1. Details of the data controller
Data controller: Blue Guava Technology Kft. (hereinafter: Data Controller)
Registered seat: H-1158 Budapest, Neptun utca 39/1.
Site: H-1152 Budapest,Szentmihályi út 167-169. West Wing, 4th floor
Corporate registration number: 01-09-307922
Tax number: 26209168-2-42
Website: www.guava.blue
Contact details of the Data Protection Officer: gdpr@guava.blue
Telephone: +36-30/9954-112
2. General legislative provisions serving as a legal basis for data processing
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (hereinafter: Regulation or GDPR)
- Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: Act on Privacy)
3. Definitions
Personal data: means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Such typical personal data includes, in particular: name, address, place, and date of birth, mother’s name.
Processing: means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Data processor: means the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Recipient: means a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not.
Cookie: a set of information sent from the server to the browser, and every time there is a request, the browser sends it back to the server with the data content specified by the server. This is designed to save the settings on the website you visited, so if you revisit the site from the same device, the page will remember the parameters previously set by you. Cookies are most often used to personalize advertisements and services and analyze website traffic. In light of the current legislation in force, we can only store cookies on your terminal device if this is strictly necessary, essential for our website’s operation; these are called necessary cookies. We need your consent to use any other types of cookies.
4. Cookies used by the Website
4.1. Cookies that are essential for the operation of the Website
Name | Service provider | Goal | Expiry | Type |
CONSENT | Stores the cookie consents provided by users. | 20 years | HTTP |
Legal basis of data processing: legitimate interest of the Data Controller (Article 6 (1) f) of the GDPR).
4.2. Statistical cookies
Data obtained from statistical cookies help to understand how visitors interact with the Website. The personal data processed by such means are collected anonymously.
Name | Service provider | Goal | Expiry | Type |
1P_JAR | Used for collecting website statistics created by Google.com and Google Analytics and for tracking the conversion rate. | 1 month | HTTP |
Legal basis of data processing: consent of the data subject (Article 6 (1) a) of the GDPR).
The statistical tool used by the Data Controller is Google Analytics. Google Analytics is a web analytics service provided by Google Inc. (hereinafter: Google). Google Analytics uses cookies. The information generated by using the Website (IP address) is transferred to a Google server located in the United States, and it is stored there. Before that, to anonymize your IP address, Google shortens it within the Member States of the European Union and in states that are parties to the Agreement on the European Economic Area. Based on this information, Google evaluates website use, makes reports relating to website engagement, and provides us additional services related to website and Internet usage. The IP address transferred by way of the Google Analytics service is not connected to other Google data. Full IP addresses are only transmitted to Google servers in the US in exceptional cases where they will also be shortened. You can refuse the use of cookies by selecting the appropriate settings in the browser. You can also prohibit Google from collecting and processing the data (including the IP address) generated by cookies relating to the website’s use. To do this, download and install the browser plug-in module from the following link:
https://tools.google.com/dlpage/gaoptout?hl=en
After the IP address is anonymized, the data can no longer be associated with you. Data processed for statistical purposes in the Google Analytics system will be deleted after 26 months.
If you wish to delete the cookies from our Website or do not intend to use them, you can disable them following the instructions below:
Internet Explorer:
https://support.microsoft.com/hu-hu/help/278835/how-to-delete-cookie-files-in-internet-explorer
Chrome:
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=hu
Firefox:
https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn
Safari:
https://support.apple.com/hu-hu/guide/safari/sfri11471/mac
4.3. Marketing cookies
Marketing cookies are used for tracking visitors on websites. The goal is to display advertisements that are relevant and attractive to individual users.
Name | Service provider | Goal | Expiry | Type |
NID | This cookie stores the user preferences and other information. Such information may contain the preferred language and the number of search results displayed on the page. | 6 months | Pixel | |
DV | This cookie stores user preferences and other information. Such information may contain the preferred language and the number of search results displayed on the page. | Session | Pixel |
Legal basis of data processing: consent of the data subject (Article 6 (1) a) of the GDPR).
5. Data subject rights and their content relating to data processing
Data subject rights relating to data processing | Content of data subject rights relating to data processing |
Right to be informed.
/GDPR, Article 13-14./ |
You have the right to be informed about the fact and purpose of data processing at the time when personal data are obtained. The Data Controller provides you with additional information necessary to ensure fair and transparent data processing, taking into account the specific circumstances and context of personal data processing. You must also be informed about any profiling and its consequences.
|
Right of access
/GDPR, Article 15/ |
You are entitled to receive confirmation as to whether your personal data are being processed. If such data processing is in progress, you will be entitled to be granted access concerning:
· what personal data · on what legal basis · for what processing purposes · for how long are processed by the Data Controller · who to, when, and based on which legislation did the Data Controller provide access to your personal data or who were they transmitted to · what source do personal data originate from (if it was not you that provided them to the Data Controller) · whether you apply automated decision-making and its logic, including profiling as well.
|
Right to rectification
/GDPR, Article 16/ |
You have the right to receive from the Data Controller upon request the rectification of inaccurate personal data concerning you or to have incomplete personal data completed. Therefore, you may ask the Data Controller to modify some of your personal data (for example, you can change your email address or other contact details at any time).
|
Right to erasure (“right to be forgotten”)
/GDPR, Article 17/ |
You have the right to obtain from the Data Controller the erasure of your personal data where one of the following grounds applies:
· your personal data are no longer necessary about the purposes for which they were collected or otherwise processed · you withdraw your consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Article 9 (2), and there is no other legal ground for the processing · you object to data processing based on Article 21 (1), and there is no overriding legitimate reason for the processing of data, or you object to data processing based on Article 21 (2) · your personal data have been unlawfully processed · your personal data must be deleted to comply with a legal obligation imposed by EU or Member State law applicable to the Data Controller · the collection of your personal data is performed in connection with offering information society services, as referred to in Article 8 (1).
|
Right to restriction
/GDPR, Article 18/ |
You have the right to obtain from the Data Controller the restriction of your personal data where one of the following grounds applies:
· The accuracy of your personal data is contested by you (in this case, the restriction applies to the time period which allows the Data Controller to verify the accuracy of the personal data) · the data processing is unlawful, and you oppose to the erasure of the data and request the restriction of their use instead · the Data Controller no longer needs the personal data for data processing, but you require them to present, exercise, or defend a legal claim In light of Article 21 (1), you objected to data processing (in this case, the restriction applies to the time period that is necessary to determine whether the Data Controller’s legitimate reasons override your legitimate reasons).
|
Right to data portability
/GDPR, Article 20/ |
You have the right to receive the personal data concerning you, which you have provided to a Data Controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from the Data Controller to which the personal data have been provided, where:
· the processing is based on consent according to point (a) of Article 6 (1), or point (a) of Article 9 (2), or on a contract within the meaning of point b) of Article 6 (1), and · the processing is carried out by automated means. You also have the right – if this is technically feasible – to request that your personal data are directly transferred among Data Controllers.
|
Right to object
/GDPR, Article 21/ |
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on point (e) or (f) of Article 6 (1), including profiling based on the referred provisions. In this case, the Data Controller shall not continue to process your personal data, except where the Data Controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
|
Right to withdraw consent.
/GDPR, Article 7 (3)/ |
You have the right to withdraw your consent at any time. Withdrawing your consent does not affect the data processing’s lawfulness based on consent before the withdrawal. You shall be informed of this before consent is granted. It shall be as easy to withdraw as to give consent.
|
6. Legal remedies for data subjects relating to data processing, and their content
Legal remedy | Content of the remedy |
Right to complain with a supervisory authority
/GDPR, Article 77/ |
If your right to the protection of personal data is infringed, you may complain to the following Authority:
Hungarian National Authority for Data Protection and Freedom of Information registered seat: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C. postal address: H-1530 Budapest, Pf.: 5 telephone: +36 (1) 391-1400 email:ugyfelszolgalat@naih.hu website: www.naih.hu
|
Right to effective judicial remedy against a controller or processor (initiation of court proceedings)
/GDPR, Article 79/ |
You are entitled to go to court against the Data Controller or the Data Processor if you experience your personal data unlawful processing. The court will give priority to the case. In such cases, you are free to decide whether to submit your request to the tribunal of your domicile or your residence. Contact details of the tribunals: https://birosag.hu/torvenyszekek
|
7. Updates to the Privacy Notice
The Data Controller reserves the right to modify this Privacy Notice unilaterally. The modification of this Notice may be particularly executed if it is necessary due to changes in legislation, official data protection practices, business needs, or other circumstances. At the Data Subject’s request, the Data Controller sends a copy of the Privacy Notice in force to the Data Subject, in a form mutually agreed upon by the stakeholders.