Privacy policy

1. Privacy policy

1 Purpose of the Privacy Policy

The goal of our Privacy Policy is to provide all necessary information about processing your personal data related to the GYŐRBIKE public bike rental system available on www.gyorbike.hu in a concise, transparent, intelligible and easily accessible form, using clear and plain language, and assist the Data subjects in exercising their rights under Section 5.

In the Privacy Policy, we may define you as “data subject”, or “contact person of our business partners” in the following. You may find further definitions concerning your personal data within the Appendix of the current Privacy Policy.

The legal basis of our duty to communicate information is Article 12 of Regulation 2016/679 of the European Parliament and Council (hereinafter referred to as: GDPR), Section 16 of Act CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter referred to as Information Act) and Section 4 of Act CVIII of 2011 on electronic commerce and on information society services (hereinafter referred to as Electronic Commerce Act).

The Privacy Policy was prepared by taking into account the GDPR, the Information Act and further legal acts relevant from the viewpoint of specific data processing. The list of the legal acts is detailed in Annex 10.1, the main concepts and definitions are determined in Annex 10.2 and the detailed information on the right of the data subject is included in Annex 10.3 of the Privacy Policy.

During the drafting and applying this Privacy Policy, we proceeded in the spirit of the findings of the recommendation of the Hungarian National Authority for Data Protection and Freedom of Information on the data protection requirements of prior information and Article 5 of the GDPR, especially the principle of accountability laid down in Article 5, Paragraph 2 thereof.

We also monitor the practice of the European Union with regard to the protection of personal data, accordingly, we shall also implement the findings of Article 29 Working Party of the European Commission in its Guideline on Transparency into our data processing practice.

2 Data of the Controller
 

Controller I: Municipality of Győr City of County

Location: 9021 Győr, Városház tér 1.

E-mail: gyor@gyor-ph.hu
 

Tax Nr.: 15466004-2-08

Tel: 06 / 96 500 100
 

Controller II: Győr Projekt Kft.

Location: 9025 Győr, Radnóti Miklós utca 46.

Tax Nr.: 23186855208

E-mail: GYORPROJEKT@GYORPROJEKT.HU

Tel.: +36 - 96 / 998 - 331

Data Protection Officer: Dr. Erős László Péter

E-mail: info@dreroslaszlo.hu

Tel: + 36 30 650 1718


3 The circumstances of data processing and data processing procedures

The bicycle rental system of the Municipality of Győr City of County Rights, operated by Győr Projekt Kft., is a newly implemented environmentally friendly initiative that combines the freedom of individual transport with the reliability of fixed-track transport. The GYŐRBIKE aims to reduce air pollution, congestion and noise in the city by increasing the number of people using bicycles as part of their daily lives. The public transport system offers a total of 100 electric bikes for hire in the city, which can be rented at one of the 10 collection stations and then dropped off at any station. To use this service, you need to register in advance on the website as an occasional renter and purchase a GYŐRBIKE pass as a regular user. The related data management processes are carried out in accordance with the GDPR, Act CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter referred to as Information Act) and Act CVIII of 2011 on electronic commerce and on information society services (hereinafter referred to as Electronic Commerce Act). In this chapter, we set out the basic circumstances of the processing of data in the course of providing the service.

3.1 Data processing concerning communication

It is possible to connect us through our availability located on the website. Also, by communicating with our business partners, we process the personal data of their contact person. The details of these processing are described hereunder.

3.1.1. Processed personal data and purpose of processing

PERSONAL DATA

PURPOSE OF PROCESSING

LEGAL BASIS OF PROCESSING

NAME

Identification of the User

The User’s consent (article 6 section 1 a) of GDPR) in the case that the User is a natural person;

The processing is necessary for the performance of a task carried out in the public interest (article 6 section 1 e) of GDPR) in the case that the User is a contact person of a legal person

E-MAIL ADDRESS

contacting and communication with the User

The User’s consent (article 6 section 1 a) of GDPR) in the case that the User is a natural person;

The processing is necessary for the performance of a task carried out in the public interest (article 6 section 1 e) of GDPR) in the case that the User is a contact person of a legal person

PHONE NUMBER

contacting and communication with the User

The User’s consent (article 6 section 1 a) of GDPR) in the case that the User is a natural person;

The processing is necessary for the performance of a task carried out in the public interest (article 6 section 1 e) of GDPR) in the case that the User is a contact person of a legal person

3.1.2. Legal basis of processing

If a natural person User contacts us through our website, we process his or her personal data according to point 3.1.1. on his or her freely given consent that he or she provides us in the moment of connecting us by phone or email (article 6 (1) a) of GDPR).

If we use the User's data for a purpose other than the original purpose for which it was collected (e.g. the original purpose was contacting and we transfer data to a lawyer), we will inform the User and obtain his or her prior explicit consent or give him or her the opportunity to object to such use of personal data.

The above personal data of the contact person of a legal person are processed by the data controller as a municipality-owned company, in connection with a public interest-task (operation of a community bicycle rental system) on behalf of the Municipality of the City of Győr (Article 6 (1) e) of the GDPR). It is in the interest of both parties to ensure effective communication during the use of the Website and any partner consultations and to be able to provide information to each other's designated representative about any material circumstances affecting the contract between the parties. No infringement of the right of informational self-determination of the contact person of a legal person can be established because of his/her professional or contractual obligation to facilitate communication between the parties and to provide personal data for this purpose. The contact person of a legal person may object to this processing.

3.1.3. Duration of the processing

We will process the personal data provided until the deletion operation is carried out on the basis of the withdrawal of consent or the announcement of objection. You may withdraw your consent or announce your objection at any time. Withdrawal of consent does not affect the lawfulness of processing based on the consent prior to its withdrawal.

In relation to the processing of the personal data of our business partners’ contact persons, we process their personal data until the personal data are no longer necessary in relation to the purposes for which they were collected or as long as it is possible according to the relevant acts (pursuant to the Hungarian Civil Code, 5 years following the performance or the termination of the contract, or 8 years following invoicing, in accordance with the Hungarian accounting act).

3.1.4. Mode of processing

Your personal data are collected in electronic form.

3.2 Registration and Users’ profile

To use the GYŐRBIKE system, Occasional Renters must register on www.gyorbike.hu, or in the GYŐRBIKE app where they create a user account. Details of the data processing associated with registration are set out below.

3.2.1. Processed personal data and purpose of processing

PERSONAL DATA

PURPOSE OF PROCESSING

LEGAL BASIS OF PROCESSING

NAME

Identification of the User

Fulfillment of the contract (article 6 section 1 b) of GDPR)

ADDRESS (COUNTRY, CITY, POSTAL CODE, STREET)

contact with the User during the performance of the contract

Fulfillment of the contract (article 6 section 1 b) of GDPR)

E-MAIL ADDRESS

contact with the User during the performance of the contract

Fulfillment of the contract (article 6 section 1 b) of GDPR)

PHONE NUMBER

contact with the User during the performance of the contract

Fulfillment of the contract (article 6 section 1 b) of GDPR)

PASSWORD

maintaining the security of the User’s profile, performing technical operations

Fulfillment of the contract (article 6 section 1 b) of GDPR)

ANY DATA RELATED TO ONLINE PAYMENT TRANSACTIONS (BANK CARD NUMBER, PAYMENT TRANSACTION ID)

enabling the payment of the service fee, preparing the invoice

Fulfillment of the contract (article 6 section 1 b) of GDPR)

RENTAL DATA (UNIQUE BIKE IDENTIFIER, LOCATION, RENTAL TIME, DURATION)

providing services

Fulfillment of the contract (article 6 section 1 b) of GDPR)

3.2.2 Legal basis of processing

The processing of data is necessary for the performance of the contract (general terms and conditions and/or individual contract) concluded between the User and Győr Projekt Kft. (Article 6 (1) (b) GDPR), as the use of the occasional bicycle rental service requires prior registration and login via the Website or the application.

Pursuant to Paragraph (1) of Article 13/A of the Electronic Commerce Act, the service provider may process the natural person identification data and the address of the user necessary for the identification of the user for the purpose of creating, defining the content of, amending, monitoring the performance of, billing the fees arising from, and enforcing claims in connection with the contract for the provision of information society services. Pursuant to paragraph 2, the service provider may, for the purposes of billing for the charges resulting from a contract for the provision of an information society service, process natural person identification data, the address, and data relating to the time, duration and place of use of the information society service. Pursuant to paragraph 3, the provider may, in addition to paragraph 2, process personal data which are technically necessary for the provision of the service.

In accordance with the provisions of the Electronic Commerce Act, Győr Projekt Kft. processes only the personal data necessary for the provision of the service. In the case of regular bicycle renters and renters, Győr Projekt Kft. also processes the personal data of Users for the performance of the contract, since - although registration is not a prerequisite for the use of services in the case of the purchase of GYŐRBIKE cards and rentals - if the User registers on the Website or downloads the application and uses his/her user account, he/she will use the digital services of Győr Projekt Kft., which are subject to the General Terms and Conditions of Győr Projekt Kft. as Service Provider.

3.2.3. Duration of processing

Occasional Users’ personal data will be automatically deleted 1 year after the deletion of the user’s profile.

3.2.4. Mode of processing

Your personal data are collected in electronic form.

3.3 Use of the Application

Registered Users have the possibility to rent a bike through the GYŐRBIKE application, and to use other services. The details of the data processing in this regard are described below.

3.3.1. Processed personal data and purpose of processing

PERSONAL DATA

PURPOSE OF PROCESSING

LEGAL BASIS OF PROCESSING

NAME

Identification of the User

Fulfillment of the contract (article 6 section 1 b) of GDPR)

ADDRESS (COUNTRY, CITY, POSTAL CODE, STREET)

contact with the User during the performance of the contract

Fulfillment of the contract (article 6 section 1 b) of GDPR)

E-MAIL ADDRESS

contact with the User during the performance of the contract

Fulfillment of the contract (article 6 section 1 b) of GDPR)

PHONE NUMBER

contact with the User during the performance of the contract

Fulfillment of the contract (article 6 section 1 b) of GDPR)

PASSWORD

maintaining the security of the User’s profile, performing technical operations

Fulfillment of the contract (article 6 section 1 b) of GDPR)

ANY DATA RELATED TO ONLINE PAYMENT TRANSACTIONS (BANK CARD NUMBER, PAYMENT TRANSACTION ID)

enabling the payment of the service fee, preparing the invoice

Fulfillment of the contract (article 6 section 1 b) of GDPR)

RENTAL DATA (UNIQUE BIKE IDENTIFIER, LOCATION, RENTAL TIME, DURATION)

providing services

Fulfillment of the contract (article 6 section 1 b) of GDPR)

3.3.2 Legal basis of processing

The processing of data is necessary for the performance of the contract (general terms and conditions and/or individual contract) concluded between the User and Győr Projekt Kft. (Article 6 (1) (b) GDPR), as the use of the occasional bicycle rental service requires prior registration and login via the Website or the application.

Pursuant to Paragraph (1) of Article 13/A of the Electronic Commerce Act, the service provider may process the natural person identification data and the address of the user necessary for the identification of the user for the purpose of creating, defining the content of, amending, monitoring the performance of, billing the fees arising from, and enforcing claims in connection with the contract for the provision of information society services. Pursuant to paragraph 2, the service provider may, for the purposes of billing for the charges resulting from a contract for the provision of an information society service, process natural person identification data, the address, and data relating to the time, duration and place of use of the information society service. Pursuant to paragraph 3, the provider may, in addition to paragraph 2, process personal data which are technically necessary for the provision of the service.

In accordance with the provisions of the Electronic Commerce Act, Győr Projekt Kft. processes only the personal data necessary for the provision of the service. In the case of regular bicycle renters and renters, Győr Projekt Kft. also processes the personal data of Users for the performance of the contract, since - although registration is not a prerequisite for the use of services in the case of the purchase of GYŐRBIKE cards and rentals - if the User registers on the Website or downloads the application and uses his/her user account, he/she will use the digital services of Győr Projekt Kft.., which are subject to the General Terms and Conditions of Győr Projekt Kft. as Service Provider.

3.3.3. Duration of processing

Occasional Users’ personal data will be automatically deleted 1 year after the deletion of the user’s profile.

3.3.4. Mode of processing

Your personal data are collected in electronic form.

3.4 Data processing related to occasional rent

Occasional bike rental is available after prior registration and login to your user account. The details of the data management are described below.

3.4.1. Processed personal data and purpose of processing

PERSONAL DATA

PURPOSE OF PROCESSING

LEGAL BASIS OF PROCESSING

LENDER’S NAME AND OTHER PERSONAL DATA PROVIDED DURING REGISTRATION (NAME, E-MAIL ADDRESS, PHONE NUMBER)

providing services

Fulfillment of the contract (article 6 section 1 b) of GDPR)

RENTAL DATA (UNIQUE IDENTIFIER OF THE BIKE, PLACE, TIME AND DURATION OF THE RENTAL)

providing services

Fulfillment of the contract (article 6 section 1 b) of GDPR)

ANY DATA RELATED TO ONLINE PAYMENT TRANSACTIONS (BANK CARD NUMBER, PAYMENT TRANSACTION ID)

enabling the payment of the service fee, preparing the invoice

Fulfillment of the contract (article 6 section 1 b) of GDPR)

3.4.2. Legal basis of processing

The processing is necessary for the performance of the contract (general terms and conditions and/or individual contract) concluded between the User and Győr Projekt Kft. (Article 6 (1) (b) GDPR).

3.4.3. Duration of processing

Until the end of the 1st year after the service has been provided.

3.4.4. Mode of processing

Your personal data are collected in electronic form.

3.5 Use of the GYŐRBIKE Card

Regular Users can purchase a monthly, half-yearly or annual pass, or top up their GYŐRBIKE card with a balance that can be used during the validity period of their pass. The GYŐRBIKE card is a plastic card with an unique ID that entitles the cardholder to rent a bicycle, which the User can use to start the rental directly at the dock.

3.5.1. Processed personal data and purpose of processing

PERSONAL DATA

PURPOSE OF PROCESSING

LEGAL BASIS OF PROCESSING

THE CARDHOLDER'S NAME AND IDENTITY, ADDRESS AND CONTACT DETAILS (ADDRESS, E-MAIL ADDRESS, TELEPHONE NUMBER)

identification, contact, information

Fulfillment of the contract (article 6 section 1 b) of GDPR)

UNIQUE ID OF THE GYŐRBIKE CARD

Identification of the cardholder's access rights to use the service

Fulfillment of the contract (article 6 section 1 b) of GDPR)

DATA INCLUDED IN THE CARD RENTAL CONTRACT CONCLUDED BETWEEN GYŐR PROJEKT KFT. AND THE RENTER (RENTER'S PERSONAL DATA, ADDRESS)

providing the service, contracting the terms of the service, securing the legal claims of the parties

Fulfillment of the contract (article 6 section 1 b) of GDPR)

3.5.2. Legal basis of processing

The processing is necessary for the performance of the contract (general terms and conditions and/or individual contract) concluded between the User and Győr Projekt Kft. (Article 6 (1) (b) GDPR).

3.5.3. Duration of processing

Until the use of the GYŐRBIKE card, or until the end of the 5th year after the service has been provided - until the limitation period for legal claims arising from the contract with the User.

3.5.4. Mode of processing

Your personal data are collected in electronic form and through the GYŐRBIKE Card.

3.6 Invoicing

During the cooperation with the Organizers, with regard to Act C of 2000 on accounting (hereinafter referred to as Accounting Act), we shall issue an accounting document. The details of such processing are described hereunder.

3.6.1. Processed personal data and purpose of processing

PERSONAL DATA

PURPOSE OF PROCESSING

LEGAL BASIS OF PROCESSING

NAME ON THE INVOICE

supporting the accounting treatment of the performance of the order (economic event)

Complying with legal obligation (article 6 section 1 c) of GDPR)

ADDRESS/REGISTERED SEAT IN CASE OF SOLE PROPRIETORS (ZIP CODE, CITY, STREET NAME, HOUSE NUMBER TOGETHER)

supporting the accounting treatment of the performance of the order (economic event)

Complying with legal obligation (article 6 section 1 c) of GDPR)

TAX NUMBER OF THE SOLE PROPRIETOR

supporting the accounting treatment of the performance of the order (economic event)

Complying with legal obligation (article 6 section 1 c) of GDPR)

3.6.2. Legal basis of processing

Processing is necessary for compliance with legal obligations (with regard to Article 6, Paragraph 1, Point f) of GDPR, Section 5, Subsection 1, Paragraph b) of Information Act and Section 166, Subsections 1 to 3 of the Accounting Act).

3.6.3. Duration of processing

8 years after the issuance of the accounting document (with regard to Section 166, Subsection 6 of the Accounting Act, Section 169, Subsection 1 of the Accounting Act).

3.6.4. Mode of processing

Personal data are collected in electronic form or are stored paper-based.

By taking into account the provisions of the legal act on the rules of the digital archiving, the accounting document issued in electronic form shall be stored in a manner that the applied method shall ensure the provision and continuous readable form of all of the data of the document without delay and that excludes the possibility of subsequent modification.

3.6.5. Provision of personal data

Since we cannot perform our accounting obligations without knowing the concerning personal data, the provision of personal data is a statutory requirement.

3.7 Newsletters

In order to keep our Users up to date with the latest information, they can subscribe to our newsletter. The following information applies to the processing of data in this context:

3.7.1. Processed personal data and purpose of processing

PERSONAL DATA

PURPOSE OF PROCESSING

LEGAL BASIS OF PROCESSING

NAME

to address the user

The User’s consent (article 6 section 1 a) of GDPR)

E-MAIL ADDRESS

connecting the user by newsletter

The User’s consent (article 6 section 1 a) of GDPR)


3.7.2. Legal basis of processing

The data subject's consent (article 6 (1) a) of GDPR) given by subscribing to the newsletter, which the subscriber may withdraw at any time by sending a declaration to this effect to our contact details above or by unsubscribing from the newsletter.

3.7.3. Duration of processing

We will process the personal data provided until the deletion operation is carried out on the basis of the withdrawal of consent. You may withdraw your consent or announce your objection at any time. Withdrawal of consent does not affect the lawfulness of processing based on the consent prior to its withdrawal.

3.7.4. Mode of processing

Personal data are collected automatically and manually, in electronic form.

3.8 Complaint management

Users may contact us by e-mail or telephone to ask questions or to investigate any complaints. Details of the processing of data in this regard are set out below.

3.8.1. Processed personal data and purpose of processing

PERSONAL DATA

PURPOSE OF PROCESSING

LEGAL BASIS OF PROCESSING

NAME

identification

Complying with legal obligation (article 6 section 1 c) of GDPR, section 5 article 1 point b of Information Act, Act CLXV of 2013)

PHONE NUMBER

contacting and providing information to the complainant

Complying with legal obligation (article 6 section 1 c) of GDPR, section 5 article 1 point b of Information Act, Act CLXV of 2013)

ANY OTHER PERSONAL DATA PROVIDED IN THE COMPLAINT (FOR EXAMPLE: THE COMPLAINANT'S IDENTITY, ADDRESS)

identification, contacting and providing information to the complainant, investigation of the complaint

Complying with legal obligation (article 6 section 1 c) of GDPR, section 5 article 1 point b of Information Act, Act CLXV of 2013)

3.8.2. Legal basis of processing

Processing is necessary for compliance with a legal obligation; with regard to section 6 paragraph 1 point f of GDPR, section 5 article 1 point b of Information Act and Act CLXV of 2013 on Complaints and Public Interest Disclosures.

3.8.3. Duration of processing

Pursuant to Article 1 (4) and Article 10 of Act CLXV of 2013 on Complaints and Public Interest Disclosures., for 5 years from the date of receipt of the complaint.

3.8.4. Mode of processing

Personal data are collected in electronic form or are stored paper-based.

3.9 Data processing in relation to the rights of withdrawal/cancellation

If the User wishes to exercise his/her right of withdrawal/cancellation pursuant to Article 20 of Government Decree 45/2014. (II.26.) on Detailed Rules governing contract concluded between consumers and businesses esses ("Government Decree"), we are obliged to ensure that the consumer can exercise it. Details of the processing of data in this regard are set out below.

3.9.1. Processed personal data and purpose of processing

PERSONAL DATA

PURPOSE OF PROCESSING

LEGAL BASIS OF PROCESSING

NAME

identification

Complying with legal obligation (article 6 section 1 c) of GDPR, section 5 article 1 point b of Information Act, section 22 of the Government Decree)

ADDRESS OR E-MAIL ADDRESS

identification, confirmation of the receipt of the declaration

Complying with legal obligation (article 6 section 1 c) of GDPR, section 5 article 1 point b of Information Act, section 22 of the Government Decree)

IN THE CASE OF A PAPER-BASED DECLARATION IN ACCORDANCE WITH ANNEX 2 TO THE GOVERNMENT DECREE, SIGNATURE; THE PARTICULAR DETAILS OF THE CONTRACT INDICATED IN THE DECLARATION, DECLARATION OF THE INTENTION TO EXERCISE THE RIGHT OF WITHDRAWAL/CANCELLATION, ANY DATA GIVEN IN THE DECLARATION

processing, registering the declaration, confirmation of the receipt of the declaration

Complying with legal obligation (article 6 section 1 c) of GDPR, section 5 article 1 point b of Information Act, section 22 of the Government Decree)

3.9.2. Legal basis of processing

Processing is necessary for compliance with a legal obligation; with regard to section 6 paragraph 1 point f of GDPR, section 5 article 1 point b of Information Act and the provisions of section 22 of the Government Decree.

3.9.3. Duration of processing

The period of 5 years from the exercise of the right of withdrawal/cancellation is the general limitation period for claims and enforcement of rights set out in the Civil Code, in order to be able to prove that we have complied with the consumer's request in accordance with the legal requirements and that he/she is not entitled to enforce any further rights or claims against us on the same legal basis.

3.9.4. Mode of processing

In electronic form or paper-based, depending on how the withdrawal/cancellation declaration is received.

3.9.5. Provision of personal data

Since we cannot perform our accounting obligations without knowing the concerning personal data, the provision of personal data is a statutory requirement.

4 Data security

We secure your personal information from unauthorized access, use or disclosure. We secure the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information (such as connection data) is transmitted to other Web sites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) or HTTPS protocol.

Our employees and the employees of the data processors have the right to get acquainted with the personal data of the User, to the extent necessary, for the performance of the tasks which belong to their job. We make all technical and organizational measures that guarantee the security of the data.

4.1. Organizational measures

We provide access to our IT systems with personalized rights. The “necessary and sufficient rights” principle applies to the allocation of accesses, consequently all employees may use our IT systems and services only to the extent necessary for the performance of their duties, with the appropriate rights and for the required time. Access to IT systems and services can only be granted to a person who is not restricted for security or other reasons (e.g. conflicts of interest) and who has the professional, business and information security knowledge required to use it securely.

We and the data processors undertake strict confidentiality rules in a written statement, and we are obliged to act in accordance with these confidentiality rules during the course of our activities.

4.2. Technical measures

The data is stored, EEEwith the exception of the data stored by our data processors, on our own devices, in a data center. The IT devices which store data are located in an isolated, separate closed server room, protected by a multi-stage access control system subject to authorization control.

We protect our internal network with multi-level firewall protection. In all cases, a hardware firewall (border protection device) is located at the entry points of the applied public networks. The data is stored redundantly, that is, in several places, so it is protected from destruction, loss, damage, or illegal destruction due to the failure of the IT device.

Our internal networks are protected from external attacks with a multi-level, active protection against complex malicious code (e.g. virus protection). The external access to the IT systems and databases is operated by us via an encrypted data connection (VPN).

We do steps to ensure that the IT tools and software continuously comply with the generally accepted technological solutions in the market.

We develop systems, during our development, in which logging can be used to control and monitor the operations performed, and to detect incidents, such as unauthorized access.

Our server is protected and closed, located on the dedicated servers of the hosting provider.

5 What are the Users’ rights?

It is relevant to us that our data processing shall comply with the requirements of fairness, lawfulness and transparency. In light thereof, we shall present the rights of the data subjects in this Section, and thereafter we shall explain them in detail in Appendix 10.3.

Our Users may request free information on the details of the processing of their personal data and in cases laid down in legal acts, they may also request the rectification, erasure or blocking thereof, or the restriction of such processing, and they may also object to the processing of such data. Our Users may address their request for information and the request indicated in this Section to our contact information set out in Section 2.

5.1. Right to access

Our User has the right to obtain confirmation as to whether or not personal data concerning him/her are being processed, and, where that is the case, access to the personal data and the information regarding the details of processing.

5.2. Right to rectification

Our User has the right to obtain from us without undue delay the rectification of inaccurate personal data concerning him/her and to have incomplete personal data completed, including by means of providing a supplementary statement.

5.3. Right to erasure

At the request of our User, we shall erase personal data concerning him/her, if the processing of such data is no longer necessary, if the User has revoked his/her consent thereto, if the User objects thereto or if the processing is unlawful.

5.4. Right to be forgotten

If we made the personal data public and are obligated to erase the User’s personal data at request, we shall inform any such controller which was made aware of or could have made aware of the possibly published data of the User.

5.4.1. Right to restriction of processing

At the request of our User, we shall restrict data processing if the accuracy of the personal data is challenged, or the data processing is unlawful, or our User objects to the processing of data, or if we do not deem the provided personal data necessary in the future.

5.5. Right to data portability

Our User has the right to receive the personal data concerning him/her, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller.

5.6. Right to object

Our User has the right to object, on grounds relating to his/her particular situation, at any time to the processing of personal data concerning him/her based on the data processing purposes of legitimate interest (see Sections 4.1, 4.2., and 4.3.). In such a case, we no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. In case of objection, as a general rule, the personal data for such purposes may not be processed further.

5.7. Right to respond to requests

We shall examine the requests as promptly as possible following its submission to us, but not later than within 30 days, and in case of objections, within 15 days and we shall decide whether they are well founded, of which we shall notify the person submitting the request in writing. If we do not fulfil the request of our User, then we shall inform him/her of the factual and legal reasons for denying thereof in our decision.

5.7. Possibilities for redress

Protecting personal data is of utmost importance to us, and we shall also respect your right of informational self-determination, therefore we strive to respond to all requests and claims in a correct manner and within the deadlines. With respect thereto, we ask you to contact us before possibly pursuing your claim before authorities and courts, for the purposes of submitting your complaint or request to us, in order to have your possible objections resolved as soon as possible.

Should this be unsuccessful, our User may

pursue his/her rights and claims before the courts pursuant to Act V of 2013 on the Civil Code (the legal proceedings may be lodged before the regional court of our User’s domestic or habitual residence; the list and contact information of the regional court may be viewed in the following link: http://birosag.hu/torvenyszekek) and turn to and submit a complaint to the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11., telephone number: +36-1-391-1400, facsimile: +36-1-391-1410, e-mail address: ugyfelszolgalat@naih.hu, website:https://www.naih.hu/panaszuegyintezes-rendje.html, pursuing the claim online: https://www.naih.hu/online-uegyinditas.html, hereinafter referred to as NAIH) pursuant to the provisions of the Information Act.

6 Our procedure regarding requests for exercising rights

6.1. Informing recipients

We communicate any rectification or erasure of personal data or restriction of processing carried out, to each recipient to whom the personal data of the Users have been disclosed, unless this proves impossible or involves disproportionate effort. We also inform the User about these recipients at request.

6.2. Mode and deadline of notification

We provide information on actions performed at the request indicated in Section 5 within one month of the receipt of such request at the latest in electronic form, unless otherwise requested by the User. That period may be extended by an additional two months where necessary, taking into account the complexity and number of the requests. We inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.

At the request of the User, an oral notification may also be granted, provided that the User offers an identification in any manner.

If we do not take actions at your request, we inform you within one month of receipt of the request at the latest of the reasons for not taking actions and on the possibility of lodging a complaint at NAIH and seeking a judicial remedy (see point 5.9).

6.3. Monitoring

In exceptional cases, if we have reasonable doubts concerning the identity of the natural person submitting the request, we may request the provision of additional information necessary to confirm the identity of the data subject. This measure is required for the purposes of facilitating the confidentiality of data processing and preventing unlawful access to personal data as laid down in Article 5, Paragraph 1, Point f) of GDPR.

6.4. Costs of measures and notifications

We provide you information with regard to the requests concerning Section 5 and take the necessary measures to be carried out based thereon free of charge.

If your requests are manifestly unfounded or excessive, in particular due to their repetitive nature, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested or we refuse to act at the request.

7 Possible recipients of personal data, processors

7.1. The operation of our website

Our website’s hosting provider (data processor) can have access to the personal data you provide while using the website. The data processor’s data are the following:

Name: Telekom Rendszerintegráció Zrt.

Availability: servicedesk@telekom.hu

7.2. Newsletters

The newsletter software used to send the Website newsletter is operated by the data processor we use. The data processor’s data are the following:

Name: Telekom Rendszerintegráció Zrt.

Availability: servicedesk@telekom.hu

7.3. Online payment system

Ticket fees can be paid by credit card via the interface of a bank service provider as a data processor.

Name: OTP Mobil Kft.

Availability: https://simplepay.hu/

7.4. Issuing invoices

During issuing invoices, our data processor dealing with invoicing may gain access to the personal data of the Users collected for invoicing. The data processor’s data are the following:

Name: KBOSS.hu Kft.

Availability: info@szamlazz.hu

8 Cookies

In order to the proper functioning of our websites, we have placed smaller data files in the Users’ computer devices in certain cases, similarly to most of the modern websites.

8.1. Cookies in general

Cookies are small text files, which the website places to the computer device (including mobile phones) of the User. Consequently, the website is able to “remember” the settings of the User (such as: applied language, letter size, design, etc.), therefore, it is not necessary to set it each time the User visits our website.

Cookies used on our Website:

NAME OF THE COOKIE

Function/descriptipn

Furation

BANNER-XXX

Last loaded image of the image changer banner

24 hours

CUSTOMFORMTOKEN

For individual forms, temporary storage of already completed data

3 hours

MAIN_LANG

Selected language

30 days

PHPSESSID

Session ID

End of the session

PRIVACY_ACCEPTED

Privacy settings accepted, in simple mode

6 months

PRIVACY_ACCEPTED_PERFORMANCE

Privacy settings, performance cookies accepted, in strict mode

6 months

PRIVACY_ACCEPTED_MARKETING

Privacy settings, marketing cookies accepted, in strict mode

6 months

PRIVACY_ACCEPTED_ALL

Privacy settings, all cookies accepted, in strict mode

6 months

WSORDERTOKEN

Webshop order ID, required for purchases without registration

48 hours

These cookies may be deleted, blocked, however in such cases, the Website may not function appropriately.

We do not use cookies to identiy Users. We exclusively use cookies for the purposes above.

8.2. Google Analytics

1. The Google Analytics is the web analysis service of Google Inc. („Google”). Google Analytics uses so-called “cookies”, text files, which are saved to the computers of the Users, thereby facilitating the analysis of use of the website visited by the User.

2. The information generated by the cookies with respect to the website used by the User are generally placed to and stored in one of the servers of Google in the USA. By activating IP anonymization on the website, Google previously shortens the IP address of the User within the Member States of the European Union or in other countries that are party to the treaty on the European Economic Area.

3. Only in exceptional cases shall the full IP address be transferred to the Google server in the US and abridged there. On behalf of us, Google shall use these information to assess how the User used the specific website and to make reports pertaining to the activity regarding the website for us, furthermore, to perform additional services with respect to the use of the internet and the website.

4. In the scope of Google Analytics, the IP address transferred by the web browser of the User shall not be combined with other Google data. By appropriate configuration of the User’s browser, you may prevent these cookies from being stored, nevertheless, we shall point out that in this case you may not be able to fully use all functions of this website. Furthermore, you have the option to prevent the collection of the Users’ data generated by the cookies and related to the use of the website (including your IP address) by Google as well as processing this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=h

Information about the cookies used by Google Analytics:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

NAME OF THE COOKIE

Function/description

Source/service provider

Duration

_GA

differentiation of visitors

Google Inc.

2 years

_GID

differentiation of visitors

Google Inc.

24 hours

_GAT VAGY _DC_GTM_

counting page loads

Google Inc.

1 minute

AMP_TOKEN

contains a token that can be used to retrieve the client ID from the AMP Client ID service

Google Inc.

30 sec – 1 year

_GAC_XXX

advertising campaign information

Google Inc.

90 days


8.3. How can the cookies be processed?

The cookies placed by our website are stored on your computer, therefore you may erase them at any time. For the erasure of the cookies, the following guidelines may offer you assistance:

In case of Mozilla Firefox web browser:
https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox

In case of Chrome web browser: https://support.google.com/chrome/answer/95647?hl=hu&ref_topic=7438325

In case of Microsoft Edge web browser:
https://privacy.microsoft.com/hu-hu/windows-10-microsoft-edge-and-privacy

In case of Opera web browser:
https://help.opera.com/en/latest/web-preferences/#cookies

9 Other provisions

9.1. Processing for different purpose

If we intend to further process the personal data for a purpose other than that for which the personal data were collected, we shall inform the Users thereof, we shall acquire their prior and expressed consent thereto and ensure the possibility for them to object to such processing.

9.2. Record of processing

To comply with Article 30 of GDPR, we maintain a record of processing activities (record of processing activities) which we are liable for.

9.3. Data breaches

Data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. In case of data breach, we are obligated to act according to Articles 33 and 34 of GDPR. We shall record data breaches by indicating the facts pertaining to data breaches, their effect and the measures taken to remedy them.

9.4. Amendments

We are entitled to unilaterally amend this Privacy Policy. If it is amended, we will keep the previous versions of it or, where possible and appropriate, draw the attention of the persons concerned to the amended provisions.

Effective as of: 1th of August 2024

Győr Projekt Kft.

Data Controller

10. Appendix

10.1. The relevant legal acts

In the course of drafting this Privacy Policy, the Controller has taken into account the relevant effective legal acts and the international recommendations, with special regard to the following:

● Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR)

● Act CXII of 2011 on the right of informational self-determination and on freedom of information (Information Act);

● Act V of 2013 on the Civil Code (Civil Code);

● Act CXXX of 2016 on the Code of Civil Procedure (Pp.);

● Act C of 2000 on accounting (Accounting Act);

● Act CLXV of 2013 on Complaints and Public Interest Disclosures;

● Government Decree 45/2014. (II.26.) on Detailed Rules governing contract concluded between consumers and businesses;

● Act CVIII of 2011 on electronic commerce and on information society services (Electronic Commerce Act).

10.2. Definitions with regard to the processing of personal data

● ‘controller’ means the legal person, which determines the purposes and means of the processing of personal data;

● ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

● ‘data transfer’ means making accessible of the data for a third person;

● ‘data erasure’ means making the data unrecognisable in a manner that the recovery of the data is no longer possible;

● ‘marking of data’ means the provision of an identification mark for the data for the purposes of differentiation;

● ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;

● ‘destruction of data’ means the entire physical destruction of the data carrier containing the data;

● ‘processor’ means the legal person, which processes personal data on behalf of the controller;

● ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

● ‘cookie’ means the small data package (text file) sent by the web server and placed for a definite time on the User’s computer, which the server, depending on its nature, may complement at the time the website is visited again, that is, if the web browser sends back a previously saved cookie, then the service provider processing such cookie has the possibility to combine the User’s current visit with the previous one, but only with respect to its own content;

● ‘data subject/User’ means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

● ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;

● ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

● ‘IP address’ means the IP address, that is, an identification number of server machines in every network that uses the TCP/IP protocol for communication, which enables the identification of the specific devices through the network. It is well-known that each computer device connected to the network has an IP address, by which it may be identified;

● ‘personal data’ means any information relating to the data subject;

● ‘objection’ means the statement of the data subject, by which he/she objects to the processing of his/her personal data and requests the termination of data processing or the erasure of the processed data.

10.3. The rights o the data subject

Right to access

The User is entitled to receive access to the personal data being processed by us, at his/her request, submitted to any address as indicated in our contact details. In the scope thereof, the User may be informed of the following:

● whether his/her personal data are being processed;

● the purposes of the processing;

● the categories of personal data concerned;

● the recipients or categories of recipient to whom the personal data have been or will be disclosed,

● where possible, the envisaged period for which the personal data will be stored,

● his/her rights

● the possibility for redress

● information in relation to the source of data.

The User may request a copy of his/her personal data that is subject to the processing of data. In this case we shall provide the personal data in a structured, commonly used and machine-readable format (PDF/XML) and on paper, in a printed format. Requesting the copy is free of charge.

Rectification

Based on a request submitted to any address as indicated in our contact details, the User is entitled to request the rectification of the inaccurate personal data concerning him/her and to have the incomplete data completed. If we do not have the necessary information for the correction and completion of the incorrect information, we may request the provision of such supplementary data and the certification of the accuracy of the data. In the absence of such supplementary information, we shall restrict the processing of the relevant personal data and we shall temporarily suspend the measures carried out thereon with the exception of storing until such a time that the correction and completion of data may be performed.

Erasure

Based on a request submitted to any address as indicated in our contact details, the User is entitled to request the erasure of the personal data concerning him/her and processed by us, provided that any of the following conditions are met:

● we no longer need the provided personal data;

● the User expresses concern with regard to the lawfulness of his/her data being processed by us.

Should we determine based on the User’s request that we are obligated to erase the personal data processed by us, we shall cease the processing of such data and we shall destruct the previously processed personal data. Besides that, we are also obligated to erase the personal data upon the revocation of consent, the exercising of the right to object and based on our obligations laid down in legal acts.

Restriction of data processing

Based on a request submitted to any address as indicated in our contact details, the User is entitled to request the restriction of the personal data concerning him/her processed by us in the following cases:

● the User expresses concern with regard to the lawfulness of the data concerning him/her, being processed by us and restriction is requested instead of erasure;

● we no longer need the provided data, but they are required for the establishment, exercising or defending of the User’s claims.

We automatically restrict the processing of personal data if the User challenges the accuracy of the personal data and the User exercises its right of objection. In this case, the restriction shall extend to such a time period which enables the checking of the accuracy of the personal data and, in case of objection, the determination of the fact whether the prerequisites of the data processing are met.

During such restriction, the data processing measures of the indicated personal data may not be carried out, only the storage thereof. In case of the restriction of data processing, the personal data may only be processed in the following cases:

● based on the consent of the data subject

● for the submission, enforcement and protecting of legal claims;

● for the protection of the rights of other natural or legal persons;

● for important reasons of public interest.

We shall inform the Users of the lifting of the restrictions in advance.

Data portability

Based on a request submitted to any address as indicated in our contact details, the User is entitled to request the provision of personal data concerning him/her, and processed by us to further use determined by the User. Besides that, the User may also request that we transfer the personal data to another controller indicated by the User.

This right only covers the personal data provided by the User and processed for the performance of the contract. There is no possibility for the portability of other data. We shall provide the personal data to the User in a structured, commonly used and machine-readable format (PDF/XML) and on paper, in a printed format.

We inform the User that the exercising of this right does not automatically involve the erasure of such personal data from our systems. Besides that, the User is entitled to contact us and keeping in contact with us again, even following such data portability.

Objection

Based on a request submitted to any address as indicated in our contact details, the User is entitled to object to the processing of his/her/its personal data for the purposes indicated in Section 3.1. of this Privacy Policy. In this case, we shall examine whether the data processing is justified by such mandatory legal reasons which take precedence over the interests, rights and freedoms of the User or which are pertaining to the submission, enforcement or protection of legal claims. Should we determine that such reasons exist, we shall continue processing the personal data. In failure thereof, we shall not process the personal data in the future.

Allow performance cookies
Allow Google Analytics cookies
Allow marketing cookies
Allow Google advertising cookies
Allow Google personalized advertising.
Sending user data related to advertising to Google.
Allow all cookies
© Gyorbike.hu 2024