Privacy Policy
1 Introduction
The Greypixel Workshop Kft. (hereafter referred to as: Service Provider) as data controller, to record our internal data processing procedures, and to grant rights of the concerned parties, issues the following data protection notice (hereafter referred to as: Notice).
Privacy policies related to the data controller activities of the Service Provider are continuously available at the web pages and online service providing surfaces of the Service Provider, and on any other online surfaces managed by them (e.g. Facebook, etc.), under the name Privacy Notice.
The Service Provider reserves the right to change the contents of this Notice as required, but according to prevailing legislation in effect.
The Service Provider notifies its clients and the visitors of the online content to the extent necessary.
If you have any questions about this Notice, please send them to the following e-mail address, and we will reply in writing.
E-mail: info@thegreypixelworkshop.com
The Greypixel Workshop Kft. is committed to the protection of personal data of its clients, partners and employees, and considers it extremely important to respect the right of informational self-determination of all natural persons concerned with data processing. The Greypixel Workshop Kft. shall treat personal data confidentially, and ensures the safety of these data with technical and organisational measures.
Please read the data protection and data processing procedures described below.
2 Business information
The Greypixel Workshop Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (The Greypixel Workshop Commerce and Service Provider Limited Company)
Headquarters: 8200 Veszprém, Borsos József utca 2.1, Hungary
Registration number: 19 09 514393
Tax identification number: 23500477-2-19
Authorised representatives: József Lipka, Ákos Mátételki
3 The purpose and scope of the Privacy Notice
The purpose of this Notice is to provide appropriate information for the concerned parties about data controlled and processed by the Service Provider, their source, the purpose, legal basis, and duration of data processing, the name, address and data processing related activities of the party that may be involved with data processing, and – in case of transferring personal data of the concerned party – the legal basis and recipient of the data transmission.
4 Definitions
- personal data: any information related to a natural person who is identified or is identifiable (“concerned party”); a natural person is identifiable if he or she – either directly or indirectly –, can be identified, especially by some kind of identifier, for example name, number, location data, online identifier or one or more factors about the physical, physiological, genetic, mental, economic, cultural or social identity of the person
- data processing: Any kind of automatic or non-automatic operation or a set of operations performed on the personal data or personal data files, regardless of the procedure and method used, i.e. by collecting, recording, systematising, grouping, storing, converting or changing, querying, viewing, use, transmission, dissemination or any other means of making these data accessible, synchronising or connecting, restricting, deleting or erasing.
- profiling: any kind of automatic processing of personal data during which personal data are used to evaluate certain personal traits related to a natural person, especially used for analysing or predicting characteristics related to workplace performance, economic situation, health status, personal preferences, interests, reliability, behaviour, location or movement
- pseudonymisation: the use of personal data in a way due to which it is not possible to establish without the use of further information to which person the personal data is related, provided that this further information is stored separately, and it is ensured by technical and organisational means that it is not possible to link this personal data to the identified or identifiable natural persons
- recording system: any file of personal data, grouped in any way, based on either centralised, decentralised, functional or geographical aspects which is accessible on the basis of defined criteria
- data controller: a natural person or legal entity, public authority, agency or any other organisation which determines the purpose and means of personal data processing, either on their own, or together with other parties; if the purpose and means of data processing are determined by EU or member state legislation, the data controller or the special criteria for designating the data controller can also be determined by EU or member state legislation
- data processor: a person or legal entity, public authority, agency or any other organisation which handles or processes personal data or provides technical background and application logics for data handling on behalf of the data controller
- third party: a natural person or legal entity, public authority, agency or any other organisation different from the concerned party, the data controller, data processor or any persons authorised to process the personal data under the direct control of the data controller or data processor
- consent of the concerned party: voluntary, concrete, appropriately informed and unambiguous expression of the will of the concerned party, through which the concerned party testifies by statement or an action explicitly expressing confirmation that he or she agrees to the processing of personal data related to him or her
- data protection incident: any breach of security causing unintentional or illegal destruction, loss, alteration, unauthorised disclosure of or unauthorised access to the personal data transferred, stored or in any other way processed
5 Use of cookies
An HTTP cookie (often simply called cookie) is an information package sent by a server to a web browser, which is then returned by the browser to the server every time it sends a request to the server. Cookies are created either by the web server or by Javascript, using the browser on the user’s computer, where they are stored in a separate folder.
Thus, a cookie is a small file that is created on the computer when you visit a web page.
A cookie can contain any information determined by the server, and its purpose is to introduce the user status into the connection between the browser and the server. Without cookies, each web page request would be an isolated event, thus, for example if a user logs into a page protected by a user name and password and views some content, then navigates to another page, the user name and password would have to be requested again.
I.e., the purpose of cookies is to facilitate the use of web pages and storing session related user information, but they are also suitable for collecting other information, related to the use of the web site.
The Service Provider, within its web pages and online services, only uses cookies not suitable to identify the users, for two purposes.
Cookies facilitating web site use
These enable us to remember your features, language, etc. selection for our web pages and online services.
Performance cookies
We use Google Analytics cookies to gather information about how our visitors use our web page. These cookies are not capable to identify you as a person, and only collect information about what pages the visitor viewed, at what part of the web page he or she clicked, how many pages he or she visited, and how long the viewing time was for the individual pages.
Refusing cookies
As we already stated, the cookies used on our web pages and for our online services do not store any information suitable for personal identification. Nevertheless, you have the option to prevent your browser from storing cookies. Cookies usually can be managed in the Tools/Settings menu of the browser, under Data protection, cookies.
6 The purpose of data processing
The Service Provider provides counselling, graphical design, internet application development, search engine optimisation, domain registration, server hosting and translation services. The Service Provider only stores personal data necessary to conduct business, with the purpose to maintain contact with clients and partners, and for contractual legal relationships and to perform accounting according to legislation.
7 The legal basis of data processing
When formulating this Notice – and the underlying data protection impact assessment –, the provisions of the following EU legal norms and legislation were considered:
- Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) -> hereafter referred to as GDPR
- Act CXII of 2011 on the right of informational self-determination and the freedom of information -> hereafter referred to as the Information Act
- Act V of 2013 on the Civil Code -> hereafter referred to as the Civil Code
- Act CVIII of 2001 on certain aspects of e-commerce services, and services related to the information society -> hereafter referred to as the E-commerce Act.
- Act C of 2000 on accounting -> hereafter referred to as the Accounting Act.
- Act CVIII of 2001 on certain aspects of e-commerce services, and services related to the information society -> hereafter referred to as the E-commerce Act.
- Act XLVIII of 2008 on basic requirements and certain restrictions of economic advertising activities -> hereafter referred to as the Commercial Advertisement Act.
- Act LXVI of 1995 on official documents, public archives and the protection of private archive material (concerning data related to employment relationships)
- agreements – in the form of contracts – with clients
- the permission provided by the user unequivocally about data processing, either in writing, or on the online surfaces
8 Duration of data processing
As data controller, we only store those personal data in our records that are necessary for contacting and informing our clients, maintaining contractual relationships, and for accounting, and only for the duration of the business relationship.
The duration of the business relationship is determined so that it lasts from the time of contact for sales or other purpose until a contractual relationship related to the activities of the Service Provider exists with the client.
9 Scope of the personal data processed
We only store personal data in our records – on the basis of explicit client consent – necessary to conduct business, for contacting and informing the client, maintaining contractual relationship with him or her, and for accounting; these are as follows:
- Name
- address (for businesses, headquarters), and mailing address, if required
- phone number
- e-mail address
- other means of communications, as provided by the client
- tax identifier (for businesses, tax identification number)
- bank account number
Of the data processed, we only store those that are required for the legal relationship with natural persons; the tax identifier and bank account number are only used in case of a contractual relationship, for maintaining the contract, and for accounting (e.g. issuing invoices), where the legal basis for data processing is the service contract itself.
10 Transferring data, further data controllers and processors
We can provide part of our services and ensure the security of the built-in functions and operating only by using content, IT solutions, or infrastructure of external service providers.
For displaying our online content, maintaining contact with our clients and providing online services, the following data controllers and data processors are involved in relation to the activities of the Service Provider:
Webonic Kft.
The server park service provider hosting the servers for providing our services
- headquarters: 8000 Székesfehérvár Budai út 9-11., Hungary
- Registration number: 07-09-025725
- Tax identification number: 25138205-2-07
- E-mail: support@webonic.hu
Google Inc.
We use the Google Drive system provided by them for office applications
- Headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
11 Data security
The Service Provider will take every action necessary to secure the personal data provided by the users both during network communications and during their storage.
Access to personal data is strictly restricted in order to prevent their unauthorised viewing, modification, or use.
The server computers used to store data are implemented in a redundant configuration in server parks, and only the employees and businesses maintaining them have direct access to the data stored on them.
12 Enforcement and legal remedy
The Service Provider provides information about the rights concerning personal data, their enforcement and legal remedy as follows:
Information
The Service Provider properly informs the party concerned. Upon written request of the concerned party, we provide information about their data controlled and processed by us, their source, the purpose, legal basis, and duration of data processing, and the name, address (headquarters) and data processing related activities of the data controller and data processor, and – when personal data of the concerned party are transferred – about who and for what purpose receive these data.
We provide these information in writing, within 30 days after submitting the request.
Rectification and deleting the data
The concerned natural person has the right to request rectification of their personal data, and that we perform this operation. The Service Provider is obliged to rectify incorrect personal data.
We delete personal data, if
- their processing is against the law;
- it is requested by the concerned party;
- it is incomplete or wrong, and this state cannot be rectified lawfully;
- the purpose of data processing does not exist any more;
- the term for storing the data set forth in legislation has expired;
- the Court or
- the National Data Protection and Information Freedom Authority commanded so.
For deleting the data, another necessary condition in addition to the above is that no act or other regulation excludes it.
Note that the rights of the concerned party for information, rectification or deletion may be restricted by legislation
- for inner and outer security reasons of the Hungarian State (for the safety of defence, national security, crime prevention, law enforcement, and detention);
- for state or municipality economic or financial interest;
- for significant economic or financial interest of the European Union;
- for the prevention and exploration of labour law and occupational safety breaches.
If we cannot perform the request of the concerned party for rectification or deletion for the above reasons, we provide them written information about this within 30 days.
Protest
The Service Provider makes if possible for the concerned party to protest against processing his or her personal data if
- processing or transferring personal data is only required for the benefit of our business or the party receiving the data;
- personal data are processed or transferred for direct marketing or a survey.
We examine the protest submitted in writing within 15 days from submitting it, and we inform the requester about the result in writing.
If the protest is grounded, we cease to process and transfer the data, and we inform all parties to whom the data was earlier transferred about the protest and the related measures taken.
If you have further questions about the data controlling and data processing activities of the Service Provider, you can get more information at the following address:
The Greypixel Workshop Kereskedelmi és Szolgáltató Korlátolt Felelősségű Társaság (The Greypixel Workshop Commerce and Service Provider Limited Company)
Headquarters: 8200 Veszprém, Borsos József utca 2.1, Hungary
Registration number: 19 09 514393
Tax identification number: 23500477-2-19, HU23500477
Authorised representatives: József Lipka, Ákos Mátételki
E-mail: info@thegreypixelworkshop.com