PRIVACY NOTICE
in which NHOOD Services Hungary Kft. as the data controller (hereinafter referred to as the "Data Controller") informs visitors to the website www.nhoodland.hu (hereinafter referred to as the "Website") and users of its services, as data subjects, about the processing and use of their personal data in accordance with Article 13 (1) - (2) of the GDPR, as follows.
1. INTRODUCTION
1.1. Data of the Data Controller:
|
company name |
NHOOD Services Hungary Kft. |
|
registered seat |
1095 Budapest, Soroksári út 44. II. em. |
|
phone |
+36 1 887 45 20 |
|
|
2. THE PROCESSING OF WEBSITE VISITORS' DATA
2.1. Purpose of data processing
Visitors to the Website are generally not required to provide any personal information in order to use the Website. However, during and in connection with the browsing of the Website, the Data Controller collects data for the purposes of making the Website available and providing the services available therein, improving the services available on the Website, detecting and preventing abuse, measuring visitor data, improving the user experience and for statistical purposes, which may in certain cases involve the processing of personal data.
The Data Controller always informs the data subjects about the processing of personal data published on the Website in connection with specific events and competitions in a separate document in relation to the specific event.
2.2. Scope of data processed
With consent, the Data Controller uses Google Analytics on the Website, which transmits data about the traffic on the Website to Google and via this to the Website operator.
For detailed information, see the cookie policy.
The Google Analytics notice is available at the following link:
https://support.google.com/analytics/answer/2799357?hl=hu#where
The Data Controller does not link the above data with the personal data provided by the data subject when using the services available on the Website and does not seek to identify the visitor in any other way.
2.3. Duration of data processing
The Data Controller stores the log files for 30 days, after which they are deleted.
2.4. Legal basis for data processing
Where the above activity results in the processing of personal data, the legal basis for the processing is the consent of the data subject in accordance with Article 6(1)(a) of the GDPR.
2.5. Use, data and activities of the data processor
name: Super11 Creative Zrt.
registered seat: 1118 Budapest, Homonna utca 2-4. 4. em.
data processing activity: website development, operation.
2.6. Possibility of data processing independent of the Data Controller
The html code of the Website may contain links to third party websites independent of the Data Controller. When clicking on these, the third party's server is connected directly to the computer used by the visitor. In this case, the processing of the data on the website of the operator of the external service is carried out by the third party concerned in accordance with its own privacy policy. Currently, the code of the Website contains links to the websites of the following third parties: youtube.com, linkedin.com, nhood.hu. These links may vary from time to time.
3. DATA SECURITY MEASURES
The Website is hosted on secure servers, which are not accessible to anyone other than the relevant employees of the Data Controller and the company operating the server. Accesses are personalised, protected by secure passwords and regularly reviewed. The working environment is protected by firewalls. Operations involving personal data are logged.
4. THE DATA CONTROLLER'S RIGHT OF ACCESS TO THE DATA
The data may be accessed by the Data Controller's authorised collaborators and employees involved in data management and data processing to the extent and within the limits of their tasks and duties in data management. Colleagues working in these jobs are responsible for accessing, analysing and deleting data generated on the Website at the request of the data subject. Only statistical interpretations may be derived from these analyses, which do not contain any personal data. Exceptions to the above rule are requests from public authorities and courts, which the Data Controller will comply with in accordance with the legislation in force.
5. DATA SUBJECTS' RIGHTS AND REMEDIES IN RELATION TO DATA PROCESSING
The data subject may exercise his or her rights under the GDPR as set out in this policy against the Controller in accordance with the relevant provisions of the GDPR.
In relation to the processing of personal data of data subjects, the data subjects have the following rights:
a) right of access (Article 15 GDPR):
The data subject shall have the right to obtain from the Data Controller information as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the information contained in this policy.
The Data Controller shall provide the data subject with a copy of the personal data processed upon request. For additional copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. Where the data subject has made his or her request by electronic means, the Controller shall provide the information in a commonly used electronic format to the data subject, unless he or she requests them otherwise.
b) the right to rectification (Article 16 GDPR):
The data subject shall have the right to obtain from the Data Controller, upon his or her request and without undue delay, the rectification of inaccurate personal data relating to him or her. The data subject shall also have the right to obtain the rectification of incomplete personal data.
c) the right to erasure (Article 17 GDPR):
The data subject shall have the right to obtain from the Data Controller, upon his or her request, the erasure of personal data concerning him or her without delay and the Data Controller shall be obliged to erase personal data concerning him or her without delay if one of the following grounds applies:
· the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
· where the legal basis for the processing is the data subject's consent and the data subject withdraws it and there is no other legal basis for the processing;
· the data subject objects to the data processing and there are no overriding legitimate grounds for the data processing;
· the personal data have been unlawfully processed;
· the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the Data Controller.
The above provisions under this point (c) shall not apply where (i) it is necessary for compliance with an obligation of personal data processing under Union or Member State law applicable to the Data Controller, or (ii) the processing is necessary for the establishment, exercise or defence of legal claims.
d) the right to restriction of processing (Article 18 GDPR):
The data subject shall have the right to obtain, at his or her request, the restriction of data processing by the Data Controller if one of the following conditions is met:
· the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the Data Controller to verify the accuracy of the personal data;
· the data processing is unlawful and the data subject opposes the erasure of the data and instead, requests the restriction of their use;
· the Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
· the data subject has objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate grounds of the Data Controller prevail over the legitimate grounds of the data subject.
e) the right to object (Article 21 GDPR):
The data subject has the right to object to the processing of his or her personal data at any time on grounds relating to his or her particular situation. In such case, the Data Controller may no longer process the personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the data subject or are related to the establishment, exercise or defence of legal claims. Where processing is carried out for the fulfilment of a legal obligation, the exercise of the right to object shall not result in cease of data processing under this notice.
f) the right to be informed about these rights (Article 12 GDPR):
The Data Controller shall inform the data subject of the circumstances surrounding the processing in a concise, transparent, intelligible and clear manner without delay and in any event within one month of receipt of the data subject's request under points (a) to (e) above. Where necessary, taking into account the complexity of the request and the number of requests, this period may be extended by a further two months. The Data Controller shall inform the data subject of the extension of the time limit within one month of receipt of the request, stating the reasons for the delay.
The information is free of charge. Where the data subject's request is manifestly unfounded or excessive, in particular because of its repetitive nature, the Data Controller may, taking into account the administrative costs of providing the information or information requested or of taking the action requested: i) charge a reasonable fee; or ii) refuse to act on the request. The burden of proving that the request is manifestly unfounded or excessive shall lie with the Data Controller.
The Data Controller shall inform each recipient to whom or with which it has disclosed the personal data (i.e. of any rectification, erasure or restriction of processing) of the provisions in points (b) to (d) above, unless this proves to be impossible or involves a disproportionate effort. The Data Controller shall inform the data subject, at his or her request, of these recipients.
Oral information may also be given upon request, which must be recorded in written minutes. If the data subject requests oral information (e.g. by telephone), he or she shall provide the Data Controller with proof of his or her identity. Further information on the processing of the personal data of the data subject can be obtained from the contact details of the Data Controllerindicated in point 1.1.
g) the right to file a complaint (Article 77 GDPR):
The data subject has the right to file a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement, if he or she considers that the processing of personal data relating to him or her infringes the GDPR. The complaint can be filed with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11; phone: +36 1 391 1400; fax: +36 1 391 1410; www.naih.hu; ugyfelszolgalat@naih.hu).
h) right to apply to the courts (Article 79 GDPR):
The data subject has a right to judicial remedy if he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data in a way that does not comply with the GDPR. Proceedings against Data Controllers must be brought before the courts of the Member State where the Data Controller is established. Such proceedings may also be brought before the courts of the Member State where the data subject has his or her habitual residence.
i) the right to data portability (Article 20 GDPR):
The right to data portability applies where the legal basis for the processing is Article 6(1)(a) or (b) of the GDPR, i.e. the consent of the data subject or the performance of a contract with the data subject. In this case, the data subject has the right to receive personal data relating to the data subject and provided by the data subject to the controller in a structured, commonly used, machine-readable format and the right to transmit these data to another controller without the hindrance of the Data Controller. The data subject shall also have the right, where technically feasible, to request the Data Controller to transfer the personal data directly to another controller.
Budapest, 1 February 2022.
NHOOD Services Hungary Kft.
Data Controller
INFORMATION ABOUT COOKIES (HTTP COOKIES) AVAILABLE ON THE WEBSITE WWW.NHOODLAND.HU
1. General information about cookies (http cookies)
1.1. What is a cookie?
Cookies (http cookies) are small data files, data packets, which are placed on the visitor's computer by the operator of a website during and through the use of the website and which are saved and stored by the visitor's internet browser when downloaded from the website. In the event of a subsequent visit, the cookie enables the operator to, for example, identify the visitor or distinguish him or her from other users, or even to send him or her customised information in the browser window.
1.2. How can I prevent cookies from being installed on my computer or delete them?
It is important to know that most internet browsers accept and allow the setting and use of cookies by default. However, with the appropriate browser settings, you can refuse, restrict or block the use of cookies and delete cookies that have already been stored. Information on the settings required for the use of cookies is provided by the provider of each browser, and is usually available in the "help" section of the browser.
1.3. What happens if I delete cookies or do not consent to them being installed on my computer?
If the user disables the use of cookies, this will not normally prevent the user from visiting or browsing the website. However, some cookies are strictly necessary for the proper functioning of certain services, and disabling or refusing the use of cookies, or deleting cookies that have already been stored, will or may result in the website not functioning fully and certain functions not being properly used by the visitor concerned.
1.4. Types of cookies
The cookies available on websites generally fall into two categories. One category includes cookies that are essential to the functioning of the website (e.g. cookies that store user-recorded data, authentication session, user-centric security, multimedia player session, load balancing session, and session cookies that help you to customise the user interface), while the other category includes all other cookies whose purpose or function goes beyond the functioning of the website and is used for other data management purposes (e.g. analytical cookies, social media plug-in and third-party cookies (e.g. Google) recording the data of the user’s internet usage, and other cookies for marketing purposes). While in the case of the first category of cookies, it is sufficient for the website operator to provide prior information about the cookies that will be installed on the visitor's computer when using its website, in the case of the second category, the website operator must obtain the visitor's consent in advance.
2. Unique cookies of the www.nhoodland.hu website
1.1. No personal data is processed in connection with cookies.
1.2. Details of cookies used on the Website
(A) Cookies that are essential for the functioning of the Website
| Cookie name | Data processed / used by the cookie | Cookie lifetime | Description |
| cookieconsent_status | We record your acceptance of the cookie policy and do not store any personal data. | 1 year | This cookie is used to store the status of whether the user accepts the use of cookies. |
| XSRF-TOKEN | It is responsible for the security of the forms on the Website and does not store any personal data. | 1 day | This cookie is responsible for the security of the forms on the website. |
| nhood_session | It identifies the user anonymously and does not store any personal data. | 1 day | This cookie contains the data necessary to identify the visitor's session. |
(B) Other cookies used by third parties and information about them
In addition to the cookies that we use directly, when you visit our Website, we may also create and use so-called third party cookies in connection with services provided by third parties (e.g. Google), which, for example, help us to record and analyse visitor data and to deliver targeted marketing and advertising messages.
More information on these can be found at https://www.google.com/policies/technologies/types/ and https://www.google.com/analytics/learn/privacy.html?hl=hu.
For information on specific cookies, see the tables below.
Statistical cookies
Statistical cookies help us to track how visitors interact with the Website by collecting information anonymously.
| Cookie name | Data processed / used by the cookie | Cookie lifetime | Description |
| Google Analytics _ga | Google Analytics. It does not store any personal data, it allocates a single anonymous identifier to provide the website operator with the following data: number of visits, duration, pages visited, device information from which the visit was made (mobile, desktop, tablet, display size, operating system type and version), geographical location of the visit at maximum city level, frequency of visit (percentage of returning or new visits, demographic data (based on Google account, Android and iOS devices). | 2 years | It allows the user to be identified anonymously. It ensures that we use non-personal data for statistical purposes to continuously improve the functioning of the Website and provide a better user experience for visitors. |
| Google Analytics _gid | Google Analytics. It does not store any personal data, it allocates a single anonymous identifier to provide the website operator with the following data: number of visits, duration, pages visited, device information from which the visit was made (mobile, desktop, tablet, display size, operating system type and version), geographical location of the visit at maximum city level, frequency of visit (percentage of returning or new visits, demographic data (based on Google account, Android and iOS devices). | 1 day | It allows the user to be identified anonymously. It ensures that we use non-personal data for statistical purposes to continuously improve the functioning of the Website and provide a better user experience for visitors. |
| _omappvp | OptinMonster popup manager. It does not store personal data, it assigns an anonymous identifier. | 1 year | It allows anonymous identification of the user, which helps us to ensure that only a limited number of pop-ups are displayed to a visitor. |
| _omappvs | OptinMonster popup manager. It does not store personal data, it assigns an anonymous identifier. | Until the end of browsing | It allows anonymous identification of the user, which helps us to ensure that only a limited number of pop-ups are displayed to a visitor.a. |