PRIVACY POLICY

LEONTINA BOTOS

VALID:

FROM 27.07.2023.
UNTIL WITHDRAWAL

  1. Data of the data controller:

Name:                                    Leontina Botos

Address:                                H-3300 Eger, Kodály Zoltán utca 2. VII/1., Hungary

Telephon number:              +3630/5834711

E-mail address:                    tiramisu@tiramisuthemainecoon.com

  • Purpose of the Privacy Policy:

The data controller acknowledges the content of this legal notice as binding. The purpose of this privacy policy is to inform the subjects regarding the management of their personal data. The data manager handles personal data exclusively in accordance with the provisions of the applicable laws and in strict compliance with the provisions of the data management and data protection provisions, taking into account the principles of legality, fair procedure and transparency, purposefulness, data economy, accuracy, and limited storage capacity.

The data controller takes all technical and organizational measures to ensure that the personal data of the data subjects are secure, in accordance with the European Parliament and the Council (EU) 2016/679. handle it in the manner prescribed by its regulation.

The data protection guidelines arising in connection with the data management of the data controller are continuously available with the data controller. The data controller reserves the right to change this information at any time. Of course, they will notify their audience of any changes in good time.

The data controller is committed to the protection of the personal data of the data subjects and considers it of utmost importance to respect the data subjects’ right to self-determination of information. The data controller treats personal data confidentially and takes all security, technical, and organizational measures that guarantee data security. The data controller describes its data management practices below.

  • The personal, material, and temporal scope of the Privacy Policy:

The personal scope of this privacy policy covers the data controller, as well as the natural persons whose data is included in the data processing covered by this privacy policy, as well as the persons whose rights or legitimate interests are affected by the data processing.

The material scope of the privacy policy covers all data processing that occurs during the activities of the data controller on the www.tiramisuthemainecoon.hu and www.tiramisuthemainecoon.com websites and social media pages.

This privacy policy enters into force on the day of approval and is valid indefinitely until further notice.

  • More important term definitions:

Personal data: any information relating to an identified or identifiable natural person. A natural person can be identified directly or indirectly, in particular by an identifier, such as a name, number, location data, online identifier, or a physical, physiological, genetic, mental, economic, cultural, or social identity of the natural person, or can be identified based on several factors.

Special data: all data belonging to special categories of personal data, i.e. personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs, or trade union membership, as well as genetic data, biometric data aimed at the unique identification of natural persons, health data and personal data regarding the sexual life or sexual orientation of natural persons.

Data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or linking, limiting or destroying.

Data controller: the natural or legal person, public authority, agency, or any other body that determines the purposes and means of processing personal data independently or together with others.

Data processor: the natural person or legal entity, public authority, agency, or any other body that processes personal data on behalf of the data controller.

Joint data controllers: if the purposes and means of data management are determined jointly by two or more data controllers, they are considered joint data controllers.

Third-party: the natural or legal person, public authority, agency, or any other body that is not the same as the data subject, the data manager, the data processor, or the persons who have been authorized to process personal data under the direct control of the data manager or data processor.

The consent of the data subject: the voluntary, specific, and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him.

Data protection incident: a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data transmitted, stored or otherwise handled.

  • Lawful data management by the data controller:

Personal data will be processed by the data controller only in the following cases:

1. If the data subject has given their consent to the processing of their personal data for one or more specific purposes.

2. If data processing is necessary for the performance of a contract in which the data subject is one of the parties.

3. If data management is necessary to fulfill the legal obligation of the data controller.

4. If data processing is necessary to protect the vital interests of the data subject or another natural person.

5. If data management is necessary to enforce the legitimate interests of the data controller or a third party.

The data controller examines the legality of data management in every phase of its activity and only processes data for which it can prove its purpose and legal basis. In the event that a condition of a legal basis ceases, data processing can only be continued if the data controller can prove another suitable legal basis.

According to the main rule, the method of proving the legal grounds is in writing, even in the case of a legal basis created by suggestive conduct, it must be examined whether it can be clearly proved afterward. In case of doubt, with regard to the aspects of reasonableness and economy, efforts should be made to confirm in writing the data management created by referring behavior.

In the case of data processing based on consent, the data subject gives their written consent to the processing of their personal data. Consent is not formally bound, but subsequent verifiability requires paper or electronic written consent.

Data processing based on the fulfillment of a legal obligation is independent of the data subject’s consent, as data processing is defined by law.

Regardless of the mandatory nature of the data processing, the data subject must be informed before the data processing begins that the data processing is mandatory and cannot be avoided, and the data subject must be given clear and detailed information about all significant facts related to the processing of their data before the data processing begins.

According to the GDPR (General Data Protection Regulation), it is also possible to process personal data if the data processing is necessary for the performance of a contract in which the individual concerned is one of the parties, or the data processing or data collection is necessary to take steps at the request of the data subject prior to the conclusion of the contract. The data controller may process personal data for the purpose of concluding, fulfilling, or terminating the contract with the legal basis of the performance of the contract.

  1. Management of personal data by the data controller:

The data controller operates the websites www.tiramisuthemainecoon.hu and www.tiramisuthemainecoon.com on which it collects and shares useful information, as well as publishes blog articles related to cat keeping. During the performance of this activity, when they come into contact with the personal data of natural persons. They carry out the following data management activities:

  1. The websites operated by the data controller (www.tiramisuthemainecoon.hu and www.tiramisuthemainecoon.com) use cookies during their operation, which collect personal data about visitors. The legal basis for data management is the consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation.
  • With the data manager, it is possible to subscribe to blog reminders and newsletters by entering your name and e-mail address. When signing up, the data subject declares that they have read the data controller’s Data Management Notice, as well as whether they give their consent to the processing of their personal data for marketing purposes. The data subject is entitled to the rights described in the Data Management Notice and has the opportunity to exercise these rights in the manner and places described therein. Accordingly, the legal basis for processing personal data during the sending of reminders and newsletters is the express and written consent of the subscriber based on adequate information (Article 6 (1) point a) of the General Data Protection Regulation.
  • The data controller also operates social networking sites, where personal data is also processed. The legal basis for data management is the consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation.
  • The data controller also displays photos or videos on its websites and blog posts. If a recognizable private person can be seen in the recording, the preparation and use of the recording – in connection with the data controller’s websites, social media pages, or other appearances – will only take place with the written, informed, prior and voluntary consent of the person concerned (in the case of a person under the age of 18, the legal representative). The legal basis for data management is the consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation.

The data controller keeps a data management record of the above-mentioned data management. The register also contains the deadlines for deleting personal data. The register is available at the address of the data controller.

  • Data processors associated with the data manager:

If the data management is carried out by someone else on behalf of the data controller, the data controller may only use data processors that provide adequate guarantees for compliance with the requirements of the General Data Protection Regulation, or implement appropriate technical and organizational measures that ensure the protection of the rights of the data subjects.

The data controller hereby declares that, in the course of its activities, it only contacts data processors who have a suitable guarantee of compliance with the GDPR regulation and the implementation of appropriate technical and organizational measures to ensure the protection of the rights of the data subjects. The relevant declarations of the data processors are available.

By reading and taking note of this Data Management Information, the data subjects accept that the data controller will forward their personal data to the data processors and joint data controllers listed below.

  • The companies that host the website of the data controller are considered data processors:
  • MikroVPS Kft.
  • H-7150 Bonyhád, Jókai Mór utca 3., Hungary
  • info@mikrovps.net
  • The servers of the mail systems used by the data controller are also data processors:
  • MikroVPS Kft.
  • H-7150 Bonyhád, Jókai Mór utca 3., Hungary
  • info@mikrovps.net
  • Due to the use of the Google Analytics service used by the website of the data controller, it is a data processor:
    • Google Ireland Limited
    • Gordon House, Barrow Street, Dublin 4, Írország
  • Additional data processors in connection with sending newsletters (Listamester, MailerLite):
  • Bithuszárok Számítástechnikai és Szolgáltató Bt.
  • H-2051 Biatorbágy, Damjanich utca 8., Hungary
  • info@bithuszarok.hu
  • MailerLite Inc.
  • GroundFloor, 71 Lower Baggot Street, Dublin 2
  • D02 P593, Ireland
  • info@mailerlite.com
  • Due to the use of social networks and social plug-ins built into websites, data processing, and joint data management partners:
  • MetaPlatformsIreland Ltd.
  • 4 Grand CanalSquare, Grand CanalHarbour, Dublin 2 Ireland
  • Pinterest Europe Ltd.
  • Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland

Owner of YouTube social video-sharing site:

  • Google Ireland Limited
  • Gordon House, Barrow Street, Dublin 4, Ireland

The contracted data processing and data management partners manage the personal data of the data subjects only on the basis of the instructions given by the data manager (except for the application of legal requirements), assuming an obligation of confidentiality.

  • Children’s data, management of special categories of personal data:

The data subject declares on the website of the data controller that he is over 16 years old in connection with subscribing to the blog reminder, newsletter and consent to the operation of cookies. A person under the age of 16 may not sign up for reminders, newsletters, or consent to the collection of data by cookies used by websites, given that the validity of their legal declaration containing their consent to data management based on Article 8 (1) of the General Data Protection Regulation (GDPR) the permission of his legal representative is required. The data controller is unable to check the consenting person’s age and eligibility, so the data subject guarantees that the data provided is true.

The data controller does not record any special data brought to the attention of the data controller or to which it has become aware. If this type of data has entered any of the data controller’s systems without the data controller’s knowledge, it will be deleted from the system immediately upon detection.

  • Taking photos and video recordings by the data controller:

The data controller also displays photos or videos on its websites and blog posts. If a recognizable private person can be seen in the recording, the preparation and use of the recording – in connection with the data controller’s websites, social media pages, or other appearances – will only take place with the written, informed, prior and voluntary consent of the person concerned (in the case of a person under the age of 18, the legal representative). The legal basis for data management is the consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation.

If the data subject withdraws the consent and requests the termination of the use of the recording or the deletion of the recording, the data controller shall comply with this request immediately.

  • Websites of the data controller:

The data controller publishes her blog articles on her websites (www.tiramisuthemainecoon.hu and www.tiramisuthemainecoon.com).

The websites of the data controller use cookies during their operation. The legal basis for processing the personal data obtained by them is the visitor’s consent (General Data Protection Regulation Article 6 (1) point a)).

The website www.tiramisuthemainecoon.hu uses the following cookies during its operation:

  • euCookie
  • duration: 1 year 1 month 4 days
  • type: mandatory
  • _ga
  • duration: 1 year 1 month 4 days
  • type: statistical – Google Analytics
  • _ga_*
  • duration: 1 year 1 month 4 days
  • type: statistical – Google Analytics
  • _ga_FKPBS0EFSZ
  • duration: 1 year 1 month 4 days
  • type: statistical – Google Analytics
  • YSC
  • duration: until the end of the browsing session
  • type: Marketing –Youtube
  • VISITOR_INFO1_LIVE
  • duration: 6 months
  • type: Marketing –Youtube
  • CONSENT
  • duration: 2 years
  • type: statistical –Youtube
  • yt-remote-device-id
  • type: Marketing – Youtube
  • yt-remote-connected-devices
  • type: Marketing – Youtube
  • yt.innertube::nextId
  • type: Marketing – Youtube
  • yt.innertube::requests
  • type: Marketing – Youtube

The website www.tiramisuthemainecoon.com uses the following cookies during its operation:

  • euCookie
  • duration: 1 year 1 month 4 days
  • type: mandatory 
  • _ga
  • duration: 1 year 1 month 4 days
  • type: statistical – Google Analytics
  • _ga_*
  • duration: 1 year 1 month 4 days
  • type: statistical – Google Analytics
  • _ga_4LY6J66SXY
  • duration: 1 year 1 month 4 days
  • type: statistical – Google Analytics
  • YSC
  • duration: böngészési munkamenet végéig
  • type: Marketing –Youtube
  • VISITOR_INFO1_LIVE
  • duration: 6 months
  • type: Marketing –Youtube
  • CONSENT
  • duration: 2 years
  • type: statistical –Youtube
  • yt-remote-device-id
  • type: Marketing – Youtube
  • yt-remote-connected-devices
  • type: Marketing – Youtube
  • yt.innertube::nextId
  • type: Marketing – Youtube
  • yt.innertube::requests
  • type: Marketing – Youtube

Cookies:

The purpose of cookies:

  • collect information about visitors and their devices;
  • remember the individual settings of the visitors, which will be used;
  • facilitate the use of websites;
  • provide a quality user experience.

In order to provide customized service, a small so-called data package, places a cookie and reads it back during the next visit. If the browser returns a previously saved cookie, the cookie management service provider has the opportunity to connect the user’s current visit with previous ones, but only with regard to its own content.

Absolutely necessary session cookies:

The purpose of these cookies is to enable visitors to fully and smoothly browse the websites and to use their functions and the services available there. The validity period of this type of cookie lasts until the end of the session (browsing), when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.

The data subject’s choice regarding the cookies:

Web browser cookies:

In the browser settings, the data subject can accept or reject new cookies and delete existing cookies. You can also set your browser to notify you every time new cookies are placed on your computer or other device. You can find more information about the management of cookies in the “help” function of the browser.

If the visitor decides to turn off some or all cookies, he will not be able to use all the functions of the websites.

Cookies placed by third parties (analytics, statistics, marketing):

Use of Google Analytics (analytics, statistics):

The website of the data controller also uses cookies from Google Analytics as a third party. By using the Google Analytics web analytics service for statistical purposes, the data controller collects information about how visitors use the website. It uses the data for the purpose of developing the websites and improving the user experience. These cookies also remain on the visitor’s computer or other device used for browsing, in their browser, until they expire, or until the visitor deletes them.

If websites or apps use Google Analytics in conjunction with other Google advertising products, such as the Google Ads system, they may also collect other advertising identifiers. Users can turn off this service or change the settings for the use of cookies in the Advertising settings.

Google Analytics collects users’ IP addresses to protect the security of the service and to help website owners get an idea of ​​the country, state, or city their visitors are coming from (also known as “IP geolocation”). Google Analytics offers the ability to mask the IP addresses collected, however, website owners can see users’ IP addresses even if they do not use Google Analytics.

In the context of Google Analytics, the IP address transmitted by the visitor’s browser is not combined with other Google data. You can prevent the storage of cookies by properly setting your browser software, but in this case the visitor may not be able to fully use all the functions of the websites.

In addition, the visitor can prevent the collection by Google of the data created by the cookies and the use of the website by the visitor (including his IP address), as well as the processing of this data by Google, if they download and install the browser plugin under the link below.

The current link is http://www.google.com/policies/privacy/ads/.

Google acts as a data processor for Google Analytics and thus for the data controller.

According to the provisions of the General Data Protection Regulation (GDPR), Google Analytics is the data processor, as Google Analytics collects and processes data on behalf of its customers (such as the data controller) according to the instructions of those customers. Google can only use the data in accordance with the terms of the contracts concluded with Google Analytics customers, as well as the settings specified by customers on the user interface of its products.

Google Analytics collects internal cookies, device/browser-related data, IP addresses, and website/app activities. This data is collected because it can be used to measure and record in statistical reports the actions performed by users on websites and/or applications that use the Google Analytics service. Customers can customize cookies and the scope of data collected with features such as Cookie Settings, User-ID, Data Import, and MeasurementProtocol.

For customers using the SDK for Google Analytics apps, Google collects an app instance ID. This is a number that is randomly generated when a user installs an app for the first time.

Google Analytics uses IP addresses to infer the geographic location of visitors and to protect the service and its customers. Customers can turn on a feature called IP masking, which allows Google Analytics to use only a part of the IP address instead of the entire IP address collected. Additionally, customers can override IP addresses on demand with the IP override feature.

Google uses the data managed in the Google Analytics service to provide its customers with the Google Analytics measurement service. Identifiers, such as cookies and application instance identifiers, are used to measure how users interact with customer websites and/or applications. It uses IP addresses to keep the service secure and to give website owners an overview of where their users are coming from around the world.

Application of social plug-ins:

The websites of the data controller also use the embedded content of the social media site (Youtube). In this case, joint data management is carried out with the operator of the social website. The legal basis for data management is the consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation, which is given by accepting information about the collection of data about cookies and consenting to data collection.

In connection with the acceptance of the use of cookies on the website of the data controller, the person concerned declares that he has reached the age of 16. A person under the age of 16 may not declare the acceptance or rejection of cookies used by the websites, considering that, based on Article 8 (1) of the General Data Protection Regulation (GDPR), the permission of their legal representative is required for the validity of their legal declaration containing their consent to data management. The data controller is unable to check the consenting person’s age and eligibility, so the data subject guarantees that the data provided is true.

  • Signing up for blog reminders and newsletters:

With the data manager, it is possible to subscribe to blog reminders and newsletters by entering your name and e-mail address. When signing up, the data subject declares that they have read the data controller’s Data Management Notice, as well as whether they give consent to the processing of their personal data for marketing purposes. The data subject is entitled to the rights described in the Data Management Notice and has the opportunity to exercise these rights in the manner and places described therein. Accordingly, the legal basis for processing personal data during the sending of reminders and newsletters is the express and written consent of the subscriber based on adequate information (Article 6 (1) point a) of the General Data Protection Regulation.

Signing up is based on voluntary consent, the data controller naturally gives the data subject the opportunity to withdraw consent and unsubscribe from the newsletter and reminder at any time.

The data subject declares on the website of the data controller in connection with the registration that they have reached the age of 16. A person under the age of 16 may not sign up, given that, based on Article 8 (1) of the General Data Protection Regulation (GDPR), the consent of their legal representative is required for the validity of their legal declaration containing their consent to data management. The data controller is unable to check the consenting person’s age and eligibility, so the data subject guarantees that the data provided is true.

  • Social pages of the data controller:

The data controller also operates Facebook pages, where personal data is also processed.

https://www.facebook.com/people/Tiramisu-a-maine-coon/100085035500707/

https://www.facebook.com/people/Tiramisu-the-Maine-Coon/100084915792222/

The data controller also provides comprehensive personal support via Facebook. If you ask a question via Facebook, they will try to answer it as soon as possible. The data obtained on Facebook pages is used exclusively to answer your question, not for further advertising purposes.

The purpose of using Facebook pages is to share content and provide information on the social media interface. Facebook can also use the data for its own purposes, including profiling the data subject and targeting them with advertisements.

In order to be able to contact the controller via Facebook, you must log in. For this purpose, Facebook also requests, stores and processes personal data. The data controller has no influence on the type, scope and processing of this data, and does not receive personal data from the Facebook operator. You can find more information about this on the Facebook page.

On the Facebook pages, the personal data of the followers is handled by the data controller in accordance with their consent (Article 6 (1) point a) of the General Data Protection Regulation), consent is considered given when the person in question likes, follows, or comments on their pages and posts.

The data controller is also present on the social media site Instagram with the following profile:

https://www.instagram.com/tiramisu_the_maine_coon/

Followers’ personal data is handled on the Instagram page. Data processing takes place on the legal basis of consent given by tracking (General Data Protection Regulation Article 6 (1) point a)).

Additional social pages of the data controller, where the legal basis for data management is also the consent of the data subject (General Data Protection Regulation Article 6 (1) point a)):

https://hu.pinterest.com/tiramisuthemainecoon/

https://www.youtube.com/@tiramisuthemainecoon/featured

  • Security of data management:

The data controller undertakes to take care of the security of the data, to take the technical and organizational measures and to maintain the procedural rules that ensure that the recorded, stored and managed data are protected, as well as to prevent their destruction, unauthorized use and unauthorized change. You also undertake to call on all third parties to whom you forward or transfer the data to comply with the requirement of data security.

The data controller ensures that no unauthorized person can access, disclose, transmit, modify, or delete the processed data. The managed data can only be seen by the data controller and the data processor(s) used by it, it will not be passed on to third parties who are not authorized to see the data.

The data controller pays particular attention to the security of the personal data of the data subjects. They act in full compliance with the legal provisions and requires this from all its partners. The protection of personal data includes both physical data protection (storing documents in a lockable room) and IT protection (use of firewall, antivirus, password protection).

The data controller stores the personal data provided by the data subject primarily on the servers of the data processor(s) specified in this Data Management Information System equipped with the usual protection systems, partly on its own IT devices, and in the case of paper data media, at their home address, properly locked.

Those concerned acknowledge and accept that, in case of providing their personal data, data protection cannot be fully guaranteed on the Internet and in the computer system. In the event of unauthorized access or knowledge of data – despite the efforts of the data controller – it is necessary to proceed as described in this information.

The rights of those affected by data management:

  • Transparent information:

This privacy policy also serves the purpose of providing a clear, concise, transparent and comprehensible description of the data management activities employed by the data controller.

  • Right of access:

The data subject is entitled to receive feedback from the data controller as to whether he is in the process of processing personal data, and if he is in the process of processing such data, he is entitled to receive access to personal data and the following information:

  • The purpose of data management,
  • Categories of personal data concerned,
  • The recipients to whom the personal data were disclosed,
  • The planned date of storage of personal data.

One can request information about the above data from the data controller at the following e-mail address:

Leontina Botos H-3300 Eger, Kodály Zoltán utca 2. VII/1., Hungary

E-mail: tiramisu@tiramisuthemainecoon.com

The data controller hereby informs you that they will respond to your inquiry within 30 days. Information requests sent by post will be answered by post, and requests sent by e-mail will be answered by e-mail.

  • Right to rectification:

The data subject has the right to have inaccurate personal data corrected by the data controller upon request.

The data subject has the right to have inaccurate personal data corrected by the data controller upon request.

Leontina Botos H-3300 Eger, Kodály Zoltán utca 2. VII/1., Hungary

E-mail: tiramisu@tiramisuthemainecoon.com

The data controller hereby informs you that they will respond to your inquiry within 30 days. Information requests sent by post will be answered by post, and requests sent by e-mail will be answered by e-mail.

  • Right to erasure:

The data subject has the right to have the personal data deleted by the data controller upon request. Based on this request, the data controller is obliged to delete the personal data if one of the following reasons exists:

  • The personal data is no longer needed for the purpose for which it was collected.
  • The data subject withdraws their previously given consent and there is no other legal basis for data processing.
  • The data subject objects to data processing and there is no overriding legal reason for data processing.
  • Personal data was handled illegally.
  • It is necessary to delete the data to fulfill a legal obligation prescribed by EU or member state law.

One can request information about the above data from the data controller at the following e-mail address:

Leontina Botos H-3300 Eger, Kodály Zoltán utca 2. VII/1., Hungary

E-mail: tiramisu@tiramisuthemainecoon.com

The data controller hereby informs you that they will respond to your inquiry within 30 days. Information requests sent by post will be answered by post, and requests sent by e-mail will be answered by e-mail.

Right to restrict data processing:

The data subject has the right to request that the data controller limit data processing, primarily if:

  • they dispute the accuracy of the data or
  • they consider the data processing illegal, but for some reason do not request the deletion of the data.

You can request information about the above data from the data controller at the following e-mail address:

Leontina Botos H-3300 Eger, Kodály Zoltán utca 2. VII/1., Hungary

E-mail: tiramisu@tiramisuthemainecoon.com

The data controller hereby informs you that they will respond to your inquiry within 30 days. Information requests sent by post will be answered by post, and requests sent by e-mail will be answered by e-mail.

  • Right to data portability:

The data subject has the right to receive his/her personal data in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller.

You can request information about the above data from the data controller at the following e-mail address:

Leontina Botos H-3300 Eger, Kodály Zoltán utca 2. VII/1., Hungary

E-mail: tiramisu@tiramisuthemainecoon.com

The data controller hereby informs you that they will respond to your inquiry within 30 days. Information requests sent by post will be answered by post, and requests sent by e-mail will be answered by e-mail.

  • Right to protest:

The data subject has the right to object to the processing of their personal data at any time for reasons related to his own situation, the European Parliament and the Council (EU) 2016/679. as written in Article 21 of its decree.

One can request information about the above data from the data controller at the following e-mail address:

Leontina Botos H-3300 Eger, Kodály Zoltán utca 2. VII/1., Hungary

E-mail: tiramisu@tiramisuthemainecoon.com

The data controller hereby informs you that they will respond to your inquiry within 30 days. Information requests sent by post will be answered by post, and requests sent by e-mail will be answered by e-mail.

The data subject’s right in case of automated decision-making:

The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on them or significantly affect them. Automated decision-making is any procedure or methodology during which technical automation evaluates the personal characteristics of the data subject and which has a legal effect on them or significantly affects them. The data manager does not use IT automatisms suitable for profiling that have a significant impact on the rights of the data subject.

You can request information about the above data from the data controller at the following e-mail address:

Leontina Botos H-3300 Eger, Kodály Zoltán utca 2. VII/1., Hungary

E-mail: tiramisu@tiramisuthemainecoon.com

The data controller hereby informs you that they will respond to your inquiry within 30 days. Information requests sent by post will be answered by post, and requests sent by e-mail will be answered by e-mail.

The data controller undertakes to notify all recipients of requests sent in connection with the above rights to whom they have disclosed personal data unless this proves to be impossible. They also undertake to notify the person concerned (applicant) of the decision regarding the handling of the above requests within 30 days at the latest.

  • Data protection incident:

A data protection incident is a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data transmitted, stored, or handled in another way.

In the case of a data protection incident, the damage to data security must be at a level that threatens serious danger, thus the damage must be of such a degree that the personal data:

  • is destroyed,
  • is lost
  • is erroneously changed
  • is disclosed in an unauthorized manner or
  • has been assessed in an unauthorized manner.

It is considered an incident if any of the above occurs, but this does not preclude several points from happening at the same time. This includes not only intentional, malicious behavior, but also injuries caused by negligence. The incident, therefore, occurs when it is caused by an accident or an illegal act.

Examples of data protection incidents include:

  • illegal transmission of personal data on a document, portable device, data carrier, or IT system (e.g. by mail),
  • unauthorized access to an IT system or application handling personal data,
  • damage or loss of part or all of the database containing personal data,
  • part or all of the IT system becoming unusable due to a virus or other malicious software, etc.

In the absence of appropriate and timely measures, a data protection incident can cause physical, financial, or non-financial damage to natural persons, including the loss of control over their personal data or the restriction of their rights, discrimination, identity theft, or identity abuse, financial loss, unauthorized removal of pseudonyms, damage to reputation, damage to the confidential nature of personal data protected by the obligation of professional confidentiality, or other significant economic or social disadvantage affecting the natural persons in question.

In the event of a possible data protection incident (unless the data protection incident is likely to pose no risk to the rights and freedoms of natural persons), the data controller shall immediately notify the National Data Protection and Freedom of Information Authority. As soon as the data controller becomes aware of the incident, he must report it without undue delay and, if possible, no later than 72 hours after he became aware of the data protection incident. If the notification cannot be made within 72 hours, the reason for the delay must be indicated, and the required information must be provided in detail without further undue delay.

In order to report a data protection incident, the National Data Protection and Freedom of Information Authority operates a system specially created for this purpose on its website, through which reports can be made electronically.

The data controller keeps records of data protection incidents, indicating the facts related to the data protection incident, its effects, and the measures taken to remedy it. The data controller must keep records of the data related to the incidents, including the reasons, the events, and the scope of the personal data involved. In addition, the person registering must also include the effects and consequences of the incidents, as well as the measures taken to remedy them and the data controller’s conclusions (for example: why you think the incident is not reportable, or if the report is late, what was the reason for the delay).

It is not necessary to notify the supervisory authority of an incident that probably does not pose a risk to the rights and freedoms of natural persons.

If the data protection incident is likely to involve a high risk to the rights and freedoms of the data subjects, the data subject shall be informed of this without delay. In the information given to the person concerned, the nature of the data protection incident must be clearly and comprehensibly described, and the most important information and measures must be communicated.

The data subject does not need to be informed as above if any of the following conditions are met:

  • the data controller implemented appropriate technical and organizational protection measures and these measures were applied to the data affected by the data protection incident, especially those measures that make the data unintelligible to persons not authorized to access personal data;
  • after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;
  • providing the information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.
  1. Information on the most important relevant legislation:
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) – on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (general data protection regulation, GDPR);
  • CXII of 2011. law – on the right to self-determination of information and freedom of information (Info. tv.);
  • Act V of 2013 – on the Civil Code (Ptk.).
  1. Right to go to court:

In the event of a violation of their rights, the data subject may apply to the court against the data controller. The court shall rule on the case out of turn.

  1. Data protection official procedure:

You can file a complaint with the National Data Protection and Freedom of Information Authority:

Name:                        Nemzeti Adatvédelmi és Információszabadság Hatóság

Headquarters:          H-1055 Budapest, Falk Miksa u. 9-11., Hungary

Postal address:         H-1363 Budapest, Pf. 9., Hungary

Telephon:                  +3613911400

Fax:                            +3613911410

E-mail:                       ugyfelszolgalat@naih.hu

Webpage:                 http://www.naih.hu

  1. Other provisions:

The data controller provides information on data processing not listed in the information sheet when the data is collected. In such cases, the provisions of the applicable legislation are considered to be governing.

The data controller hereby informs the affected parties that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the National Data Protection and Freedom of Information Authority, the Magyar Nemzeti Bank, or other bodies based on the authorization of the law, provide information, communicate data, they can contact the data controller in order to transfer or provide documents. If the authority has indicated the exact purpose and the scope of the data, the data controller will only release personal data to the authorities to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.

The website of the Data Protection Authority contains additional information about the data protection rights referred to in this Data Management Notice.

Eger, 27.07.2023.

Leontina Botos

  1. APPENDIX No. 1
NumberDesignation of personal data managementPurpose of data managementLegal basis for data managementThe deadline for deleting personal data
1.Personal data recorded during data collection of cookies managed by websites.Increasing the user experience, developing websites, statistical purpose.Consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation).Immediately after withdrawal of consent, but within 30 days at the latest.
2.Personal data (name, e-mail address) provided when subscribing to the blog reminder or newsletter.In order to send reminders and newsletters.Consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation).Immediately after withdrawal of consent, but within 30 days at the latest.
3.During the use of the social networking sites, personal data became known to the data controller.For information and to promote the websites.Consent of the data subject (Article 6 (1) point a) of the General Data Protection Regulation).Immediately after withdrawal of consent, but within 30 days at the latest.
4.The likeness of photos and videos appearing on websites and blog posts.Promotion of the activity, use of recordings on websites, social networking sites and other publications.Consent of the data subject (or the legal representative) (Article 6 (1) point a) of the General Data Protection Regulation.Immediately after withdrawal of consent, but within 30 days at the latest.