the deletion, unless this is impossible or requires a disproportionately large effort. I inform my client/client/the user about the recipients upon request.
d. The right to restrict data processing
My client/principal/visitor of the website has the right to request the restriction of data management if:
• disputes the accuracy of personal data, pending clarification
• the data management is illegal, and instead of deleting the data, you request the restriction of their use;
• I no longer need the personal data for the purpose of data management, but my user / client / principal requires them to present, enforce or defend legal claims;
• the user / my client / my client objected to data processing based on legitimate interests; in this case, the restriction applies to the period until it is established whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.
If data management is subject to restrictions, personal data, with the exception of storage, will only be processed with the consent of the user / client / principal, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state can be handled.
I will inform the user / client / principal about the lifting of the restriction in advance.
I must inform all recipients to whom I have disclosed personal data of the restriction, unless this is impossible or requires a disproportionately large effort. I inform my client/client/the user about the recipients upon request.
e. Right to data portability
In the case of automated data processing, if the legal basis for data processing is consent or a contractual legal basis, my client/client/visitor of the website is entitled to receive his/her personal data provided to me in a segmented, widely used, machine-readable format, and transfer this data to another data controller, if this is technically feasible.
The right to data portability must not adversely affect the rights and freedoms of others.
f. Right to protest
My client / principal can object to the processing of his/her personal data
at any time for reasons related to your own situation, if the legal basis for data processing is legitimate interest. In this case, I may no longer process the personal data, unless I prove that it is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of my client/client, or that are related to the presentation, enforcement or defense of legal claims.
g. Automated decision-making in individual cases, including profiling
Since I do not perform automated decision-making and profiling, I cannot guarantee this basic right.
13. In case of complaint
I handle your personal data with the utmost care. If you still feel that I have not taken all the measures expected of me to protect your personal data, or if you simply have a question, please write to me at dorottya.kiss@youhu.hu.
If my company violates the data management principles, the data subjects can exercise their legal rights in court, in the context of a civil lawsuit. The adjudication of the lawsuit falls within the jurisdiction of the court.
The lawsuit can also be initiated before the court where the person concerned lives (you can find a list of the courts and their contact information here).
Furthermore, with any complaints or questions related to personal data, you can contact the National Data Protection and Freedom of Information Authority (1125 Budapest, Szilágyi Erzsébet fasor 22/C., mailing address: 1530 Budapest, Pf.: 5., email: ugyfelszolgalat@naih.hu, website: http://www.naih.hu).
14. Automated decision-making
Automated decision-making does not work in my business.
15. When determining the legal basis for data processing, I took these legal provisions into account
Sending the newsletter, which includes advertising, is only possible based on consent, according to the European Parliament and Council (EU) 2016/679. Article 6 (1) of the Decree point a) and XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities. TV. § 6, paragraphs (1) – (3) require.
Contact on the website, commenting on the blog, operation of the Facebook page, visitor statistics and conversion measurement, cookies and data management in connection with business relationships and agreements are in accordance with the European Parliament and Council (EU) 2016/679. Article 6 (1) of the Decree I took point a) into account.
Data management related to invoicing is based on the European Parliament and Council (EU) 2016/679. Article 6 (1) of the Decree c) and CL of 2017 on the taxation system. TV. Section 78 (3) (certificate retention period) and CXXVII of 2007 on general sales tax. TV. § 169. e) (mandatory elements of an invoice).
Other provisions
This information sheet will enter into force on May 25, 2018, and as soon as new guidelines, resolutions, and detailed rules become known that require me to make changes, I will revise the content. If the scope of my business changes or if I introduce new marketing tools, I will also rewrite it.