Privacy Policy - Tiramisu The Maine Coon

PRIVACY POLICY

LEONTINA BOTOS

VALID:

FROM 27.07.2023.
UNTIL WITHDRAWAL

Data of the data controller:

Name: Leontina Botos

Address: H-3300 Eger, Kodály Zoltán utca 2. VII/1., Hungary

Telephon number: +3630/5834711

E-mail address: tiramisu@tiramisuthemainecoon.com

Purpose of the Privacy Policy:

The data controller acknowledges the content of this legal notice as binding. The purpose of this privacy policy is to inform the subjects regarding the management of their personal data. The data manager handles personal data exclusively in accordance with the provisions of the applicable laws and in strict compliance with the provisions of the data management and data protection provisions, taking into account the principles of legality, fair procedure and transparency, purposefulness, data economy, accuracy, and limited storage capacity.

The data controller takes all technical and organizational measures to ensure that the personal data of the data subjects are secure, in accordance with the European Parliament and the Council (EU) 2016/679. handle it in the manner prescribed by its regulation.

The data protection guidelines arising in connection with the data management of the data controller are continuously available with the data controller. The data controller reserves the right to change this information at any time. Of course, they will notify their audience of any changes in good time.

The data controller is committed to the protection of the personal data of the data subjects and considers it of utmost importance to respect the data subjects’ right to self-determination of information. The data controller treats personal data confidentially and takes all security, technical, and organizational measures that guarantee data security. The data controller describes its data management practices below.

The personal, material, and temporal scope of the Privacy Policy:

The personal scope of this privacy policy covers the data controller, as well as the natural persons whose data is included in the data processing covered by this privacy policy, as well as the persons whose rights or legitimate interests are affected by the data processing.

The material scope of the privacy policy covers all data processing that occurs during the activities of the data controller on the www.tiramisuthemainecoon.hu and www.tiramisuthemainecoon.com websites and social media pages.

This privacy policy enters into force on the day of approval and is valid indefinitely until further notice.

More important term definitions:

Personal data: any information relating to an identified or identifiable natural person. A natural person can be identified directly or indirectly, in particular by an identifier, such as a name, number, location data, online identifier, or a physical, physiological, genetic, mental, economic, cultural, or social identity of the natural person, or can be identified based on several factors.

Special data: all data belonging to special categories of personal data, i.e. personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs, or trade union membership, as well as genetic data, biometric data aimed at the unique identification of natural persons, health data and personal data regarding the sexual life or sexual orientation of natural persons.

Data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or linking, limiting or destroying.

Data controller: the natural or legal person, public authority, agency, or any other body that determines the purposes and means of processing personal data independently or together with others.

Data processor: the natural person or legal entity, public authority, agency, or any other body that processes personal data on behalf of the data controller.

Joint data controllers: if the purposes and means of data management are determined jointly by two or more data controllers, they are considered joint data controllers.

Third-party: the natural or legal person, public authority, agency, or any other body that is not the same as the data subject, the data manager, the data processor, or the persons who have been authorized to process personal data under the direct control of the data manager or data processor.

The consent of the data subject: the voluntary, specific, and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him.

Data protection incident: a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data transmitted, stored or otherwise handled.

Lawful data management by the data controller:

Personal data will be processed by the data controller only in the following cases:

1. If the data subject has given their consent to the processing of their personal data for one or more specific purposes.

2. If data processing is necessary for the performance of a contract in which the data subject is one of the parties.

3. If data management is necessary to fulfill the legal obligation of the data controller.

4. If data processing is necessary to protect the vital interests of the data subject or another natural person.

5. If data management is necessary to enforce the legitimate interests of the data controller or a third party.

The data controller examines the legality of data management in every phase of its activity and only processes data for which it can prove its purpose and legal basis. In the event that a condition of a legal basis ceases, data processing can only be continued if the data controller can prove another suitable legal basis.

According to the main rule, the method of proving the legal grounds is in writing, even in the case of a legal basis created by suggestive conduct, it must be examined whether it can be clearly proved afterward. In case of doubt, with regard to the aspects of reasonableness and economy, efforts should be made to confirm in writing the data management created by referring behavior.

In the case of data processing based on consent, the data subject gives their written consent to the processing of their personal data. Consent is not formally bound, but subsequent verifiability requires paper or electronic written consent.

Data processing based on the fulfillment of a legal obligation is independent of the data subject’s consent, as data processing is defined by law.

Regardless of the mandatory nature of the data processing, the data subject must be informed before the data processing begins that the data processing is mandatory and cannot be avoided, and the data subject must be given clear and detailed information about all significant facts related to the processing of their data before the data processing begins.

According to the GDPR (General Data Protection Regulation), it is also possible to process personal data if the data processing is necessary for the performance of a contract in which the individual concerned is one of the parties, or the data processing or data collection is necessary to take steps at the request of the data subject prior to the conclusion of the contract. The data controller may process personal data for the purpose of concluding, fulfilling, or terminating the contract with the legal basis of the performance of the contract.

Management of personal data by the data controller:

The data controller operates the websites www.tiramisuthemainecoon.hu and www.tiramisuthemainecoon.com on which it collects and shares useful information, as well as publishes blog articles related to cat keeping. During the performance of this activity, when they come into contact with the personal data of natural persons. They carry out the following data management activities:

The websites operated by the data controller (www.tiramisuthemainecoon.hu and www.tiramisuthemainecoon.com) use cookies during their operation, which collect personal data about visitors. The legal basis for data management is the consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation.

With the data manager, it is possible to subscribe to blog reminders and newsletters by entering your name and e-mail address. When signing up, the data subject declares that they have read the data controller’s Data Management Notice, as well as whether they give their consent to the processing of their personal data for marketing purposes. The data subject is entitled to the rights described in the Data Management Notice and has the opportunity to exercise these rights in the manner and places described therein. Accordingly, the legal basis for processing personal data during the sending of reminders and newsletters is the express and written consent of the subscriber based on adequate information (Article 6 (1) point a) of the General Data Protection Regulation.

The data controller also operates social networking sites, where personal data is also processed. The legal basis for data management is the consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation.

The data controller also displays photos or videos on its websites and blog posts. If a recognizable private person can be seen in the recording, the preparation and use of the recording – in connection with the data controller’s websites, social media pages, or other appearances – will only take place with the written, informed, prior and voluntary consent of the person concerned (in the case of a person under the age of 18, the legal representative). The legal basis for data management is the consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation.

The data controller keeps a data management record of the above-mentioned data management. The register also contains the deadlines for deleting personal data. The register is available at the address of the data controller.

Data processors associated with the data manager:

If the data management is carried out by someone else on behalf of the data controller, the data controller may only use data processors that provide adequate guarantees for compliance with the requirements of the General Data Protection Regulation, or implement appropriate technical and organizational measures that ensure the protection of the rights of the data subjects.

The data controller hereby declares that, in the course of its activities, it only contacts data processors who have a suitable guarantee of compliance with the GDPR regulation and the implementation of appropriate technical and organizational measures to ensure the protection of the rights of the data subjects. The relevant declarations of the data processors are available.

By reading and taking note of this Data Management Information, the data subjects accept that the data controller will forward their personal data to the data processors and joint data controllers listed below.

The companies that host the website of the data controller are considered data processors:
MikroVPS Kft.
H-7150 Bonyhád, Jókai Mór utca 3., Hungary
info@mikrovps.net

The servers of the mail systems used by the data controller are also data processors:
MikroVPS Kft.
H-7150 Bonyhád, Jókai Mór utca 3., Hungary
info@mikrovps.net

Due to the use of the Google Analytics service used by the website of the data controller, it is a data processor:
- Google Ireland Limited
- Gordon House, Barrow Street, Dublin 4, Írország

Additional data processors in connection with sending newsletters (Listamester, MailerLite):
Bithuszárok Számítástechnikai és Szolgáltató Bt.
H-2051 Biatorbágy, Damjanich utca 8., Hungary
info@bithuszarok.hu

MailerLite Inc.
GroundFloor, 71 Lower Baggot Street, Dublin 2
D02 P593, Ireland
info@mailerlite.com

Due to the use of social networks and social plug-ins built into websites, data processing, and joint data management partners:
MetaPlatformsIreland Ltd.
4 Grand CanalSquare, Grand CanalHarbour, Dublin 2 Ireland

Pinterest Europe Ltd.
Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

Owner of YouTube social video-sharing site:

Google Ireland Limited
Gordon House, Barrow Street, Dublin 4, Ireland

The contracted data processing and data management partners manage the personal data of the data subjects only on the basis of the instructions given by the data manager (except for the application of legal requirements), assuming an obligation of confidentiality.

Children’s data, management of special categories of personal data:

The data subject declares on the website of the data controller that he is over 16 years old in connection with subscribing to the blog reminder, newsletter and consent to the operation of cookies. A person under the age of 16 may not sign up for reminders, newsletters, or consent to the collection of data by cookies used by websites, given that the validity of their legal declaration containing their consent to data management based on Article 8 (1) of the General Data Protection Regulation (GDPR) the permission of his legal representative is required. The data controller is unable to check the consenting person’s age and eligibility, so the data subject guarantees that the data provided is true.

The data controller does not record any special data brought to the attention of the data controller or to which it has become aware. If this type of data has entered any of the data controller’s systems without the data controller’s knowledge, it will be deleted from the system immediately upon detection.

Taking photos and video recordings by the data controller:

The data controller also displays photos or videos on its websites and blog posts. If a recognizable private person can be seen in the recording, the preparation and use of the recording – in connection with the data controller’s websites, social media pages, or other appearances – will only take place with the written, informed, prior and voluntary consent of the person concerned (in the case of a person under the age of 18, the legal representative). The legal basis for data management is the consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation.

If the data subject withdraws the consent and requests the termination of the use of the recording or the deletion of the recording, the data controller shall comply with this request immediately.

Websites of the data controller:

The data controller publishes her blog articles on her websites (www.tiramisuthemainecoon.hu and www.tiramisuthemainecoon.com).

The websites of the data controller use cookies during their operation. The legal basis for processing the personal data obtained by them is the visitor’s consent (General Data Protection Regulation Article 6 (1) point a)).

The website www.tiramisuthemainecoon.hu uses the following cookies during its operation:

euCookie
duration: 1 year 1 month 4 days
type: mandatory
_ga
duration: 1 year 1 month 4 days
type: statistical – Google Analytics
_ga_*
duration: 1 year 1 month 4 days
type: statistical – Google Analytics
_ga_FKPBS0EFSZ
duration: 1 year 1 month 4 days
type: statistical – Google Analytics
YSC
duration: until the end of the browsing session
type: Marketing –Youtube
VISITOR_INFO1_LIVE
duration: 6 months
type: Marketing –Youtube
CONSENT
duration: 2 years
type: statistical –Youtube
yt-remote-device-id
type: Marketing – Youtube
yt-remote-connected-devices
type: Marketing – Youtube
yt.innertube::nextId
type: Marketing – Youtube
yt.innertube::requests
type: Marketing – Youtube

The website www.tiramisuthemainecoon.com uses the following cookies during its operation:

euCookie
duration: 1 year 1 month 4 days
type: mandatory
_ga
duration: 1 year 1 month 4 days
type: statistical – Google Analytics
_ga_*
duration: 1 year 1 month 4 days
type: statistical – Google Analytics
_ga_4LY6J66SXY
duration: 1 year 1 month 4 days
type: statistical – Google Analytics
YSC
duration: böngészési munkamenet végéig
type: Marketing –Youtube
VISITOR_INFO1_LIVE
duration: 6 months
type: Marketing –Youtube
CONSENT
duration: 2 years
type: statistical –Youtube
yt-remote-device-id
type: Marketing – Youtube
yt-remote-connected-devices
type: Marketing – Youtube
yt.innertube::nextId
type: Marketing – Youtube
yt.innertube::requests
type: Marketing – Youtube

Cookies:

The purpose of cookies:

collect information about visitors and their devices;
remember the individual settings of the visitors, which will be used;
facilitate the use of websites;
provide a quality user experience.

In order to provide customized service, a small so-called data package, places a cookie and reads it back during the next visit. If the browser returns a previously saved cookie, the cookie management service provider has the opportunity to connect the user’s current visit with previous ones, but only with regard to its own content.

Absolutely necessary session cookies:

The purpose of these cookies is to enable visitors to fully and smoothly browse the websites and to use their functions and the services available there. The validity period of this type of cookie lasts until the end of the session (browsing), when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.

The data subject’s choice regarding the cookies:

Web browser cookies:

In the browser settings, the data subject can accept or reject new cookies and delete existing cookies. You can also set your browser to notify you every time new cookies are placed on your computer or other device. You can find more information about the management of cookies in the “help” function of the browser.

If the visitor decides to turn off some or all cookies, he will not be able to use all the functions of the websites.

Cookies placed by third parties (analytics, statistics, marketing):

Use of Google Analytics (analytics, statistics):

The website of the data controller also uses cookies from Google Analytics as a third party. By using the Google Analytics web analytics service for statistical purposes, the data controller collects information about how visitors use the website. It uses the data for the purpose of developing the websites and improving the user experience. These cookies also remain on the visitor’s computer or other device used for browsing, in their browser, until they expire, or until the visitor deletes them.

If websites or apps use Google Analytics in conjunction with other Google advertising products, such as the Google Ads system, they may also collect other advertising identifiers. Users can turn off this service or change the settings for the use of cookies in the Advertising settings.

Google Analytics collects users’ IP addresses to protect the security of the service and to help website owners get an idea of the country, state, or city their visitors are coming from (also known as “IP geolocation”). Google Analytics offers the ability to mask the IP addresses collected, however, website owners can see users’ IP addresses even if they do not use Google Analytics.

In the context of Google Analytics, the IP address transmitted by the visitor’s browser is not combined with other Google data. You can prevent the storage of cookies by properly setting your browser software, but in this case the visitor may not be able to fully use all the functions of the websites.

In addition, the visitor can prevent the collection by Google of the data created by the cookies and the use of the website by the visitor (including his IP address), as well as the processing of this data by Google, if they download and install the browser plugin under the link below.

The current link is http://www.google.com/policies/privacy/ads/.

Google acts as a data processor for Google Analytics and thus for the data controller.

According to the provisions of the General Data Protection Regulation (GDPR), Google Analytics is the data processor, as Google Analytics collects and processes data on behalf of its customers (such as the data controller) according to the instructions of those customers. Google can only use the data in accordance with the terms of the contracts concluded with Google Analytics customers, as well as the settings specified by customers on the user interface of its products.

Google Analytics collects internal cookies, device/browser-related data, IP addresses, and website/app activities. This data is collected because it can be used to measure and record in statistical reports the actions performed by users on websites and/or applications that use the Google Analytics service. Customers can customize cookies and the scope of data collected with features such as Cookie Settings, User-ID, Data Import, and MeasurementProtocol.

For customers using the SDK for Google Analytics apps, Google collects an app instance ID. This is a number that is randomly generated when a user installs an app for the first time.

Google Analytics uses IP addresses to infer the geographic location of visitors and to protect the service and its customers. Customers can turn on a feature called IP masking, which allows Google Analytics to use only a part of the IP address instead of the entire IP address collected. Additionally, customers can override IP addresses on demand with the IP override feature.

Google uses the data managed in the Google Analytics service to provide its customers with the Google Analytics measurement service. Identifiers, such as cookies and application instance identifiers, are used to measure how users interact with customer websites and/or applications. It uses IP addresses to keep the service secure and to give website owners an overview of where their users are coming from around the world.

Application of social plug-ins:

The websites of the data controller also use the embedded content of the social media site (Youtube). In this case, joint data management is carried out with the operator of the social website. The legal basis for data management is the consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation, which is given by accepting information about the collection of data about cookies and consenting to data collection.

In connection with the acceptance of the use of cookies on the website of the data controller, the person concerned declares that he has reached the age of 16. A person under the age of 16 may not declare the acceptance or rejection of cookies used by the websites, considering that, based on Article 8 (1) of the General Data Protection Regulation (GDPR), the permission of their legal representative is required for the validity of their legal declaration containing their consent to data management. The data controller is unable to check the consenting person’s age and eligibility, so the data subject guarantees that the data provided is true.

Signing up for blog reminders and newsletters:

With the data manager, it is possible to subscribe to blog reminders and newsletters by entering your name and e-mail address. When signing up, the data subject declares that they have read the data controller’s Data Management Notice, as well as whether they give consent to the processing of their personal data for marketing purposes. The data subject is entitled to the rights described in the Data Management Notice and has the opportunity to exercise these rights in the manner and places described therein. Accordingly, the legal basis for processing personal data during the sending of reminders and newsletters is the express and written consent of the subscriber based on adequate information (Article 6 (1) point a) of the General Data Protection Regulation.

Signing up is based on voluntary consent, the data controller naturally gives the data subject the opportunity to withdraw consent and unsubscribe from the newsletter and reminder at any time.

The data subject declares on the website of the data controller in connection with the registration that they have reached the age of 16. A person under the age of 16 may not sign up, given that, based on Article 8 (1) of the General Data Protection Regulation (GDPR), the consent of their legal representative is required for the validity of their legal declaration containing their consent to data management. The data controller is unable to check the consenting person’s age and eligibility, so the data subject guarantees that the data provided is true.

Social pages of the data controller:

The data controller also operates Facebook pages, where personal data is also processed.

https://www.facebook.com/people/Tiramisu-a-maine-coon/100085035500707/

https://www.facebook.com/people/Tiramisu-the-Maine-Coon/100084915792222/

The data controller also provides comprehensive personal support via Facebook. If you ask a question via Facebook, they will try to answer it as soon as possible. The data obtained on Facebook pages is used exclusively to answer your question, not for further advertising purposes.

The purpose of using Facebook pages is to share content and provide information on the social media interface. Facebook can also use the data for its own purposes, including profiling the data subject and targeting them with advertisements.

In order to be able to contact the controller via Facebook, you must log in. For this purpose, Facebook also requests, stores and processes personal data. The data controller has no influence on the type, scope and processing of this data, and does not receive personal data from the Facebook operator. You can find more information about this on the Facebook page.

On the Facebook pages, the personal data of the followers is handled by the data controller in accordance with their consent (Article 6 (1) point a) of the General Data Protection Regulation), consent is considered given when the person in question likes, follows, or comments on their pages and posts.

The data controller is also present on the social media site Instagram with the following profile:

https://www.instagram.com/tiramisu_the_maine_coon/

Followers’ personal data is handled on the Instagram page. Data processing takes place on the legal basis of consent given by tracking (General Data Protection Regulation Article 6 (1) point a)).

Additional social pages of the data controller, where the legal basis for data management is also the consent of the data subject (General Data Protection Regulation Article 6 (1) point a)):

https://hu.pinterest.com/tiramisuthemainecoon/

https://www.youtube.com/@tiramisuthemainecoon/featured

Security of data management:

The data controller undertakes to take care of the security of the data, to take the technical and organizational measures and to maintain the procedural rules that ensure that the recorded, stored and managed data are protected, as well as to prevent their destruction, unauthorized use and unauthorized change. You also undertake to call on all third parties to whom you forward or transfer the data to comply with the requirement of data security.

The data controller ensures that no unauthorized person can access, disclose, transmit, modify, or delete the processed data. The managed data can only be seen by the data controller and the data processor(s) used by it, it will not be passed on to third parties who are not authorized to see the data.

The data controller pays particular attention to the security of the personal data of the data subjects. They act in full compliance with the legal provisions and requires this from all its partners. The protection of personal data includes both physical data protection (storing documents in a lockable room) and IT protection (use of firewall, antivirus, password protection).

The data controller stores the personal data provided by the data subject primarily on the servers of the data processor(s) specified in this Data Management Information System equipped with the usual protection systems, partly on its own IT devices, and in the case of paper data media, at their home address, properly locked.

Those concerned acknowledge and accept that, in case of providing their personal data, data protection cannot be fully guaranteed on the Internet and in the computer system. In the event of unauthorized access or knowledge of data – despite the efforts of the data controller – it is necessary to proceed as described in this information.

The rights of those affected by data management:

Transparent information:

This privacy policy also serves the purpose of providing a clear, concise, transparent and comprehensible description of the data management activities employed by the data controller.

Right of access:

The data subject is entitled to receive feedback from the data controller as to whether he is in the process of processing personal data, and if he is in the process of processing such data, he is entitled to receive access to personal data and the following information:

The purpose of data management,
Categories of personal data concerned,
The recipients to whom the personal data were disclosed,
The planned date of storage of personal data.

One can request information about the above data from the data controller at the following e-mail address: