2. Data manager in order to enable the Artist to access the service on the web site of the data manager (http://www.artbridge.shop/) and its subpages (like registration at the Artist Gate and uploading the digital images) and after the registration in order to enable the parties to enforce their rights and to fulfill their obligations and do demonstrations connected to the obligations, and to carry out an assessment of their own service (such as the sale of products) it shall handle such personal data to the extent and time required by law.
3. The scope of this Policy applies to the data management connected to the website (http://www.artbridge.shop) and its subdomains for browsing and / or registering.
4. This Privacy Statement is available on the following website: http://www.artbridge.shop
- CXII. Law on information self-determination and freedom of information (hereinafter: Infotv.)
- CVIII of 2001. Act on Electronic Commerce Services and Information Society Services (in particular Section 13 / A)
- XLVII of 2008. Act on the Prohibition of Unfair Commercial Practices against Consumers;
- XLVIII of 2008. of the Act on the Basic Conditions and Limitations of Commercial Advertising Activity (in particular Section 6)
- General Data Protection Regulation in force since May 25, 2018 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation 95/46/EK.
2. Interpretative provisions
1. concerned / user: any natural person identified or can be identified - directly or indirectly, by any identified personal data;
2. personal data: data relating to the user, in particular the name, identifying mark, and the knowledge of one or more physical, physiological, mental, economic, cultural or social identities of the users, and the conclusion deducted from the data to the data subject;
3. Special Data:
(a) personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other beliefs of the world, membership of an interest representation organization, personal data relating to sexual life,
(b) personal data relating to the state of health, abnormal passion and criminal personal data;
4. contribution: voluntary and decisive disclosure of the will of the person concerned, based on appropriate information and by which he gives his / her unambiguous consent to the handling of his / her personal data, covering all or part of operations;
5. protest: the statement of the person concerned with which he or she objected to the handling of his or her personal data and asks for the termination of the data processing and the cancellation of the data processed;
6. data manager means a natural or legal person or a non-legal entity that independently or with others determines the purpose of data management, makes and executes decisions on data management (including the equipment used), or performs or executes it with a data processor;
7. data management: irrespective of the method used, any operation of the data or all of the operations, such as collecting, capturing, recording, organizing, storing, modifying, using, retrieving, transmitting, publishing, aligning or interconnecting, blocking, deleting and destroying any of the operations , as well as preventing the further use of data, taking photographs, sound or images, and recording physical features (such as finger or palm prints, DNA samples, iris images) for identifying the person;
8. transfer of data: making the data available to a specific third party;
9. disclosure: making the data available to anyone;
10. data deletion: making the data unrecognizable in such a way that their recovery is no longer possible;
11. data marking: providing the identification of the data with a view to distinguishing it;
12. data blocking: for the purpose of limiting the continued handling of the data by means of an identification mark for a definite or fixed period of time;
13. data destruction: physical destruction of data-containing media;
14. processing of data: to carry out technical tasks related to data management operations, irrespective of the method and device used to implement the operations and the place of application, provided that the technical task is carried out on the data;
15. data processor means a natural or legal person or an organization without legal personality who, by virtue of a contract concluded with the data manager, including the conclusion of a contract by law, processes data;
16. data controller: a public service body that has produced publicly available information that is compulsory by electronic means and whose data have been generated during its operation;
17. data provider: a public service body which, if the data controller does not publish the data, publishes the information provided by the data controller on its website;
18. data file: the total data processed in one register;
19. third party: a natural or legal person or an organization without legal personality, which is not the same as the data subject, the data manager or the data processor;
20. economic advertising means a way of communication, information or presentation which aiming the sale, or foster to take possession of a commercially available movable property - including money, securities and financial assets, as well as the natural resources that can be used in the manner of the matter (hereinafter referred to as the product), or service, property, or property right (hereinafter referred to as the good) or in connection with these aims the promotion of the company's name, mark, and operations, or the promotion of the good and any of the good's indication (hereinafter referred to as advertising).
3. Data Management Principles
1. Personal data may only be handled for a specific purpose, for the exercise of the right and for the fulfilment of the obligation. At all stages of data management, the purpose of data management must be fit, the recording and handling of data must be fair and legitimate.
2. Only personal data that is essential for the purpose of data management, is suitable for data management goals. Personal data can only be handled to the extent and for the duration required to achieve this goal.
3. Personal data may be handled if the party concerned agrees or decided on the purpose of the law of a local government on the basis of a law or - by virtue of the law and in the circle defined therein - for a purpose based on public interest.
4. If, due to the incapacity of the person concerned or due to other unavoidable reasons, he or she is unable to give his / her consent, than in order to protect the vital interests of his or her or of other person, and in order to prevent the direct threat to the life, physical integrity or his or her personal goods, the data can be handled to the needed extent while the obstacle of the consent is there.
5. The validity of the legal declaration under 16 years old shall not be approved by his / her legal representative.
6. If the purpose of data-processing based on consent is to carry out a contract written in writing with a data controller, the contract shall contain any information that the data subject needs to know for the purposes of the processing of personal data, under this law, in particular the definition of the data to be processed, the purpose of the use, the transmission of the data, the addressees of it, and the use of the data processor. The contract must, in an unambiguous manner, contain that one contribute with his or her signature to manage its data as specified in the contract.
7. The consent of the person concerned shall be deemed to be given for the personal data that he or she has disclosed to be available in public.
8. In case of doubt, it must be presumed that the party concerned has not given his consent.
4. Legal basis for data management
1. The legal basis for data handling on the website is the user's consent, the Act of Information 5 (1), and the CVIII Act of 2001 on certain aspects of electronic commerce services and information society services, law 13 / A. § (3).
2. Scope of managed data: surname, first name, e-mail address, password, artist name, profile link, invitation code, other personal data and images provided for digital distribution.
3. Deadline for the deletion of data: in case of a contract, in accordance with the Act of Information 4 (1).
4. In addition to the foregoing, the deletion or modification of personal data may be initiated in the following ways: - by post to 1016 Budapest, Csap u. 5. 1em. - by e-mail at email@example.com or electronically on the www.artbridge.shop website, in the manner and under the conditions detailed in the contract.
5. The service provider may be asked for information or data disclosure by the court, the prosecutor, the investigating authority, the offense authority, the administrative authority, the National Data Protection and Information Freedom Authority or other authority mandated by the law.
6. The service provider shall, for the above authorities if the authority has indicated the exact purpose and the scope of the data requirement, give the necessary personal data and to the extent necessary for the purpose of the request or available at the time of the request.
7. The service provider shall handle the data and information provided by the data subject for the purpose of the service, in accordance with the CXII. Act on the information self-determination and the freedom of information, the service provider only uses the processed data in a form that is not suitable for personal identification.
8. Purpose of data management: The service provider manages the personal data of users for the purpose of providing the service (full use of the web site, such as a request for a quote, a photograph promotion, newsletter sending), only to the extent and time required. At all stages of data management, this should be the target.
9. The service provider also handles personal data that is technically necessary for the service.
10. If the personal data has been collected with the consent of the user, the service provider shall manage the recorded data in the absence of a different provision of law, a) to fulfil its legal obligation, or b) to enforce the legitimate interests of the service provider or third party, if this interest is proportionate to the limiting the right to data protection, without any further special consent and these personal data can be handled after withdrawing the user's consent.
5. Manage cookies
2. Scope of managed data: unique identification number, dates and times.
3. Deadline for data deletion: The duration of data processing in session cookies will last until the site visits, while in the other case it will last 30 days.
4. The purpose of data management is to identify users and track visitors.
6. Data storage is carried out on the relevant IT device. An affected person has the option to delete cookies in the Tools / Preferences menu of browsers under the Privacy menu item.
1. The service provider is entitled to transfer the personal managed by it to third parties.
2. The legal basis for the transfer of data is the user's consent, the Infotv. 5 (1) of the Act, and the CVIII Act of 2001 on certain aspects of electronic commerce services and information society services, law 13 / A. § (3).
3. The purpose of the data transfer is to use the image for printing purposes.
4. The scope of the data transmitted for the purpose of printing production: the image and its characteristics.
5. Data is transmitted to the following data controller:
Name: The Art Bridge Kft. (1016 Budapest, Csap str. 5. 1/2.)
1. The service provider protects the data by appropriate measures, in particular against unauthorized access, modification, transmission, disclosure, deletion or destruction, accidental destruction, damage, as well as the unavailability caused by the change of technique used.
2. The service provider will do its utmost to preserve the credibility and confidentiality of the data processed and to ensure that the data subjects and the persons entitled to it always have access.
3. The service provider therefore reserves the right to inform customers and partners of any vulnerabilities of its system that customers or partners may encounter and to limit the access to the service provider's system, services or some of its features.
8. Data management information rights obligations
1. The person concerned may apply to the service provider to provide information on the processing of his / her personal data, to request the rectification of his / her personal data and to request the deletion or blocking of his / her personal data, except mandatory data.
2. At the request of a user, the service provider shall provide information about the data it manages, their source, the purpose, legal basis, duration of the data processing, the name, address and data management method of the data processor, and, in the case of transmission of the personal data of the data subject, the legal basis and the addressee of the data transfer. The service provider shall provide the information in writing and in a clear format within the shortest possible time from the submission of the request, but not later than within 30 days. Information is free of charge.
3. The service provider, if the personal data does not correspond to the reality and the personal data that is in the correct form is available to the data controller, corrects the personal data.
4. Instead of the deletion, the service provider locks out personal data if the user requests, or if, in case it is assumed that the deletion would violate the legitimate interests of the user. Blocked personal data can only be handled as long as there is a data management target that excludes the deletion of personal data.
5. The service provider deletes personal data if its handling is against the law, the user specifically requeste, the data is incomplete or incorrect - and this status can not be legally remedied - provided that the deletion is not excluded by law, the purpose of data management is discontinued or the statutory data storage deadline expired by the law has been ordered by the court or the National Data Protection and Information Authority.
6. The service provider shall inform the person concerned of the correction, blocking, marking and deletion, and inform those who previously had the data transferred for data management. Notification may be omitted if it does not violate the legitimate interest of the user in terms of data handling.
7. The data manager shall have 30 days for the deletion, blocking and rectification of personal data. If the service provider fails to comply with the user's claim for rectification, blocking or cancellation, it shall state the reasons for the rejection within 30 days.
9. Remedies Procedures
1. User may object to the handling of his or her information if:
(a) the processing or transmission of personal data is necessary solely to fulfil the legal obligation of the service provider or to enforce the legitimate interests of the provider, data provider or third party, unless data management is ordered by law;
(b) the use or transmission of personal data is done for direct business acquisition, polling or scientific research;
c) in other cases specified by law.
2. The service provider shall examine the protest within the shortest possible time but not later than 15 days from the submission of the request, and shall inform the applicant in writing of its decision on its merits. If the service provider determines the validity of the protest of the person concerned, data management, including further data collection and data transfer, will terminate and lock the data, and inform the protest and the measures taken on the basis of those who have previously forwarded the personal data affected by the protest, and who are obliged to take action to enforce the right to protest.
3. If the user disagrees with the decision of the service provider, he or she may appeal to the court within 30 days from the date of its communication.
4. In the event of a violation of his or her rights, the user can court the service provider. The court proceeds out of line. An appeal can be lodged with the National Data Protection and Information Freedom Authority:
National Privacy and Freedom Authority
1125 Budapest, Szilágyi Erzsébet fasor 22 / C.
Postal address: 1530 Budapest, Mailbox: 5.
Phone: +36 -1-391-1400