TickerBell Privacy Policy
1. Purpose and scope of the Policy
(1) The purpose of this privacy policy (hereinafter referred to as the "Policy") is to set out the privacy policy of Ticker bell Kft. (hereinafter referred to as the "Controller") in respect of its website at https://tickerbell.biz/, to ensure that the constitutional principles of data protection, the right to information self-determination and the requirements of data security are complied with, and that, within the framework of the law, everyone has access to his or her personal data, can find out the circumstances of their processing, and is prevented from unauthorized access, alteration and unauthorized disclosure of the data. Furthermore, this Policy is intended to provide information to data subjects on the data management practices of the Controller.
(2) The scope of present Policy applies only to the processing of data on https://tickerbell.biz/.
2. Governing legislation
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation; hereinafter "GDPR")
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as "the Information Act")
- Act V of 2013 on the Civil Code (hereinafter "Civil Code")
- Act CXXX of 2016 on the Code of Civil Procedure (hereinafter referred to as the "Code")
- Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (hereinafter referred to as the "Act on electronic commerce services")
- Act CL of 2017 on the Rules of Taxation (hereinafter referred to as the "Art.")
- Act XLVIII of 2008 on the Fundamental Conditions and Certain Restrictions of Economic Advertising Activities (hereinafter referred to as the "Advertising Act")
3. Data of the Controller
The current data of the Controller are the following:
- Name: Ticker bell Korlátolt Felelősségű Társaság
- Head office: 1138 Budapest, Népfürdő utca 22 B. torony. ép. 15. em.
- Company registration number: 01-09-332696
- Tax number: 26570943-2-41
- E-mail address: info@tickerbell.biz
4. Scope of personal data processed, purpose, duration and legal basis of the processing
(1) The data subjects are obliged to provide all the information to the best of their knowledge and accurately.
(2) If the data subject does not provide his or her own personal data, the data subject is obliged to obtain the consent of the data subject.
(3) If the Controller transfers the data to processors or other third parties, the Controller shall keep a record of these. The record of the data transfer shall include the recipient of the data transfer, the method and time of the transfer and the scope of the data transferred.
(4) Data processing related to certain activities of the Controller:
a. Creating/Login to profileon the website
Legal basis for processing: performance of a contract
Data processed: e-mail address, password; or by Google or LinkedIn
profile Platform for data management: electronic
Deadline for deletion of data: by deleting the account
Possible consequences of non-disclosure: inability to use the features of the websiteIn case of Google account the name, e-mail address and the profile picture will be shared with Controller.In case of LindeIn account the shared data depends on the privacy settings of the LindekIn account of each user.
b. Registration for online events
Legal basis for processing: performance of a contract
Data processed: login data as per Paragraph a., date and name of the event
Platform for data management: electronic
Deadline for deletion of data: by the end of the event
Possible consequences of non-disclosure: inability to participate at the online event
c. Cookies
Name of the cookie | Description | Duration | Type |
---|---|---|---|
_ga_* | Google Analytics sets this cookie to store and count page views. | 1 year 1 month 4 days | Analytics |
_ga | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. | 1 year 1 month 4 days | Analytics |
_hjSessionUser_* | Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. | 1 year | Analytics |
_hjSession_* | Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site. | 1 hour | Analytics |
hjActiveViewportIds | This cookie contains an ID string on the current session. This contains non-personal information on what subpages the visitor enters – this information is used to optimize the visitor's experience. | never | Other |
lastAppPathName | - | never | Other |
hjViewportId | A session storage item that stores the user viewport details such as size and dimensions | session | Other |
d. Billing
Legal basis for processing: compliance with legal obligations
Data processed: name; address
Data management platform: invoices are issued through the use of an electronic database
Purpose of processing: to comply with a legal obligation
Data processor: Keller & Szentes Számviteli Szolgáltató Kft. (VAT ID: 32122477-2-41)
Legal basis for the transfer: legitimate interest of the Controller
Deadline for deletion: 9 years after the invoice is issued
Possible consequences of non-disclosure: there is no legal obligation to withhold data
Online payment is issued via Stripe Technology Europe, Limited which has its principal place of business at The One Building, 1, Lower Grand Canal Street, Dublin 2, Ireland. No banking data is being transferred from Stripe to the Controller. For further information please visit https://stripe.com/en-hu/privacy.
5. Rights of data subjects, remedies
(1) Data subjects may at any time request information in writing from the Controller about the processing of their personal data processed by the Controller, request erasure or modification, and withdraw their consent previously given by contacting the Controller at the contact details provided in section 3.
(2) The data subject may not exercise his or her right to erasure in the case of processing required by law.
(3) Content of the right to information: At the request of the data subject, the Controller shall provide the data subject with the information listed in Articles 13 and 14 of the GDPR and the information referred to in Articles 15 to 22 and 34 of the GDPR in a concise and plain language.
(4) Content of the right of access: upon request of the data subject, the Controller shall provide information on whether or not data processing concerning him or her is in progress at the Controller. If the Controller is processing data relating to the applicant, the data subject shall have the right of access to the following information:
a. Personal data relating to him or her;
b. the purpose(s) of the processing;
c. the categories of personal data concerned;
d. the persons to whom the data subject's data have been or will be disclosed;
e. the duration of data storage;
f. the right to rectification, erasure and restriction of processing;
g. the right to apply to a court or supervisory authority;
h. the source of the data processed;
i. profiling and/or automated decision-making, and the details and practical implications of their use;
j. the transfer of processed data to a third country or international organisation.
(5) In the event of a request for data as described above, the Controller shall provide the data subject with a copy of the data processed by the Controller in accordance with the request. Upon specific request, it is possible to request the Controller to deliver the data by electronic means.
(6) The Controller charges an administration fee of EUR 5,- per page for each additional copy.
(7) The deadline for the release of the requested data is 30 days from the date of receipt of the request.
(8) The right to rectification: the data subject may request the rectification of inaccurate data relating to him or her processed by the Controller.
(9) Right to erasure: If any of the following grounds apply, the Controller shall, at the data subject's request, erase the data concerning the data subject as soon as possible and in any event within 5 working days:
a. The data was processed unlawfully (without legal authorisation or personal consent);
b. the processing is unnecessary for the achievement of the original purpose;
c. the data subject withdraws consent to the processing and the Controller has no other legal basis for the processing;
d. the data in question were collected in connection with the provision of information society services;
e. the personal data must be erased in order to comply with the legal obligations applicable to the Controller.
(10) The erasure of data will not be possible if the processing is still necessary for any of the following:
a. Further processing is necessary to comply with the legal requirements applicable to the Controller;
b. necessary for the exercise of the right to freedom of expression and information;
c. in the public interest;
d. for archiving, scientific, research or statistical purposes;
e. to assert or defend legal claims.
(11) Right to restriction of processing: if any of the following grounds apply, the Controller shall restrict processing at the request of the data subject:
a. The data subject contests the accuracy of the data relating to him or her, in which case the restriction applies for the period of time until the accuracy or correctness of the data in question can be verified to a reasonable degree;
b. the data processing is unlawful, but the data subject requests that it not be erased, but only that the processing be restricted;
c. the data are no longer necessary for the purposes of processing, but the data subject requests their retention for the purpose of exercising or defending legal claims;
(12) Where the Controller imposes a restriction on any data processed, it shall process the data concerned during the period of the restriction only if and to the extent that:
a. The data subject consents to this;
b. necessary to assert or defend legal claims;
c. necessary to assert or defend the rights of another person;
d. necessary for the protection of the public interest.
(13) Right of withdrawal: the data subject has the right to withdraw his or her consent given to the Controller at any time, in writing. In the event of such a request, the Controller shall immediately and permanently delete all data which it has processed in relation to the data subject and the further storage of which is not required by law or is not necessary for the exercise or defence of legitimate interests. The lawfulness of the processing carried out until the withdrawal of consent shall not be affected by such withdrawal.
(14) The right to data portability: the data subject has the right to request the transfer of data relating to him or her by the Controller to another controller in a commonly used format readable by computer software. The Controller shall comply with the request as soon as possible and in any event within 30 days.
(15) Automated decision making and profiling: the data subject has the right not to be subject to a decision based solely on automated processing (such as profiling) which would have legal effects concerning him or her or otherwise adversely affect him or her. This right shall not apply if:
a. the processing is necessary for the conclusion or performance of a contract between the data subject and the controller;
b. the data subject explicitly consents to the use of such a procedure;
c. is authorised by law;
d. necessary to assert or defend legal claims.
6. Contact
(1) The e-mails received during the contact with the Controller and their contents (in particular the name and address of the sender, the date, attachments) will be stored by the Controller for 5 years and then deleted. Exceptions to this rule are communications whose content is considered insignificant by the Controller, which will delete it within 30 days.
7. How the data is stored, how it is secured
(1) The Controller shall keep the data it processes, both in paper and electronic form, at its headquarters.
(2) Exceptions to point (1) are data stored by the Controller's processors, which are kept at the data processors' headquarters.
(3) The Controller uses an IT system for its operations that ensures that the data:
a. be verifiable (data integrity);
b. the authenticity of the data (authenticity of processing);
c. be accessible to those who are entitled to them (availability);
d. and to be protected against unauthorised access (data confidentiality).
(4) Data protection covers in particular:
a. unauthorised access;
b. to change;
c. for transmission;
d. for deletion;
e. for disclosure;
f. accidental damage;
g. accidental destruction;
h. and inaccessibility due to changes in the technology used.
(5) The Controller shall use state-of-the-art solutions providing an adequate level of security to protect the electronically processed data. In assessing adequacy, particular emphasis shall be placed on the level of risk posed by the processing of the data by the Controller. IT security shall ensure that the data stored cannot be directly attributed or linked to data subjects (unless permitted by law).
(6) The Controller shall ensure in the course of its processing that:
a. the authorised person can access the data when he or she needs it;
b. only those who are authorised to access the information;
c. the accuracy and completeness of the information and the processing method are protected.
(7) The Controller and any data processors it may use shall at all times protect its IT systems against fraud, espionage, viruses, intrusions, damage and natural disasters. The Controller (or its processor) shall apply server-level and application-level security procedures.
(8) Messages transmitted to the Controller via the Internet, in whatever form, are at increased risk of network threats that could lead to modification of information, access by unauthorized persons, or other illegal activity. However, the Controller will do everything reasonably practicable and reasonable in the state of the art to prevent such threats. To this end, the systems in place are monitored to record security anomalies, to obtain evidence of a security incident and to verify the effectiveness of the precautions taken.
8. Procedural regulations
(1) If the Controller receives a request pursuant to Articles 15-22 of the GDPR, the Controller shall inform the data subject in writing of the action taken on the request as soon as possible and in any event within 30 days.
(2) Where justified by the complexity of the request or other objective circumstances, the above deadline may be extended once, up to a maximum of 60 days. The Controller shall notify the data subject in writing of any extension of the time limit, together with the reasons for the extension.
(3) The controller shall provide the information free of charge unless:
a. the data subject repeatedly requests information/action on substantially unchanged content;
b. the application is manifestly unfounded;
c. the request is excessive.
(4) In cases under point (3), the Controller is entitled to:
a. refuse the request;
b. to make the execution of the request subject to the payment of a reasonable fee.
(5) If the applicant requests the data to be provided on paper or on an electronic storage medium (CD or DVD), the Controller will provide a copy of the data concerned free of charge in the requested format (unless the chosen platform would present a disproportionate technical difficulty). For each additional copy requested, an administration fee of EUR 10 per page/CD-DVD will be charged.
(6) The Controller shall notify any rectification, erasure or restriction carried out by it to all persons to whom the data concerned were previously disclosed, unless such notification is impossible or involves a disproportionate effort.
(7) If the data subject so requests, the Controller shall inform him/her of the persons to whom his/her data have been disclosed.
(8) The controller shall provide its response to the request in electronic form, unless:
a. the data subject explicitly requests a different response and it does not impose an unreasonably high additional burden on the Controller;
b. the Controller does not know the electronic contact details of the data subject.
9. Compensation
(1) If any data subject suffers pecuniary or non-pecuniary damage as a result of a breach of the data protection legislation, he or she has the right to claim compensation from the Controller and/or the Data Processor. Where both the Controller and the processor(s) are involved in the infringement, they shall be jointly and severally liable for the damage suffered.
(2) The data processor shall be liable for the damage suffered only if it has breached the provisions of the applicable data protection legislation specifically applicable to data processors or if the damage has occurred as a result of its failure to comply with the instructions of the Controller.
(3) The Controller or any data processor shall be liable only if they cannot prove that they are not responsible for the event or circumstance giving rise to the damage.
10. Remedies
(1) If you have any objections or problems regarding the Controller's data processing, please contact the Controller.
(2) If the data subject considers that his or her rights have been infringed by the Controller and/or the processors, he or she has the right to apply to the competent Hungarian court under the Hungarian Civil Procedure Code. The court shall rule on the matter out of turn.
(3) If the data subject wishes to lodge a complaint regarding the processing of personal data, he or she may do so at the Hungarian National Authority for Data Protection and Freedom of Information, at the following contact details: headquarters: 1055 Budapest, Falk Miksa utca 9-11.; postal address: 1363 Budapest, Pf.: 9. Phone: 06-1/391-1400; fax: 06-1/391-1410; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu.
11. Cooperation between authorities
(1) The Controller shall, where it receives a formal request from the competent authorities, provide the personal data concerned on a mandatory basis.
(2) The Controller shall only disclose data in the cases referred to in point (1) which are strictly necessary for the purpose of achieving the aim stated by the requesting authority.