Data Processing Guide

for visitors and registered users of the web site of https://loscarballos.com

  1. Introduction

While operating the website, the service provider / data controller processes the data of persons who registered on the web site, to be able to provide appropriate service to them.

The service provider intends to comply fully with the legislation on the processing of personal data, particularly with Regulation (EU) 2016/679 of the European Parliament and of the Council on the processing of personal data.

This data processing guide has been prepared based on Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of the personal data of natural persons and the free movement of data, with regard to the contents of Act CXII of 2011 on informational self-determination and freedom of information.

We process only such personal data (Name, Phone number, email address, date of the event) and only as long as the submission of a proposal and cooperation are current, and as long as the information is essential for proposal submission and the realization of the maintenance of contact. We shall never transfer any data provided by the data subject’s own consent to any third person, unless the data subject has expressly consented to and requests that.

  1. Name of the Service Provider, data controller:
Name / business name: MyLittleWorld Kft.
Registered office: 1042 Budapest, Kassai utca 10. VI. em. 36.
Tax number: 22784072-2-41
Registration number (NAIH): [*]
Name and address of the website: Los Carballos, https://loscarballos.com
Availability of the Data Processing Guide: https://loscarballos.com/adatkezelesi-tajekoztato
  1. Contact details of the data controller:
Name / business name: MyLittleWorld Kft.
Registered office: 1042 Budapest, Kassai utca 10. VI. em. 36.
Mail address: 1042 Budapest, Kassai utca 10. VI. em. 36.
E- mail: info@loscarballos.com
Telephone: +36 30 591 1951
  1. Definition of concepts
GDPR (General Data Protection Regulation) The new Data Protection Regulation of the European Union.
Data processing: any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
Data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Intended recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  1. Principles of data processing

The data controller declares that it processes all personal data in accordance with the provisions contained in the Data Processing Guide and observes the provisions of the relevant statutes, with special regard to the following:

  • Personal data shall be processed legitimately and with integrity, and in a way transparent for the data subject.
  • Collection of personal data shall be allowed only for specific, clear and legitimate purposes.
  • The purpose of the processing of personal data shall be appropriate and relevant, and shall not exceed the necessary scope.
  • Personal data shall be accurate and updated. Any inaccurate personal data shall be erased immediately.
  • Personal data shall be stored in a form that enables the identification of the data subjects only for the time necessary. Storage of personal data for a term longer than that shall only take place if it is for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
  • Personal data shall be processed in such a manner that by the application of the appropriate technical or organizational measures we ensure the appropriate security of personal data, including protection against the unauthorized or illegitimate processing, accidental loss, destruction or impairment of the data.
  • The principles of data protection shall apply to any information concerning an identified or identifiable natural person.
  1. Important information on data processing

The purpose of data processing is to enable the service provider / data controller to provide appropriate additional services to the persons who registered on the web site.

The legal basis of data processing is the consent of the data subject.

The scope of persons affected by data processing is the registered users of the website.

Term of data control and erasure of the data. The term of data control always depends on the specific aim of the user, but when the original purpose has been fulfilled, the data shall be erased immediately. The data subject may revoke their consent to data processing at any time in a message sent to the email address for contacts. Unless there is a legal impediment to erasure, in this case you data will be erased.

The data controller and its employees are authorized to inspect the data.

The data subject may request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability.

The data subject has the right to withdraw their consent at any time, but this will not affect the lawfulness of processing based on consent before such withdrawal.

The data subject has the right to submit complaints addressed to the supervisory authority.

If the data subject intends to take advantage of the benefits of registration, i.e. they want to use the relevant service of the website, then it is necessary to provide the requested personal data. The data subject is not required to provide personal data, they will not be disadvantaged in any way if they fail to provide the data. However, certain functions of the website require registration to be used.

The data subject shall have the right to obtain from the controller without undue delay the rectification, supplementation of inaccurate personal data concerning him or her.

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay, if data control has no other legal basis.

The change or erasure of personal data may be initiated by email, on telephone or by regular mail, on the contact details provided above.

  1. Registration on the website
Identification of the data processing: Marketing, sales
The purpose of data processing: Submission of proposal, request for proposal, contract conclusion
Legal basis of data processing: legitimate interest
Scope of data subjects: every interested prospective future customer
Data on the data subjects: name, email, telephone
Data source: website (form for obtaining contact), email account
term of data control: date of contract conclusion
Type of data control: electronic

The purpose of data control is the provision of additional services and obtaining contact.

The legal basis of the control of registration data is your consent.

The scope of persons affected by data processing is the registered users of the website.

Duration of data processing. Data are processed until the consent is withdrawn. You may revoke your consent to data processing at any time in a message sent to the email address for contacts.

The data will be erased when the consent to data processing is withdrawn. You may revoke your consent to data processing at any time in a message sent to the email address for contacts.

The data controller and its employees, if any, are authorized to inspect the data.

Method of storage of the data: electronic.

The change or erasure of personal data may be initiated by email, on telephone or by regular mail, on the contact details provided above.

Provision of personal data is absolutely necessary for identification in databases and for the maintenance of contact. The exact business name and address are necessary for billing, which is a legal obligation.

The user may grant his or her consent to data processing by intentionally ticking the dedicated empty checkbox provided on the web site.

As a data subject, you may restrict the processing of your personal data, in that regard you are entitled to the process according to the data processing information detailed above and to the process presented in this guide and the statutes identified in the guide.

  1. Order placement, contract conclusion
Identification of the data processing: administration
The purpose of data processing: conclusion of the contract
Legal basis of data processing: contractual
Scope of data subjects: the contracting customers/clients
Data on the data subjects: name, address, personal ID card number, email, telephone number
Data source: email account
term of data control: until the end of the contractual relationship or until request is made for erasure
Type of data control: electronic
Identification of the data processing: Records of contractual partners
The purpose of data processing: fulfilment of the contractual tasks
Legal basis of data processing: contractual
Scope of data subjects: contracting parties
Data on the data subjects: name, address, personal ID card number, email, telephone number
Data source: email account
term of data control: until the end of the contractual relationship or until request is made for erasure
Type of data control: electronic and paper-based
  1. Quality assurance
Identification of the data processing: quality assurance
The purpose of data processing: retention of certain documents for quality assurance purposes
Legal basis of data processing: legitimate interest
Scope of data subjects: contracting parties
Data on the data subjects: name, address, email
Data source: email
term of data control: for a term of 8 years after the end of the contractual relationship
Type of data control: electronic
  1. Issue of invoices
Identification of the data processing: finances, accounting
The purpose of data processing: compliance with the financial and accounting laws
Legal basis of data processing: legal obligation
Scope of data subjects: contracting parties
Data on the data subjects: name, address, email
Data source: financial billing system
term of data control: pursuant to the provisions of the accounting law – 8 years
Type of data control: electronic and paper-based
  1. Cookies

The data controller uses cookies on its website, which are text data files stored by the computer visiting the site. These cookies record personal identifiers, based on which the data controller is able to provide higher level service during the visit to the website, furthermore, based on these cookies it is able to make business proposals to the stakeholders. The data subjects are able to erase these cookies at any time in the settings of their own Internet browsers.

The scope of persons affected by data processing is visitors to the website.

The purpose of data control is the provision of additional services and the monitoring of visitors.

Legal basis of data processing:

The consent of the user is not necessary if the service provider absolutely needs to use the cookies.

Scope of the data: unique identifier number, date and time, setting data.

Data controllers authorized to inspect the data.

By using the cookies the data controller does not control personal data.

Method of storage of the data: electronic.

  1. Tracking codes exploring browsing habits

The data controller uses algorithms exploring the browsing habits of visitors to the site in an integrated manner (pixel) on its online interfaces. These algorithms are provided by the following entities operating in a third country, as data processors:

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States

YouTube, LLC, 901 Cherry Ave. San Bruno, CA 94066, United States

Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, United States

Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103, United States

MailChimp – The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308, United States

It is a general operating principle of algorithms exploring browsing habits that during a visit to the online interface the data element integrated in the website (pixel) sends a signal to the data processing agent on the fact of the visit. If the data subject has their own account with the data processors, then the data processor may connect the fact of the visit to the personal account of the data subject. Data subjects are allowed to obtain information on the data collected by the data processors and may dispose at the data processors in the personal accounts managed by them. This includes the opportunity of requesting the erasure of these browsing data.

The scope of persons affected by data processing is visitors to the website.

The purpose of data control is the provision of additional services and the monitoring of visitors.

Legal basis of data processing:

The consent of the user is not necessary if the service provider absolutely needs to use the tracking codes.

Scope of the data: unique identifier number, date and time, setting data.

Data controllers authorized to inspect the data.

By using the tracking codes, the data controller does not control personal data.

Method of storage of the data: electronic.

You can view information on data control on the following sites:

Facebook: https://developers.facebook.com/docs/plugins/

Google Analytics: https://www.google.com/intl/en/policies/privacy/

Youtube: https://www.youtube.com/yt/about/policies/

Instagram: https://www.instagram.com/about/legal/privacy/

Pinterest: https://about.pinterest.com/privacy-policy

Mailchimp: https://mailchimp.com/legal/privacy/

  1. Social media

Social media means media outlets that distribute messages through social users. Social media use the Internet and online publishing opportunities in order to have the users turn from content receivers into content creators.

Social media is such a platform of Internet applications that includes contents created by the users, such as Facebook, Instagram, etc.

Forms of appearance in social media include public speeches, lectures, presentations, information on goods or services.

In terms of form, information published in the social media may include forums, blog posts, image, video and sound materials, message walls, email messages, etc.

According to the above definition, in addition to personal data, the scope of controlled data may also include the public profile picture of the user.

Scope of data subjects: each user who visits the website.

The purpose of data collection is the promotion of the website or a webpage connected to it.

The legal basis of data processing is the voluntary consent of the data subject.

Term of data control: according to the regulation available on the given social media site.

Deadline for the erasure of the data: according to the regulation available on the given social media site.

Persons authorized to inspect the data: according to the regulation available on the given social media site.

Rights related to data control: according to the regulation available on the given social media site.

Method of storage of the data: electronic.

It is important to note that whenever a user uploads or sends some kind of personal data, they grant permission, valid all over the world, to the operator of the social media site to store and use such contents. Therefore it is very important to make sure that the user is fully authorized to distribute the published information.

  1. Data processors

Storage space provider: Server Hosting data

Name / business name: Tárhely.Eu Kft.
Registered office: 1144 Budapest, Ormánság utca 4.
Tax number: 14571332-2-42
E- mail: support@tarhely.eu

The data provided by you are stored on a server operated by the storage space provider. Only our staff and the staff operating the server are able to access the data, but every one of them is responsible for the safe handling of the data.

Description of the activity: storage space provision, server provision.

Purpose of data processing: assurance of the operation of the website.

Controlled data:  personal data provided by the data subject.

Term of data control and deadline for the erasure of the data. Data are controlled until the end of the operation of the website, or according to the contractual agreement between the operator of the website and the storage space provider. If necessary, the data subject may also request the storage space provider to erase their data.

The legal basis of data processing is the consent of the data subject, statutory data control and the legitimate interest of the data controller.

  1. Rights related to data processing
The right to requesting information: You may request information from us through the specified contact details, what are your personal data processed by our company, on what legal basis, for what data processing purpose, from what source and for how long. Upon your request we will send information immediately, but in any case within 30 days, to the email contact provided by you.
The right to rectification: You may request rectification of any of your data through the specified contact details. Upon your request we will take action immediately, but in any case within 30 days, and send information accordingly, to the email contact detail provided by you.
Right to erasure: You may request erasure of your data from us through the specified contact details. Upon your request we will do that immediately, but in any case within 30 days, and send information to the email contact provided by you.
Right to blocking: You may request blocking of your data from us through the specified contact details. Blocking will last as long as the cause specified by you necessitates the storage of the data. Upon your request we will do that immediately, but in any case within 30 days, and send information to the email contact provided by you.
Right to object: You may object to data processing through the specified contact details. We will assess the objection within the shortest possible time after the submission of the request, but in any case within 15 days, we will decide on whether it is substantiated and inform you on the decision by email.
The opportunity of legal enforcement related to data processing: In the case of illegitimate data processing experienced by you, please inform our company, enabling the restoration of the legitimate state within a short time. In your interest, we will do our best to resolve the presented problem.

If in your opinion it is not possible to restore the legitimate state, you may report this to the competent authority on the following contact details:

National Authority for Data Protection and Freedom of Information

Mailing address: 1530 Budapest, Pf.: 5.

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

Telephone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-mail: ugyfelszolgalat (at) naih.hu

URL https://naih.hu

coordinates: N 47°30’56”; E 18°59’57”

  1. Legislation serving as the basis of data control

REGULATION (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (general Data Protection Regulation);

Act CXII of 2011 on Informational self-determination and freedom of information.

Act LXVI of 1995 on Public Records, Public Archives and the Protection of Private Archives,.

Government Decree 335/2005. (XII. 29.) on the common provisions of document management in public administrative bodies.

Act CVIII of 2001 on certain issues of electronic commerce services and information society services.

Act C of 2002 on Electronic communication.