Privacy Policy
Effective from: 05.12.2024
The purpose of this Privacy Policy (hereinafter: “Policy“) is to enable you to know whether Livestocker Solutions Ltd. (registered office: 1013 Budapest, Pauler utca 6., company registration number: 01-09-200958, represented by: András Moldován managing director, e-mail address: info@livestocker.eu, hereinafter: “Data Controller“) which personal data it processes and how it processes in connection with the operation of the website on the www.livestocker.eu website (hereinafter: “Website”), furthermore, the Data Controller should inform you about your rights in connection with the processing of your personal data and how to exercise those rights.
The Data Controller pays special attention to the fact that during its operation, Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR)), Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: Privacy Act.), Act V of 2013 on the Civil Code (hereinafter: Civil Code) and other legal regulations, as well as the guidelines of the Data Protection Working Group pursuant to Article 29 of the Data Protection Directive, the guidelines of the European Data Protection Board and the National Authority for Data Protection and Freedom of Information (hereinafter: the Authority).
- Definitions
Concerned | The identified or identifiable natural person whose personal data are processed; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
|
Personal data | Any information relating to an identified or identifiable natural person (“data subject”).
|
Data management | Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
|
Controller | A natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
|
Processing | A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. |
- Information about data processing
The Data Controller collects personal data – partly through its data processors – from the data subject himself.
The Data Controller does not process sensitive data (e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or health conditions, sexual orientation or gender identity).
In the event that data processing is carried out in order to fulfil the Data Controller’s contractual obligation, you are obliged to provide the personal data necessary for this. If data is not provided, the relevant contractual relationship cannot be established.
2.1 The individual data processing:
(scope of personal data, purpose, title and duration of data processing)
2.1.1. Contact
Concerned | A natural person who turns to the Data Controller with a question by e-mail or via the contact form of the Website. |
Data processed | Information you provide when contacting us. |
Purpose of data processing | Providing the possibility of prior contact. |
Duration of data processing | Data processing lasts until the contact is completed. |
Recipient of data transfer | Hetzner Online GmbH |
Legal basis for data processing | Article 6 (1) (a) of the GDPR – your consent, which you give to the Data Controller by contacting us. |
2.1.2. Operation and operation of the website
Concerned | A natural person visiting or using the Website. |
Data processed | The IP address associated with the data subject’s device (and, based on it, the location of the data subject), the so-called session identifier identifying the data subject’s device. |
Purpose of data processing | Operation of the Website. |
Duration of data processing | 14 days from the start of data processing. |
Recipient of data transfer | Hetzner Online GmbH |
Legal basis for data processing | Art. 6 (1) (b) GDPR – the processing of data is necessary for the performance of a contract to which you are a party. |
2.1.3. Improving and further developing the quality of the Website, making the browsing experience simpler and more efficient,
Concerned | A natural person visiting or using the Website. |
Data processed | The IP address of the data subject’s device (and based on this, the location of the data subject), the activity of the data subject on the Website, the type of device used to access the Website concerned, the size of its display, the unique identifier of the device and the type of browser. |
Purpose of data processing | User experience, improving the interfaces and marketing activities of the Website and the Data Controller, as well as collecting statistical data to plan the implementation of these purposes. |
Duration of data processing | 23 days from browsing for Cookies, 62 days for Cookie Consent; or until consent is withdrawn, whichever is earlier. |
Recipient of data transfer | Google Ireland Limited |
Legal basis for data processing | Article 6 (1) (a) of the GDPR – your consent to the Data Controller by visiting and using the Website. |
2.1.4. Handling complaints
Concerned | Natural person complaining about the activities of the Data Controller. |
Data processed | Your name, e-mail address, content of the complaint and any additional contact information provided. |
Purpose of data processing | Proper investigation and handling of complaints. |
Duration of data processing | Pursuant to Section 17/A (7) of Act CLV of 1997 on Consumer Protection for 3 years after the closure of the complaint. |
Recipient of data transfer | Hetzner Online GmbH |
Legal basis for data processing | Art. 6 (1) (b) and (c) GDPR – necessary for the performance of a contract to which you are party or for the performance of a legal obligation of the Data Controller. |
- Cookie-k (sütik)
The Data Controller uses so-called cookies (in Hungarian: cookies) when visiting and using the Website. The use of certain cookies is essential to ensure the operation of the Website, and cookies that do not qualify as such are used by the Data Controller only with the consent given to the data subject, and does not process data by such cookies beforehand.
You can change your cookie management settings and consent when you open the Website and at any time thereafter (so you can withdraw your consent) by clicking on the “Cookie Settings” button on the Website. In addition, browsers allow you to change your cookie settings in general. Most browsers automatically accept cookies by default, but you can change this to prevent them from being automatically accepted once set.
The function of the cookie, the related purpose of data processing | Processed (personal) data |
Necessary cookies: cookies without which the Website cannot perform its basic function (e.g. a cookie is necessary for users to browse the Website and search its content) | session ID; and thus IP address |
Functional cookies: used to provide you with a more personalized user experience, remember user preferences and preferences (e.g. remember user preferences) | session ID and with its help name and e-mail address from database |
Performance cookies/statistical cookies (Statistics): Examine the activity of users in such a way that the extracted data do not allow unique identification. | Anonymous demographics |
Marketing/targeting cookies (Marketing): based on the activity of each user, they enable the display of advertisements tailored to the given users and the examination of individual activity. | Cookies used by Google Analytics and Google Adsense: demographic data, name and user activity (clicks when browsing the Website) |
Information on certain cookies used partly directly by the Data Controller and partly by one of its data processors is available on the Website, grouped according to the table above, through the cookie management tool on the Website. This panel pops up the first time you visit the login area of the Website and can be called up later as described above. This information covers the duration of data processing, the identity of the third party from which the cookie originates (if any) and the purpose of the cookie.
- Persons having access to personal data
The data may be accessed by any employees of the Data Controller, as well as by other data processors and recipients named in this Prospectus, in order to perform their tasks. Thus, the data processors and recipients named in this Policy may become acquainted with personal data for the purpose of providing services, case management and data processing.
- Data transfer
Your data will not be passed on to third parties, except for data processors and recipients as defined below. In addition, data transfer to a third party or recipient will only take place if we send you information about the potential recipient in advance and you subsequently consent to the transfer in advance or it is otherwise required by law. In the course of its data processing activities, the Data Controller does not transfer personal data to third countries or international organizations, except in cases that may be indicated in this Policy.
- Data processors
Data processors process personal data on behalf of the Data Controller within the framework of the services they provide to the Data Controller. The data processor is also obliged to act in accordance with the provisions of applicable legislation, in particular the GDPR.
The Data Controller uses the server service of Hetzner Online GmbH, during which it has a contractual relationship with Hetzner Online GmbH, which as such qualifies as a data processor. The data is stored in Germany and Finland.
The Data Controller uses Google Analytics and Google Adsense services to analyse the activities of the data subjects on the Website, in the course of which it has a contractual relationship with Google Ireland Limited, which qualifies as an independent data controller, taking into account that it may make independent decisions in order to develop its own services. The purpose of using the services of this data transfer recipient is to help the Data Controller better understand its users (such as how much time they spend using the Website, what they click on, what they do not like). This enables the Data Controller to develop the Website according to user needs, to compile the appropriate advertising audience, to measure conversion between devices, to target advertisements, optimize them for the right audience, to display personalized advertisements and advertisements, and to prepare reports and reports about the Website and its visitor data. This transfer recipient collects data using cookies and other technologies (in particular, IP address, type of device used to access the Website, screen size, unique identifier of device, browser type, country of residence and preferred language).
- Data security measures
The Data Controller shall ensure the security of the data, and shall take the technical and organizational measures and establish the procedural rules that ensure that the recorded, stored or processed data are protected and prevent their destruction, unauthorized use and unauthorized alteration. It also draws the attention of third parties whose data have been transferred to comply with the requirement of data security.
The Data Controller shall ensure that unauthorized persons cannot access, disclose, transmit, modify or delete the processed data. The Data Controller shall do its utmost to ensure that the data are not damaged or destroyed. The above commitment is also required by the Data Controller for any employees participating in its data processing activities or for data processors acting on behalf of the Data Controller.
In the course of data processing by the Data Controller, it stores personal data on its own devices and in the systems of the data processing and data transfer recipients.
In order to prevent unauthorized persons from accessing the data, the Data Controller ensures the preservation of personal data and prevents unauthorized access to its own devices as follows: Access to computers is protected by passwords and firewalls, computers run antivirus. The Data Controller has a Linux system running the IPtables2 program. The Data Controller uses SSL encryption during communication.
- Communication of personal data breaches to data subjects[2]if it occurs
If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall communicate the personal data breach to the data subjects without undue delay in clear and plain language.
The data subject need not be informed if any of the following conditions are met:
- the Data Controller has implemented appropriate technical and organizational protection measures and those measures were applied to the data affected by the personal data breach, in particular those that render the data unintelligible to persons who are not authorised to access the personal data, such as encryption;
- the Data Controller has taken further measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;
- providing information would require disproportionate effort. In such cases, the data subjects shall be informed by means of publicly available information or a similar measure shall be taken to ensure that the data subjects are informed in an equally effective manner.
- Your rights in relation to data processing (rights of data subjects)
In connection with the processing of your personal data by the Data Controller, you have the following rights:
- a) Right of access: You may request information in writing from the Data Controller as to whether or not your personal data are being processed using the contact details provided in Section 10 and, if such processing is in progress, you have the right to obtain access to the personal data and the information contained in this prospectus.
The Data Controller shall provide you with a copy of the personal data undergoing processing upon request. For further copies requested by you, the Data Controller may charge a reasonable fee based on administrative costs. If you submitted the request electronically, the Data Controller’s reply letter will also arrive to you – if possible – electronically, unless you request otherwise.
- b) Right to rectification: You may request in writing from the Data Controller without undue delay the rectification of inaccurate personal data concerning you via the contact details provided in Section 10, and you also have the right to request completion of incomplete personal data.
- c) Right to erasure (“right to be forgotten”): You may request the Data Controller in writing to erase personal data concerning you without delay using the contact details provided in Section 10 and the Data Controller shall be obliged to erase personal data concerning you without delay if one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you object to the processing and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data must be erased for compliance with a legal obligation under applicable Union or national law of the Data Controller.
The above provisions under point (c) of this point shall not apply where (i) it is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject to the processing or (ii) the processing is necessary for the establishment, exercise or defence of legal claims.
- d) Right to restriction of processing: You may request in writing through the contact details provided in Section 10 that the Data Controller restrict processing if one of the following applies:
- you contest the accuracy of the personal data, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the data and request the restriction of their use instead;
- the Data Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
- you have objected to the processing; in this case, the restriction applies for the period until it is established whether the legitimate reasons of the Data Controller override your legitimate reasons.
In the event of restriction, personal data subject to this may only be processed, with the exception of storage, with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
The Data Controller shall inform you in advance of the lifting of the restriction of processing.
- e) Right to data portability: You may request in writing that you receive the personal data concerning you and provided by you to the Data Controller in a structured, commonly used and machine-readable format using the contact details provided in Section 10 and request that these data be transmitted to another controller without hindrance from the Data Controller. You also have the right to obtain from the controller, where technically feasible, the direct transmission of personal data to another controller.
You have the right to data portability if the legal basis for the Data Controller’s processing is your consent or the performance of a contract concluded with you; and data processing is carried out by automated means.
- f) Right of withdrawal: If processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. In case of withdrawal of consent, the Data Controller shall delete the relevant data permanently and irretrievably.
- g) Right to redress:
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. The complaint may be lodged with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11.; telephone: +36 1 391 1400; fax: +36 1 391 1410; www.naih.hu; ugyfelszolgalat@naih.hu).
Right to go to court: You have the right to a judicial remedy if you consider that your rights under the GDPR have been infringed as a result of the processing of your personal data in non-compliance with the GDPR. Proceedings against the controller shall be brought before the courts of the Member State in which the controller has an establishment. Such proceedings may also be brought before the courts of your Member State of habitual residence.
- Exercise of data subject’s rights
You may request the enforcement of your data subject rights specified in Section 9 or further information regarding the processing of your personal data from the Data Controller by e-mail (info@livestocker.eu). Please keep in mind that – in your interest – we will only be able to provide you with information or take action regarding the processing of your personal data if you have credibly verified your identity.
The Data Controller shall provide information on the measures taken in response to your request within the shortest possible time from the submission of the request, but no later than within one month, in a concise, transparent, intelligible and easily accessible form, in writing – orally at your request. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. The Data Controller shall inform you of the extension of the deadline within one month of receipt of the request, indicating the reasons for the delay. If you submitted your request electronically, the Data Controller will provide the information – if possible – electronically, unless you request otherwise.
Information and measures shall be provided free of charge. If your request is manifestly unfounded or excessive, in particular because of its repetitive character, the Data Controller, taking into account the administrative costs involved in providing the requested information or communication or taking the action requested, may: (i) charge a reasonable fee, or (ii) refuse to act on the request. The burden of proving the manifestly unfounded or excessive nature of the request lies with the Data Controller.
The Data Controller shall communicate points 9 b) to d) (i.e. any rectification, erasure or restriction of processing) to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. At your request, the Data Controller shall inform you of these recipients.
- Personal data relating to children and third parties
Persons under the age of 16 are not allowed to provide personal data about themselves, unless permission has been requested from a person exercising parental authority. By providing personal data to the Data Controller, the parent, as a data subject, declares and warrants that he/she acts in accordance with the above, and his/her capacity to act in connection with the provision of the data is not limited.
If you are not legally entitled to provide any personal data on your own, you are obliged to obtain the consent of the third parties concerned (e.g. legal representative, guardian, other person – such as a consumer – on whose behalf you are acting) or provide another legal basis for providing the data. In this context, you are obliged to consider whether the consent of a third party is required in connection with the provision of the personal data in question. It may happen that the Data Controller does not have a personal relationship with you, so compliance with this clause is your responsibility and the Data Controller is not liable in this regard. Regardless of this, the Data Controller is always entitled to check whether the appropriate legal basis is available for processing any personal data. For example, if you are acting on behalf of a third party, such as a consumer, the Data Controller has the right to request your authorisation and/or the relevant consent of the person concerned to process the relevant data.
The Data Controller shall make every effort to delete any personal data that has been unlawfully provided to it. The Data Controller ensures that if it becomes aware of this, this personal data will not be transmitted to anyone else or used by the Data Controller.
Please inform us immediately at the contact details specified in Section 10 if you become aware that a third party has unlawfully provided personal data about you to the Data Controller.
[1] Small data files that are placed on the user’s computer (or other devices such as mobile phones) by the website you are visiting. The purpose of the cookie is to make the given infocommunication and internet service easier, more convenient, and to provide information to the owner of the website. There are several varieties, but they are usually divided into two large groups. One type is a temporary cookie, which the website only places on the user’s device during a specific session (e.g. during security identification), the other type is a permanent cookie (e.g. recording persistent settings), which remain on your device for a longer period of time (this also depends on the settings of your device or browser).
[2] Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.