GDPR and privacy policy

1. Identification the data controller and this site
1.1 We inform you, that this site is operated by:

Horgász-Zóna Limited Liability Company
Company registration number: 01-09-917350 – Registry Court of the Metropolitan Court
EU Tax number: HU14734807
Headquarter: Hungary 1131 Budapest Vőlegény street 49.
Post address: Hungary 1131 Budapest Vőlegény street 49.
Web: www.woklove.hu
Email: hello[at]woklove.hu

(Hereinafter Data Controller)

1.2. This website is
https://woklove.hu
website, web pages and subpages available on the Internet.

2. Applicable laws, scope of this document
2.1. The service of the above-defined Data Controller operating the website available at the Internet address specified above (hereinafter: the Website) is directed to the EU and is provided from Hungary. According to this, the provision of the service and the Users are governed by EU law during the use of the service (also regarding data management). Data controller uses user data primarily in accordance with the provisions of

– REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC data protection regulation); (The EU General Data Protection Regulation), hereinafter referred to as “the GDPR”,

2.2 The scope of this document applies to the use of the interface of the website and the data management performed during the use of the electronic services made available there.
2.3. For the purposes of this document
User: natural persons browsing the website, regardless of which service of the website they use, or natural persons who only browse the website and do not use any service.

3. Legal basis of data management
3.1. The legal basis for the data processing by the Data Controller is the User’s consent for certain data processing according to Article 6 (1) (a) of the GDPR and Article 6 (1) (b) of the GDPR for the processing of data related to an order, according that data management is necessary for the performance of a contract to which the User is a party.
3.2. In the case of data processing based on consent, the User gives his / her consent by checking the box in front of the data processing statement placed in the relevant places. The Privacy Policy can be accessed by the User at any time by clicking on the “Privacy Policy” at the bottom of each page of the website, or by clicking on the link marked “Privacy Policy” in the data management statement referred to in this section, by which the Data Controller provides clear and detailed prior information to the User. By checking the box in front of the data management statement, the User declares that he / she has read the data management information and, knowing its content, consents to the processing of his / her data as described in this information.

4. Data management related to ensuring the operation of an information technology service
4.1. Scope of data management: All Users who visit the website, regardless of the use of the services available on the website.
4.2. Legal basis for data management: Regarding the data management that is technically essential for the provision of the service, the GDPR law authorizes the Data Controller to manage the data necessary for the proper operation of the website. Accordingly, the legal basis for the processing of such data under Article 6 (1) (f) GDPR is the legitimate interest of the Data Controller. With this legal basis, the Data Controller only handles data that is necessary for the user-friendly operation of the website and only handles this data for the time necessary for that purpose. It is a technical data that is necessary for the enjoyable display of the pages of the website, for the proper use of its functions and for the user. The data is not transferred to third parties by the Data Controller and is not handled for other purposes. As a data processor, the Data Controller uses the service provider(s) indicated in the chapter “IT data processing” of Chapter 16 for this data. Regards to this, the management of this data does not involve any risk to the User, and prior to the above purpose – the proper use of the website – cannot be achieved without the management of these data. It is in the legitimate interest of the data controller to ensure the usability of the website, as this is the only way to provide its service, which is a prerequisite for its operation. Therefore, to achieve the purpose defined here, the Data Controller manages the above data based on its legitimate interest, which legitimate interest – as the data management does not pose a risk to the User – proportionally restricts the User’s right to self-determination.
Regarding data management enabling visit analysis and marketing activities, the legal basis for data management is the User’s consent pursuant to Article 6 (1) (a) of the GDPR. Users can contribute to technical data collection for visit analytics and marketing purposes by selecting the checkboxes in the pop-up information window that starts browsing the site.
4.3. Defining the scope of managed data: Information technology management affects the amount of data required for the operation of the “cookies” used to operate the website and the use of log files used by the web hosting provider.
Data managed to allow user-friendly browsing:
– the websites visited during the visit to the website and the order in which they were opened
– The IP address of the device used by the user.
The range of data managed to measure site traffic:
– the websites visited during the visit to the website and the order in which they were opened
– The frequency with which each webpage on your site is viewed
– from which other site the User came to this site (only in case of a site with a link to this site)
– determining the geographical location of the User visiting the website (based on the data of the ISP, only approximate data on the location of the device used for browsing)
– when you started browsing the site
– when you left the site (finished browsing)
– the duration of browsing the site.
4.4. Purpose of data management: The use of “cookies” and log files is necessary for the user-friendly and secure operation of the website. The purpose of the data management implemented with these is to ensure the user-friendly operation of the website for the affected User, as well as to collect data on the use of the website.
Including:
– Identification of the user’s device used for browsing, storing of identification data – while browsing: based on the IP address. This makes browsing smoother, without this, the User would have to identify herself/himself or repeat processes on each page visited.

The data required for the following purposes cannot be linked directly to a person (browsing device only):
– Measuring the number of visits to the website, measuring the frequency of viewing of each page of the website and measuring the browsing time of each page of the website in order to adapt the website to the maximum needs of the Users.
– Determining the location of the user (her/his device used for browsing), territorial mapping of the degree of interest in the Data Manager service.
– Identification of the website from which the User came to this website for the Data Controller to learn about topics of other interests of the Users interested in the Data Controller’s service and to measure the effectiveness of the activity promoting its service.

To measure this data, the Data Controller’s IT system uses the tools of Google Analytics (Google Ireland Ltd.).

The Data Controller uses YouTube to display its own videos, and cookies (YouTube Button) that allow access to the Data Controller’s video sharing site are provided by YouTube, LLC. (901 Cherry Ave. San Bruno, CA 94066, USA). YouTube also uses Google cookies when using its service. YouTube LLC. data management by YouTube Inc., owned by Google Inc., is performed by YouTube LLC. and, on behalf of Google in Europe, jointly by Google Ireland Ltd.

The above data is also accessed by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland), the owner and operator of Google Analytics and YouTube tools. Google Ireland Ltd. will use the above information in addition to performing these analyzes to deliver targeted advertisements to the browser user. In doing so, Google Ireland Ltd. combines the data and the IP address of the device you are browsing to determine the interest you can discover based on your browsing habits from that device, and then delivers targeted ads to that device. Google Ireland Ltd. will not have access to any information other than that described in this section in this document.

4.5. Duration of data management: The data controller manages some of the data for the duration of the browsing and stores certain data for a variable period of time, but for a maximum of 2 years.

The data required to ensure the user-friendliness of the site (IP address, order of pages visited on the site while browsing) is recorded for the duration of the browsing session (i.e. the duration of the site browsing) and is deleted when it is completed. Such data is handled by the Data Controller’s IT system by its own means and is not accessible to third parties, except in the case of IT data processing (see the section entitled “Using the Data Processor” below).

The data on which the traffic is measured and the habits of the use of the website are mapped are recorded anonymously by the Data Controller’s IT system from the very beginning and cannot be linked to any person. To measure this data, the IT system of the Data Manager uses the tools of Google Analytics. Only the cookie that allows Google Analytics data collection is stored on the User’s device. You can delete this in your browser settings, which will stop data collection.

Anonymous data managed by Facebook Ireland Ltd., which also provides access to a website that is also accessible by Facebook Ireland Ltd., which provides cookies to facilitate visits to and share of this site’s social networking sites, will be permanently stored using Facebook tools, but with the help of cookies that have been valid for up to 2 years, which cookies are stored on the User’s device used for browsing. The User can delete these cookies or prevent them from working at any time in the settings of her/his browser.

4.6. The method of data storage: On separate data management lists in the data controller’s IT system. The information required to ensure the user-friendliness of the site (IP address, order of pages visited on the site while browsing) is not stored. The cookies that provide the data are stored locally on the User’s device. The log files used by the web hosting provider are stored on the hosting provider’s server.

4.7. Information about the process of information technology data management and information technology data management using Google Analytics and Facebook tools The user can find out more about the information bar that pops up when browsing the website and from the information available on the website by clicking on “Information on the use of cookies”, and the sites of Google Analytics https://www.google.com/intl/en_ALL/analytics/support and Facebook https://developers.facebook.com/products. Of the features offered by Google Analytics and Facebook, Data Controller uses only the above stated issues.

5. Privacy policy related to receiving and replying to a message
5.1. Shareholders: Users who send a message to the Data Controller using the messaging interface of the website or by e-mail using the e-mail address (es) indicated on the website.
5.2. Legal basis for data management: the User’s consent pursuant to Article 6 (1) (a) of the GDPR. By voluntarily entering the data requested in the messaging interface, by checking the checkbox in front of the privacy policy statement and by sending the message voluntarily, in case of a message sent by e-mail, the User consents to the provided data or any other to manage your data.

User has the right to withdraw his consent at any time. Withdrawal of consent shall not affect the lawfulness of the consent-based processing prior to withdrawal.
5.3. Defining the scope of managed data: In the case of messaging users, the data management concerns the range of personal data and contact details to be filled in indicated in the messaging interface referred to above, as well as any additional data provided by the User in the message (including the e-mail message).

Scope of data:
– Surname
– Second name
– Email
– Phone number

Regarding any additional data provided by the User in the message (e-mail), the Data Controller will necessarily handle data only in connection with the content of the sent message upon its receipt, as the Data Controller will not request the User to provide any personal data provided there. In case of existence of such unexpected personal data, it will not be stored by the Data Controller, it will be deleted from its IT system immediately.
5.4. Purpose of data management: Enabling the User to exchange messages with the data controller. The purpose of managing the personal data and contact details of the User visiting the website, provided voluntarily see above, is to enable the User to use the messaging services of the website.
Related services:
– messaging on the messaging interface
– receiving an e-mail (using the e-mail address (es) provided on the website),
– responding to messages received by the Data Controller in the above ways, which the Data Controller will do within 2 working days,
– In case of a message containing a more complex demand of a user, to answer her/his demand by phone.
5.5. Duration of data management: The data controller manages the data until the goal is achieved. Accordingly, in the case of Users sending a message, the duration of data management lasts until the message is answered or the User’s request is met. After replying to the message / fulfilling the request, the data controller deletes the data processed for this purpose. If the exchange of information takes place through several exchanges of messages on related topics, the Data Controller shall delete the data upon completion of the exchange of information or after the fulfillment of the request.
5.6. Storage of data: In a separate data management list in the IT system of the data controller, until the end of the information exchange period.

6. Data management related to sending newsletter
6.1. Shareholders: the User who subscribes to the website by filling in the fields for subscribing to the newsletter and ticking the consent form. In addition, the User who agrees in writing on paper to consent to the sending of the newsletter.
6.2. Legal basis for data management: and GDPR. Article 6 (1) (a) the User’s consent. The User gives her/his voluntary consent by reading this data management information and filling in the fields for subscribing to the newsletter, by ticking the statement of consent contained therein, and by ticking and signing the statement of consent for sending a written newsletter on paper.
User has the right to withdraw his consent at any time. Withdrawal of consent shall not affect the lawfulness of the consent-based processing prior to withdrawal.
In addition to sending useful information, the newsletter service is also aimed at direct sales by the Data Controller. The User can subscribe to this service regardless of the use of other services. The use of this service is based on a voluntary decision made after the User has been duly informed. The use of this service is based on a voluntary decision made after the User has been duly informed. If the User does not use the newsletter service, it will not be disadvantaged in terms of the use of the website and the use of other services. The data controller does not make the use of its direct acquisition service a condition for the use of any other service.
6.3. Scope of data management:

– Surname
– Second name
– Email

6.4. Purpose of data management: sending newsletters by the Data Controller to the User by e-mail. Sending newsletters means sending information about the services, news and current events, awareness and sales promotion offers, and content for advertising purposes.
6.5. Duration of data management: The Data Controller manages the data processed for the purpose of sending the newsletter until the withdrawal of the User’s consent (unsubscription) or the deletion of the data at the User’s request.
6.6. Storage of data: Separately in the IT system of the Data Controller, or in case of subscriptions she/he handed over to the Data Controller on paper in a separate data management list and for the purpose of sending the newsletter, also by filing paper-based statements.

7. Data management related to orders
7.1. Shareholders: Users who made an order ont he website.
7.2. Legal base of data management: Article 6 (1) (b) of the GDPR, according to which data processing is necessary for the performance of a contract to which the User is a party. During the submission of the order, the User is informed that the personal data provided in connection with the order is handled by the Data Controller for the purpose of fulfilling the contract concluded based on the order.
7.3. Scope of data management: The data management concerns the range of personal data and contact details to be filled in indicated on the form appearing before the submission of the order referred to above.
Related data:
– Surname
– Second name
– Phone number
– Email address
– Delivery address
– Order nummer
– Ordered products
– Price of ordered products
– Other invoiced costs
– Way of delivery
– Payment method
– any other information provided by the User during the ordering, necessary for the fulfillment of the order
– Order date
– Payment date

7.4. Purpose of data management: Fulfillment of the order, data management related to the operation of the web store. The purpose of managing the personal data and contact details provided voluntarily by the User who places an order on the website is to enable the fulfillment of the order and to provide the related services of the website to the User.
Related services:
– information about the availability and properties of the product
– product ordering
– arranging the delivery of the ordered product
– delivery management
– delivery accomplishment
– notification of delivery
– invoicing
– enforcement of User’s rights

7.5. Duration of data processing:
During the delivery required to fulfill the order, the data management lasts until the delivery is completed. When transferring the data necessary for the performance of the delivery (name, delivery address, telephone number) to the carrier, the data controller has a data management restriction, according to which the carrier may handle the transmitted data only to the extent and for the time necessary for the delivery.

Until the end of warranty period the data necessary for identification of the order and invoice (name, address, data on the ordered product and price payment) and the above data processed to fulfill the order for the possible claim validation period (1 years) and the data of the invocie for the time necessary to fulfill the document retention obligation arising from the Accounting Act (8 years from the issuance of the invoice).

7.6. Storing data: A separate data management list in the IT system of the data controller, and the data required for regular accounting in order to fulfill the document retention obligation prescribed by the Accounting Act.

8. Data processing without further consent of the User, or after withdrawal of consent
8.1. Data recorded with the consent of the User may be processed by the Data Controller without further specific consent of the User or after the withdrawal of the consent pursuant to Article 6 (1) of the GDPR, as follows.
8.2. If the personal data was collected with the consent of the User, the Data Controller may, unless otherwise provided by law, handle the recorded data without further consent of the User and after the withdrawal of the consent of the User in the following cases:
– the data processing is necessary to fulfill the legal obligation of the data controller;
– the processing is necessary in order to protect the vital interests of the User or of another person;
– data process is necessary for the protection of the legitimate interests of the Data Controller or of a third party, unless those interests take precedence over the interests or fundamental rights and freedoms of the subject which require the protection of personal data, in particular if the subject is a child.

8.3. Before starting data management with reference to a legitimate interest, the Data Controller always performs the so-called interest evaluation test. The interest evaluation test is a three-step process in which the Data Controller identifies the legitimate interest as well as the interest of the User concerned as a counterpoint to the weighting and the fundamental right affected by the planned data management. Finally, based on the evaluation, the Data Controller determines whether the legitimate interest is proportionate to the User’s interest and whether the personal data can be processed by the GDPR. Pursuant to Article 6 (1) (f).
8.4. The Data Controller shall inform the User concerned of the result of the interest evaluation test in such a way that the User can clearly determine on the basis of which information the legitimate interest and why it is considered a proportionate restriction for the Data Controller to process his personal data without his consent.
8.5. In making of the interest evaluation test, the Data Controller shall follow to the 6/2014 Procedures of the Data Protection Board of the Council of the European Union:
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_hu.pdf#h2-2
9. Additional possible legal bases for data management – independent of the User’s consent
9.1. The legal basis for data processing is also, where applicable, the Data processing necessary to fulfill a legal obligation in GDPR. Article 6 (1) (c).
In some cases, the Data Controller may be obliged to perform mandatory data management required by law or other legislation. In addition, the Data Controller is obliged to fulfill any official requests, which may also involve the processing and transmission of personal data, which is also the obligation of the Data Controller prescribed by law.
9.2. Pursuant to Article 6 (1) (d) and (f) of the GDPR, we also inform you that the Data Controller may process the User’s personal data without his consent even if the data processing is necessary to protect the vital interests of the User or another natural person. data processing is necessary to enforce the legitimate interests of the Data Controller or a third party – unless the interests or fundamental rights and freedoms of the relevant User, which require the protection of personal data, take precedence over these interests, especially if the child concerned.

Before starting the above data processing with reference to a legitimate interest, the Data Controller always performs the so-called interest balance test in accordance with Section 9.1-9.2. in this document.

9.3. Regarding to the Electronic Commerce Act, the Data Controller informs the User about the following:

The data Controller’s service is an information society-related service – electronic commerce.
The Data Controller may manage the personal identification data and address necessary for the identification of the User to create a contract for the provision of his service, define its content, modify it, monitor its fulfillment, invoice the resulting fees, and enforce the related claims.

For invoicing the fees arising from the contract for the provision of its service, the Data Controller may manage the natural identity data, address and data of the User using the service, as well as data on the time, duration, and place of using the service.

To provide the service, the data controller may process the personal data that are technically essential for the provision of the service. If the other conditions are the same, the data controller shall select and, in all cases, operate the means used in the provision of the service in such a way that personal data is processed only if essential and necessary for the provision of the service and other purposes specified in this Act, only to the extent and for the time necessary. (Further rules on technically necessary data management are set out in the “Information on the use of cookies” document and in Chapter 4 of this information document.)

The data controller may only process data related to the use of the service for any purpose other than those specified above, – specially to increase the efficiency of its service, electronic advertising or other targeted content to the user, market research – with the consent of the user of these data processing purposes.

10. Duration of data processing
10.1. The duration of the data processing corresponding to each data management purpose is the same as described above in the description of the data management purposes. The Data Controller manages the data of the User until the fulfillment of the data management purposes described above, or until the withdrawal of the User’s consent or until the User protests or deletes at her/his request.
10.2. Accordingly, the data processing lasts until the withdrawal of the consent statement, the fulfillment of the cancellation request, the cancellation of the registration, the unsubscription from the newsletter, and, in the relevant cases, the fulfillment of the obligation prescribed by law. The user may at any time object to the data management, request the termination of the data management, the termination of certain methods of data management and the deletion of the data for each purpose and for all. In such cases, the duration of the data processing lasts until the receipt and processing of such a request, which is performed by the Data Controller immediately, but not later than within 10 working days. Users may unsubscribe from the newsletter at any time by using the unsubscribe link in the newsletters or by sending a written request to hello[at]woklove.hu, or by sending the protest or requests outlined above by email. A request sent by e-mail is considered authentic by the Data Controller only if it is sent from the e-mail address provided by the User to the Data Controller in connection with the use of the website or given during the newsletter subscription or written statement and registered with the Data Controller. means disregarding the request, however, using a different email address does not mean disregarding the request.

11. Data storage
11.1 The data controller stores the data in the form of separate lists, in separate databases in its IT system for each data management purpose, as well as in the case of paper-based subscriptions by filing the documents.

12. Data transfer
12.1. The data controller transmits data to authorities only in case of a legal obligation.
12.2. The data controller does not transfer data to third parties for business or marketing purposes.
12.3. The data controller shall keep a record of data transfers.

13. Use of Data Processor
The data controller uses the following business entities as data processors.
13.1. Data processing related to basic IT operations
13.1.1. Shareholders involved in data processing: Users visiting the website, regardless of the use of the services provided by the website.
13.1.2. Data controller uses as a data processor:

MÉRTANMŰ Limited Liability Company
Short Name: MÉRTANMŰ Kft.
Company registration number: 01-09-923376
HQ: 1191 Budapest, Katica utca 12. II. em. 5.
E-mail: info@mertanmu.hu
Webpage: http://www.mertanmu.hu
business company as a web hosting provider (hereinafter: Data Processor).
13.1.13. Data controller uses as a data processor:

Légy a hálón Informatikai Betéti Társaság
Short name: Légy a hálón Bt.
Company registration number: 14-06-309098
Tax number: 21880735-1-14
HQ: 8660 Lulla, Kossuth Lajos utca 41.
Post address: 8660 Lulla, Kossuth Lajos utca 41.
E-mail: perger@legyahalon.hu
Webpage: http://www.legyahalon.hu/
business company as web developer and technical maintainer (hereinafter: Data Processor)
13.1.4. Defining the scope of data involved in data processing: The data processing affects all data specified in this document.
13.1.5. Purpose of data processing: Ensuring the operation of the website in the information technology sense for the User by means of data management in the technical operations necessary for the operation of the website and the provision of the services provided on it.
13.1.6. Duration of data processing: It corresponds to the data processing periods indicated in this document for data processing regulated according to the data management purposes concerning each data group.
13.1.7. The processing of data means only the technical operations necessary for the operation of the website in the IT sense.

13.2. Data processing related to sending newsletters
13.2.1. Scope of data processing: Users who subscribe to the newsletter on the website, regardless of the use of other services provided by the website.
13.2.2. Data controller uses as a data processor:

THE ROCKET SCIENCE GROUP LLC (MailChimp)
Short name: THE ROCKET SCIENCE GROUP LLC
Company registration number: 20161685162
Tax number: 20161685162
HQ: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308
USA
Mail: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308
USA
Phone: +1 678 999 0141
E-mail: privacy@mailchimp.com
Webpage: https://mailchimp.com/
business company as developer of newsletter sending software and technical maintainer (hereinafter: Data Processor).

13.2.3. Scope of data processing: The data processing concerns all the data indicated in the chapter on sending the newsletter in this prospectus.
13.2.4. Purpose of data processing: Ensuring the operation of the software used by the Data Controller for sending newsletters in the information technology sense, by means of data management in the technical operations necessary for the secure operation of the software.
13.2.5. Duration of data processing: It corresponds to the data processing periods indicated in the chapter on sending the newsletter in this prospectus.
13.2.6. The processing of data means only the technical operations necessary for the operation of the software sending the newsletter in the IT sense.

13.3. Data processing related to product delivery
13.3.1. Scope of data processing: Users who choose to receive delivery on the website during the order, regardless of the use of other services provided by the website.
13.3.2. Data controller uses as a data processor:

GLS General Logistics Systems Hungary Csomag-Logisztikai Korlátolt Felelősségű Társaság
Short name: GLS General Logistics Systems Hungary Kft.
Company registration number: 13-09-111755
Tax number : 12369410-2-44
HQ : 2351 Alsónémedi, GLS Európa u. 2.
Phone: +36 29 886 670
E-mail: info@gls-hungary.com
Webpage: https://gls-group.eu/HU/hu/home

business company, as the carrier delivering the ordered products (hereinafter: Data Processor).

13.3.3. Defining the scope of data involved in data processing: The data processing affects the following data of the User in order to fulfill the contract concluded after the User’s order (execution of delivery):
– Surname
– Second name
– Phone number
– Delivery address

13.3.4. Purpose of data processing: to be able to fullfil the User’s order based on the contract among the User and the Data controller, the delivery of the ordered product by delivery to the address indicated by the User, if necessary by telephone consultation on the place and time of delivery.
13.3.5. Duration of data processing: the time required to complete delivery and delivery.
13.3.6. The processing of data is limited to the technical operations necessary to complete the delivery and delivery.
13.4. Data is not processed for any other purpose.
13.5. The Data Processors are not interested in the business of the Data Controller.
13.6. The Data Controller does not use any data processor other than the Data Processors indicated above.

14. User’s data management rights
14.1. Access right: At the request of the User, the Data Controller shall provide information on the data of the User, or the data processed by the Data Processor entrusted by data controller, their source, the purpose, legal basis and duration of the data processing, the name, address and data processing activities of the Data Processor, on the circumstances, effects and measures taken to deal with a possible data incident, and the measures taken to remedy it, and – in the case of the transfer of the personal data of the data subject – the legal basis and the recipient of the transfer. The Data Controller shall provide the information without undue delay, but no later than within one month from the receipt of the request.

Under the right of access, the Data Controller shall provide the User with a copy of the personal data subject to data processing no later than within one month from the receipt of the request. For additional copies requested by the User, the Data Controller may charge a reasonable fee based on administrative costs (according to Chapter 15).

14.2. Right to data portability: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

a) data management is based on the User’s consent or contract
b) the processing is carried out by automated means.

In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

14.3. Right to rectification: 1The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
14.4. Right to restriction of data processing: The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

a)the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d) the data subject has objected to processing data processor’s data management, pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted one of the above issues, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union.

A data subject who has obtained restriction of processing pursuant to above paragraph shall be informed by the controller before the restriction of processing is lifted.

14.5. Rigth to erasure („right to be forgotten”): The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
c) the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing;
d) the personal data have been unlawfully processed;
e) he personal data have to be erased for compliance with a legal obligation in Union law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services

Where the controller has made the personal data public and is obliged pursuant to paragraph above to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

The data controller shall notify the affected User of the rectification, restriction and erasure, as well as all data controllers to whom the data has previously been transmitted. Notification may be omitted if it proves impossible or requires a disproportionate effort. Upon request, the Data Controller shall inform the User about these recipients.

14.6. Right to protest: The User has the right to object at any time for reasons related to his / her situation to the processing of his / her personal data based on the legitimate interests of the Data Controller, including profiling based on the related legal provisions.

15. Fulfill user requests
15.1. The information and measures provided for in point 14 shall be provided free of charge by the Data Controller

15.1. The information and measures provided for in point 17 shall be provided free of charge by the Data Controller.
If the request of the User concerned is manifestly unfounded or particularly excessive due to its repetitive nature, the Data Controller, considering the administrative costs involved in providing the requested information or information or taking the requested action:
a) charge a reasonable fee, or
b) may refuse to act on the request.

15.2. The Data Controller shall, without undue delay, but no later than within one month from the receipt of the request, inform the User of the measures taken following the request, including the issuance of copies of the data. If necessary, considering the complexity of the application and the number of applications, this time limit may be extended by a further two months. The Data Controller shall inform the User about the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request. If the User has submitteds his / her request electronically, the information shall be provided electronically by the Data Controller, unless the User concerned requests otherwise.
15.3. If the Data Controller does not take action at the request of the User concerned, informs the data subject without delay, but no later than one month after receipt of the request, of the reasons for not taking action, and that the User may lodge a complaint with the supervisory authority indicated in point 17 and exercise her right of judicial appeal in accordance with the provisions of the same.
15.4. User may submit his / her requests to the Data Controller in any way that allows the identification of his / her person. The identification of the User submitting the request is necessary because the Data Controller can fulfill the requests only to those entitled to do so. If the Data Controller has reasonable doubts about the identity of the natural person submitting the request, he / she may request the provision of additional information necessary to confirm the identity of the User concerned.

You can send the user’s requests by post to the address of the Data Controller indicated in point 1.1., by e-mail to hello[at]woklove.hu. A request sent by e-mail is considered authentic by the Data Controller only if it is sent from the e-mail address provided and registered by the User to the Data Controller, however, the use of another e-mail address does not mean that the request is ignored. In the case of e-mail, the date of receipt shall be the first working day following dispatch.

19. Data protection, data security
19.1. Within the scope of its data management and data processing activities, the data controller ensures the security of the data, ensures the enforcement of the legislation and other data and confidentiality rules through technical and organizational measures and internal procedural rules. It shall protect the data processed against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage and from inaccessibility resulting from changes in the technology used.
19.2. To do this, the Data Controller uses the http protocol with the “https” scheme to access the website, with which the web communication can be encrypted and uniquely identified. In addition, in accordance with the above, the Data Controller stores the processed data in data management lists recorded in the form of encrypted data files, separated by data management purposes, which may be accessed by employees of the Data Controller – who perform tasks in the course of their activities on this website – , whose job responsibilities are to protect the data and to handle it responsibly in accordance with this prospectus and the relevant legislation.
19.3. From the beginning, the data management IT system records the data on which the traffic is measured and the habits of the use of the website are mapped in such a way that it cannot be directly linked to any person.
19.4. The data will only be processed to the extent necessary and proportionate to achieve the legitimate purpose set out in this prospectus, in accordance with the relevant legislation and recommendations, with appropriate security measures.

19. Enforcement
19.1. Data subjects can exercise their rights in court and apply to the Hungarian National Authority for Data Protection and Freedom of Information:

Hungarian National Authority for Data Protection and Freedom of Information
Address: 1055 Budapest, Falk Miksa utca 9-11.
Post address: 1363 Budapest, Pf. 9.
Phone: +36 1 391 1400
E-mail: ugyfelszolgalat@naih.hu
Webpage: http://www.naih.hu/

In the event of a choice of court, the lawsuit may also be instituted before the court of the place of residence or stay of the person concerned, as the lawsuit falls within the jurisdiction of the court.

2021.09.30.
Horgász-Zóna Kft.