The aim of the present Data Management Guidelines of Server Line Ltd. is to inform clearly and in detail, the visitors or the registered (“Data Subject”) before they are entering the homepage (website) operated by Data Management about every matter concerning the handling of their data, their rights and legal remedies.
It is also the aim of the present Data Management Guidelines that the Data Provider informs those interested parties, clients (”Data Subject”) who directly use their services by phone or email or at the Customer Service located at the address 1087 Budapest, Asztalos Sándor Street 3. about their rights and legal remedies concerning the management of their data prior to using the Data Provider’s services.
This Data Management Guidelines also contains the internal rules and provisions concerning the Data Controller that insure that their data management meets the legal requirements defined in point 3 and is regarded as the Data Management Guideline of the Data Controller for managing the personal data of the Data Subject. This Data Management Guidelines is published by the Data Controller on its website and is available to anyone, a copy of which can be requested from the Data Controller's customer service at Asztalos Sándor Street 3, 1087 Budapest..
For the purposes of this Privacy Policy:
„Personal data”: means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
„Data management”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
„Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
„Processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
1. Data of the data controller
Name: Server Line Szolgáltató Ltd.
Registered address: 2340 Kiskunlacháza, Sellő Street. 140
Branch: 1087 Budapest, Asztalos Sándor Street 3.
Company reg. No.: 13-09-154514
Tax number: 23829808-2-13
Represented by: Zsolt Gerlich, managing director
Telephone: 06 1 210 7260
Email cím: marketing@serverline.hu
2. Persons authorised to process data
a. Data of the hosting service provider used during data management:
Name: Tárhely.Eu Szolgáltató Ltd.
Telephone: 06 1 789 2789
*E-mail support@tarhely.eu
Postal address: 1538, Budapest, Post box: 510
The personal data accessible by the hosting provider are set out in the table according to point 4.
b. The Data Controller employs system administrators for the installation and maintenance of the programs and systems it uses.
3. Main legal provisions and their abbreviations relating to data processing:
• Regulation(EU) 2016/679 of the European Parlament and of the Council („GDPR”)
• Act CXII of 2011 on the right to Informational Self-Deermination and Freedom of Information („Infotv.”)
• Act CVIII of 2011 on Certain Aspects of Information Society Services („Eker tv.”)
4. Principles of data processing
4.1. wfulness, Fairness, and Transparency in Data Processing Guidelines
The Data Controller carries out the data processing operations (including collecting and managing data) specified in the Data Processing Guidelines, fairly, in accordance with the legal regulations for the handling of personal data, and in a transparent manner for the Data Subject.
4.2. Purpose Limitation
The Data Controller collects, manages and uses personal data exclusively for the purposes set out in the Guidelines, and only forwards them to achieve these purposes, in accordance with the Guidelines as well as the relevant legal regulations on processing personal data. The managed personal information can only be seen by the persons involved in the realization of the purpose.
4.3. Data minimisation
The Data collector only collects personal data of the Data Subject that are adequate, relevant and limited to what is necessary, and suitable to data processing and without which it would not be able to provide the service or would not be able to provide service as it undertakes to do.
4.4. Precision
Data Subjects are responsible for ensuring that the information provided on the website is true, accurate and up to date. However, it is also the responsibility and obligation of the Data Subject to obtain consent in advance if they do not provide their own personal data.
If the Data Subject informs the Data Controller that his/her data does not correspond to reality, the Data Controller shall immediately delete or rectify it in accordance with the provisions of this Guidance.
4.5. Limited storage capacity
The Data Controller ensures that personal data is stored in a form that allows identification of the Data Subject only for the time necessary to fulfil the purposes of personal data management. The Data controller, therefore, determines the duration of data storage according to this principle.
4.6. Data Security
The Data Controller shall take all necessary measures to ensure the safe and undamaged management of the data and the deployment and operation of the necessary data management systems. As part of this, it uses virus and firewall protection on computers and ensures the physical protection of data and data carriers.
The Data Controller ensures that no unauthorised person has access to these data and can make it public, forward, modify or cancel it. The Data Controller will do his utmost to ensure that the data is not compromised or erased, even accidentally. The above commitment is also required by the Data Controller for its employees involved in the data processing activity and for any temporary data processors used.
The data controller ensures that no unauthorized person can access, disclose, forward, modify, or delete the processed data. The data manager will do everything possible to ensure that the data is not accidentally damaged or destroyed. The above commitment is also required by the Data Controller for its employees and any temporal data processors participating in the data management activity.
Notwithstanding the above, however, the Data Subject is responsible for his or her own account after registration and for all operations carried out with or in it, including, but not limited to, the appropriate level of protection of the password associated with the Data Subject's name and its disclosure to any third party.
5. On the basis of Article 13 of the GDPR, we provide information in this clear table below on the range of personal data managed by the Data Controller for data processing purposes and legal basis, as well as the persons entitled to access the data and the duration of data processing:
Data management purposes: registration for the purpose of creating a customer account:
Legal basis of data management: Permission from the Data Subject: - Article 6 (1) point a) GDPR
Categories of the Data Subjects: registering customers
Scope of the processed data: Internet E-mail Address and Password
Who can access it within the Data Controller's organization: management
Duration of data processing: until the consent of the person concerned is withdrawn
Data transfer: hosting provider, system administrator
Consequences of failure to provide data: the Data Subject cannot register on the website
Data management purposes: to issue an accounting statement
Legal basis for processing: necessary for compliance with a legal obligation* - Article 6 (1) point c) GDPR
Categories of stakeholders: customers placing orders
Range of handled data: billing name, billing address (county, town name, postcode, street name, house number, floor, door, bell), payment method, issue, settlement of payments, payment date, product name, net and gross price of products, the order total
Who can access it within the Data Controller's organization: management, customer service
Duration of data management: 8 years in accordance with Section 169 (2) of the Accounting Act
Data transfer: accountant, hosting provider, system administrator
Consequences of failure to provide data: the Data Subject cannot receive a personal invoice.
Data processing purposes: order fulfilment, delivery
Legal basis for processing: necessary for the performance of the contract - Article 6( 1) point b) GDPR
Categories of data subjects: customers placing orders
Scope of the data processed: name of the customer, delivery address (county, town name, postcode, street name, house number, floor, door, bell), e-mail address, telephone number, other comments concerning the order, payment and delivery method
Who has access within the Data Controller's organisation: management, customer service, production, sales department
Duration of data processing: 5 years after completion of the contract
Data transfer: hosting provider, courier company, administrator
Consequences of failure to provide data: the Data Subject cannot place an order
Data processing Purposes:: contact in order to fulfil the order
Legal basis for processing: necessary for the performance of the contract - Article 6 (1) point b) GDPR
Categories of data subjects: customers placing orders
Scope of the data processed: contact name, e-mail address, telephone number
Who has access within the Controller's organisation: management, customer service
Duration of data processing: deleted after the contract is fulfilled (unless the contact person has given his/her consent)
Data transfer: hosting provider, administrator
Consequences of failure to provide data: the Data Subject is unable to place an order
Data processing purposes: registration of contact persons in the case of contractual partners
The legal basis for data processing is the consent of the data subject [Article 6 (1) point a) GDPR].
Categories of data subjects: customers placing orders
Data processed: contact name, e-mail address, telephone number
Who has access within the Data Controller's organisation: management, customer service
Duration of data processing: until the data subject's consent is withdrawn
Data transfer: hosting provider, administrator
Consequences of failure to provide data: the Data Controller cannot contact the Data Subject in order to fulfil future orders or services.
Data processing purposes: sending a newsletter
The legal basis for data processing: is the consent of the data subject [Article 6 (1) point a) GDPR].
Categories of stakeholders: customers who consent to send the newsletter
Scope of the processed data: Name, e-mail address.
Who has access within the Data Controller's organization: management, marketing department
Duration of data processing: until the consent of the person concerned is withdrawn
Data transfer: hosting provider, system administrator
Consequences of failure to provide data: the Data Subject will not receive newsletters about current discounts, promotions, newly introduced products
Data processing purposes: telemarketing, contact for marketing purposes
The legal basis for data processing is the consent of the data subject [Article 6 (1) point a) GDPR].
Categories of data subjects: customers who consent to telemarketing
Scope of the processed data: name, phone number
Who has access to it within the Data Controller's organization: management, marketing department
Duration of data processing: until the Data Subject's consent is withdrawn
Data transfer: system administrator
Consequences of failure to provide data: the Data Subject will not receive telephone information about current discounts, special offers, newly introduced products
Data processing purposes: complaint handling, investigation of warranty claims
The legal basis for data processing is the consent of the data subject [Article 6 (1) point c) GDPR].
Categories of data subjects: customers submitting complaints
Scope of the processed data: the unique identification number of the complaint, the name and address of the consumer, the place and time of the complaint, the method of the complaint, the list of documents, documents and other evidence submitted by the consumer, the description of the complaint, the place and time of recording the report and the recorder’s name, signature and, in case of buyback, product data
Who has access to it within the Data Controller's organization: management, customer service
Duration of data processing: regarding the records of complaints and copies of responses to written complaints five years, two years for duplicate entries in the book of buyers, based on 17/A. § (7) Consumer Protection Law
Data transmission: no data transmission
Consequences of failure to provide data: the Data Subject cannot exercise his/her consumer rights
Data processing purposes: information, answering questions
The legal basis for data processing is the consent of the data subject [Article 6 (1) point a) GDPR].
Categories of data subjects: customers sending messages
(c) Scope of the processed data: name, address e-mail address.
Who has access to it within the Data Controller's organization: management, customer service
Duration of data processing: messages will be deleted within 30 days after the end of communication (unless there is another data management purpose)
Data transmission: no data transmission
Consequences of failure to provide data: the Data Subject cannot ask questions by e-mail
* Act CL of 2017 on the Rules of Taxation, § 9 (e), § 77 (1), § 169 (2) of the Act on the Rules of Taxation
** Act CLV of 1997 on Consumer Protection, § 17/A (3)-(7).
Important!
If the legal basis for the processing is your consent, you can give your consent by ticking a "checkbox" on the Website when you provide your personal data, for each processing purpose (e.g. Registration, Order). If you do not provide your personal data through the Website, you can give your consent in a separate statement by e-mail or on paper. We inform you that if you contact the Data Controller for the first time by e-mail, requesting advice or information about the product prior to placing an order, or the Data Controller's service the Data Controller will be aware of your personal data contained in the e-mail. We inform you that you consent to the processing of your data in this case by sending the message (Article 6 (1) point a) GDPR). We inform you that you have the right to withdraw your consent at any time in accordance with point 9 of this Guideline. In the event of withdrawal of consent, your personal data will be deleted (see point 7.3). Based on the definitions in the preamble, this Data Processing Guidelines protects the personal data of natural persons in accordance with the legislation listed in point 3, given that the data of sole traders, business operators and NGOs are accessible to anyone and are contained in public registers (register of companies, register of sole traders, register of NGOs). As a result, it is not necessary to manage the data of individuals listed in the public register of sole traders, companies and NGOs.
6. Information sheet about cookies:
Cookies is an alphanumeric information package with changing content sent by the web server to the User’s computer and is stored there for a specified period of time. The use of cookies enables queries about some of the User’s data and monitors the User’s internet usage.
Cookies applied by the Data Controller when using the Website:
Name of the cookies: cookieconsent_status
Who applies it: an external supplier = http://silktide.com/cookieconsent
What data do they have access to: anonim identification of the visitor
Lifespan: 1 year
Function: to accept the use of cookies
Cookie name: _hjIncludedInSample
Who applies it: an external supplier = https://www.hotjar.com/
What data do they have access to: heatmap visitor behaviour analysis using anonymous data
Lifespan: at the end of the browsing program process
Function: monitoring, online service. Makes recordings of visitors' activities on the website
Cookie name: _ga
Who applies it: an external supplier = Google Analytics
What data do they have access to: style elements required for page display
Lifespan: 2 years
Function: Used to distinguish users (Google Analytics)
Google Analytics
The Data Controller uses the Google Analytics program mainly to produce statistics including measuring the effectiveness of its own activities. Using this programme the Data Controller gains information mainly about the number of visitors and time spent on the Website. The program recognises the IP address of the visitor and can therefore track whether the visitor is a returning or new visitor, and can also track the path the visitor has taken on the Website and where he or she has accessed. For more information about cookies, please see the Google Ads and Privacy FAQ at https://www.google.com/intl/hu/policies/technologies/ads/.
Google Remarketing
In addition to the usual data from Google Analytics, the Data Controller, using the Google Remarketing Program, also collects the data of the DoubleClick cookie. The remarketing service can be used via the DoubleClick cookie, which ensures that the visitors of the Website are exposed to the Data Controller’s advertising in the free Google advertising places. The Data Controller uses the Google Remarketing program for online advertising. The
ads of the Data Controller are displayed by external providers - such as Google Analytics - on the internet sites. The Data Controller and third-party service providers, such as Google, use their own cookies (such as Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) together to inform users about their previous visits to the Website and to optimise and display advertisements.
The purpose of using the above cookies is to measure page visits and create traffic analytics by collecting anonymized visitor data. Based on these data, the Data Subject cannot be identified either indirectly or indirectly.
7. Rights of the Data Subject
7.1. Right to disclosure
The Data Subject is entitled to be informed about managing personal data, particularly the purpose, legal bases, the personal data processed, the data controller’s person, and rights to filing a complaint, from the Data Controller. The Data Controller offers information for free for the Data Subject. If the claim is unfunded or -especially if it occurs repeatedly- is exaggerated, the Data Controller is entitled to charge a fee (for information on paper: HUF 10/sheet). Request can be handed in by email or by post, see the relevant rules at point 9.
The Data Controller replies to the request in the shortest possible time from the submission but will reply in an understandable way within 25 days.
7.2. Right to rectification
The Data Subject may request the rectification of their personal data if they are not accurate and also has the right to request the completion of incomplete personal data.
The request for correction of personal data must be submitted by registered users by changing data in the account created during registration (under the menu item Data update) otherwise as provided for in point 7. After receiving the request, the Data Controller will examine the legitimacy of the request as soon as possible. If the Data Controller does not find the User's request well-founded and refuses to fulfil it, it will notify the Data Subject in writing of the rejection and the reasons for it, along with the legal remedy, within 25 days of receiving the request.
7.3. Right to data erasure
The Data Controller will cancel the data related to the Data Subject if:
• data management is illegal;
• The Data Subject withdraws the permission to manage their data, and the data management has no other legal bases;
• The user's personal data is incomplete or incorrect, and this state cannot legally be remedied, provided that cancellation is not excluded by law;
• the purpose of data processing no longer exists;
• it was ordered by a court or the National Data Protection and Freedom of Information Authority.
The request for cancellation by the Data Subject only applies to the data managed by their request, thus, it does not affect the range of data subject to mandatory data processing required by law.
In addition, the Data Controller is entitled to process the User's personal data even after the User's deletion request, if the processing of the User's data is necessary for the purpose of fulfilling the Data Controller's contract, fulfilling its legal obligations or enforcement of its legitimate interest.
The request must be submitted as stated in point 9.
7.4. Right to restriction of processing
At the request of the Data Subject, the Controller restricts data processing where one of the following applies:
a. the accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data;
b. the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
c. the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
d. the data subject has objected to data processing; in this case, such restriction shall be valid for a period until it is determined whether the legitimate grounds of the data controller override those of the data subject.
The request must be submitted as stated in point 9.
7.5. Right to data portability
The Data Subject is entitled to receive the personal data, submitted to the Data Controller, in a machine-readable format, and the Data Controller can forward these data to another data controller indicated by him, the data processing is based on the relevant consent or contract (GDPR 6. (1) a) and b ) point).
The request must be submitted as stated in point 9.
7.6. The right to object
The Data Subject may object to the processing of his/her personal data if the processing or forwarding of the personal data is necessary solely for the enforcement of the legitimate interests of the Data Controller or a third party in relation to the Data Controller (except in the case of mandatory data processing).
The Data Subject may submit his objection request to the Data Controller in accordance with point 9.
If the Data Controller considers the Data Subject's objection well-founded, it will delete the personal data immediately.
8. Legal remedies
In the case of unlawful data management, as well as rejection of a request for information, correction, deletion, restriction, data portability, or objection, the Data Subject may contact the National Data Protection and Freedom of Information Authority (Address: 1125 Budapest, Szilágyi Erzsébet Walk 22/C., Mailing address: 1530 Budapest, P.O. box.:5; Email address: ugyfelszolgalat@naih.hu) or you can apply to the court of your place of residence or residence.
9. Rules concerning the request sent by the Data Subject to the Controller
The Data Subject must send the requests indicated in this Guidelines, as well as the withdrawal of consent to data management, in writing to the following address:
Email: info@serverline.hu
Mailing address: 1087 Budapest, Asztalos Sándor Street 3.
The Data Controller examines the requests received without delay and fulfils the request within 25 days of receiving the request at the latest, or if the Data Controller does not find the Data Subject's request to be well-founded and refuses to fulfil it, then the rejection and the reasons for it, together with the legal remedy, will be provided in writing within 25 days after the receipt of the request to the Data Subject.
The Data Controller sends a written notification to the Data Subject only if the request is rejected, except for requests contained in point 7.1.
The request sent by e-mail is considered authentic by the Data Controller only if it comes from an e-mail address already provided by the Data Subject and is treated as personal data. The Data Controller is entitled to request additional data in order to identify the Data Subject in the event that doubts arise as to whether the person requesting the data is really the Data Subject.
10. Procedure in case of a personal data breach:
Data protection incident: accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. If you become aware of the data protection incident defined above in connection with your personal data managed by the Data Controller, please notify the contact details indicated in point 9 immediately.
The Data Controller shall report a data protection incident to the National Data Protection and Freedom of Information Authority without undue delay, but no later than 72 hours after becoming aware of it, unless the data protection incident is likely to pose no risk to the rights and freedoms of the data subjects, and it will take measures to remedy the breach.
11. Acceptance and amendment of the Data Protection Guidelines
By using the Website, Data Subjects accept the terms of this Data Protection Guidelines.
The Data Controller may unilaterally amend these Data Protection Guidelines. The amended Data Protection Guidelines will be published on the Website.
Effective update: 2023. április 4.