PRIVACY POLICY

This Policy governs the processing of personal data concerning the website www.bluering.eu (hereinafter referred to as the "Website") operated by ORINK HUNGARY LTD. (registered office, postal address: 160. Karolyi Sandor way Budapest 1151, Hungary, company registration number: 01-09-396481, vat number: 22696715-2-42; represented by Zoltan Tamas Konarik, Managing Director and Zoltan Kovacs, Managing Director, hereinafter referred to as the "Data Controller").

 

I. Main information about the Policy

This Policy is binding on the Data Controller. The Data Controller further undertakes to process personal data at all times in accordance with the legal provisions in force and the provisions of this Policy.

This Policy shall enter into force on 10 September 2022.

This Policy applies to all natural persons using the Website (hereinafter referred to as the "Data Subject" or "you"). This Policy covers the processing of the Data Subject's data provided by the Data Subject when using the Website or processed by the Website.

This Policy may be unilaterally amended and/or withdrawn by the Data Controller at any time, with simultaneous notification to the Data Subjects. The information shall be provided by publication on the Website or, depending on the nature of the change, by direct notification to the Data Subjects.

Main data of the Data Controller:

Company name: Orink Hungary LTD.

company registration number: 01-09-396481

Tax number: 22696715-2-42

represented by: Zoltan Tamas Konarik, Managing Director and Zoltan Kovacs, Managing Director

e-mail: orink@orinkhungary.hu

Phone: +36 1 367 3545 (Monday to Friday)

If you have any questions or comments about this policy or data management, please feel free to contact us using any of the contact details above.

The terms used in this policy are in accordance with the applicable legal provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation - hereinafter "GDPR") and Act CXII of 2011 of the parlament of the Hungary on the Right to Informational Self-Determination and Freedom of Information (hereinafter "Infotv.").

 

The Data Controller shall act in full compliance with the legal provisions and data management principles in force at any time in the course of the data processing operations it carries out.

 

II. Certain data processing activities carried out in the course of using the Website

1. Purposes of the processing

The Data Controller may process information about you for the following purposes:

  1. to operate the Website,

  2. to compile statistics to assist in the development of the Website for this purpose,

  3. to enable the Data Controller to share with you information that you have requested or that the Data Controller considers may be of interest to you, provided that you have given your explicit consent to the latter contact and the related processing (sending of newsletters),

  4. in order to enable the Data Controller to process your enquiries / requests made by you by filling in the relevant forms on the Website,

  5. to ensure that the content of the Website is presented in the most appropriate way for you,

  6. to enable you to participate, at your option, in the interactive features of our services,

  7. to notify you of any changes to our services.

2. Legal basis for processing

The processing of personal data in connection with the use of this Website or any other activity related to the Website is based on the prior consent of the Data Subject (either through the use of the Website as an active act or through an explicit legal declaration, such as a subscription to a newsletter).

Possible legal consequences of refusal of processing: reduction of the usability and functionality of the Website, failure to provide relevant information, failure to respond to a request for information. The provision of data is not, as a general rule, a precondition for the conclusion of a contract.

3. Scope of personal data processed

The following personal data are processed with the consent of the Data Subject: e-mail address, first name, surname.

Data technically recorded in the course of the operation of the system: the data of the Data Subject's computer logging in, which are generated during the use of the service and which are recorded by the Data Controller's system as an automatic result of technical processes. The automatically recorded data are automatically logged by the system at the time of log-in or log-out, without any specific declaration or action by the Data Subject. These data may not be linked to other Personal Data of the Data Subject, except in cases required by law. The data may only be accessed by the Data Controller.

The Controller does not verify the personal data provided to it. The person providing the data is solely responsible for the correctness of the data. The e-mail address of any Data Subject is also responsible for ensuring that the e-mail address provided is the only one from which he/she will receive services.

4. Cookies

4.1. Cookies are placed on the basis of a voluntary, informed declaration by the Data Subject of the Internet content on the www.bluering.eu website, which contains the Data Subject's express consent to the placing of cookies on his/her computer during the use of the website. This consent is given by the Data Subject through the use of the Site. The purpose of the cookie is to ensure the best possible functioning of the site in order to enhance the experience of the Data Subject. The Data Subject can delete the cookie from his or her computer or set his or her browser to disable the use of cookies. By disabling the use of cookies, the Data Subject acknowledges that without cookies the functionality of the site is not fully functional.

4.2. These cookies are provided by Google and are used through Google Adwords. These cookies are only sent to the visitor's computer when visiting certain sub-pages, so they only store the fact and time of the visit to the sub-page in question and no other information.

4.3 The use of the cookies sent in this way is as follows. Data Subjects can opt-out of Google cookies by visiting the Google advertising opt-out page. (Data Subjects can also opt-out of cookies from third-party service providers on the Network Advertising Initiative opt-out page.

4.4. Applied cookies:

  • Analytics, tracking cookie

  • Tracking via website

  • Log-in, Data subject identification session cookie

4.5. The "Help" function in the menu bar of most browsers provides information on:

  • how to disable cookies,

  • how to accept new cookies, or

  • how to instruct your browser to set a new cookie, or

  • how to turn off other cookies.

The data automatically collected as described above are used for statistical purposes, technical improvements to the IT system and to protect the rights of Data Subjects.

5. Duration of data processing

5.1. The processing of personal data provided by the Data Subject shall continue until the Data Subject unsubscribes from the newsletter (withdraws his/her consent or expresses his/her objection to the processing) using the e-mail address provided.

The Data Subject may unsubscribe from the newsletter at any time by using the link at the bottom of the newsletter or by sending a written notification to orink@orinkhungary.hu, indicating his/her full name and the email address used for the subscription, or by sending a written notification to the address at 160 Karolyi Sandor way, Budapest 1151, Hungary.

The cancellation will take place immediately, but no later than 10 working days after receipt of the Data Subject's unsubscription (cancellation request).In the event of unlawful or fraudulent use of Personal Data or in the event of a criminal offence or system attack committed by the Data Subject, the Data Controller is entitled to delete his/her data immediately upon termination of the Data Subject's registration, but in the event of suspicion of criminal offence or civil liability, the Data Controller is also entitled to retain the personal data for the duration of the proceedings to be conducted.

5.2 The Personal Data provided by the Data Subject, even if the Data Subject does not unsubscribe from the newsletter, may be processed by the Data Controller until the Data Subject explicitly requests in writing that the processing of such data be terminated. The erasure of personal data shall take place immediately upon receipt of the request, but not later than 10 working days from the receipt of the request.

5.3 Data which are automatically and technically recorded during the operation of the system will be stored in the system from the moment they are generated for a period of time justified for the purposes of ensuring the operation of the system. The Data Controller shall ensure that these automatically recorded data cannot be linked to other Personal Data of the Data Subject, except in cases required by law. If the Data Subject has withdrawn his or her consent to the processing of his or her Personal Data or has unsubscribed from the service, his or her identity will no longer be identifiable from the technical data.

6. Who can access the data, data transfers, data processing

6.1. The Data Controller and its internal staff are the primary recipients of the data, but they are not entitled to disclose or transfer to third parties. The Data Controller does not use a separate external data processor. It processes the Personal Data itself.

6.2 The Data Controller shall be entitled and obliged to transfer to the competent authorities any Personal Data at its disposal and stored by it in accordance with the law, which it is obliged to transfer by law or by a final and binding obligation of a public authority. The Controller shall not be held liable for such transfers and the consequences thereof.

6.3 If the Data Controller transfers the operation or use of the content service on the Website, in whole or in part, to a third party, it may transfer the Personal Data it processes to such third party for further processing without requesting the consent of the latter. This transfer of Data may only serve the purpose of the continuity of the registration of the Data Subjects who have already subscribed, but may not place the Data Subject in a more disadvantageous position than the data processing and data security rules indicated in the current version of these Data Processing Rules.

6.4 For the purposes of monitoring the lawfulness of data transfers and informing the Data Subject, the Data Controller shall keep a register of data transfers containing the data processed by the Data Controller and the data subjects' personal data.

the date of the transfer of Personal Data, the legal basis and the recipient of the transfer, the scope of the Personal Data transferred and other data specified in the legislation providing for the processing.

7. Use of email addresses, sending of newsletters

7.1 The Data Controller pays particular attention to the lawfulness of the use of the e-mail addresses it manages, and therefore uses them only for sending e-mails (informative or advertising) as specified below.

7.2 The processing of e-mail addresses is primarily for the purpose of identifying the Data Subject and for keeping in touch with him/her in the course of communicating up-to-date information on the Bluering brand represented, and therefore e-mails are sent primarily for this purpose.

7.3. Subscription to the newsletter shall constitute such consent.

7.4 The Data Controller informs the Data Subjects that they may unsubscribe from the newsletter at any time as set out in point 5.1. In addition, the consent to receive the newsletter may be withdrawn at any time and the sending of the newsletter may be objected to at any time. In such cases, the Controller will delete the personal data processed for the purpose of sending the newsletter without delay.

III. Data security

1. Data security measures

The Data Controller shall ensure default and built-in data protection. To this end, the Data Controller shall apply appropriate technical and organisational measures to ensure that:

    • precisely control access to the data;

    • Allow access only to those persons who need the data to perform the task for which it is collected, and then only to the minimum necessary for the performance of that task;

    • carefully select the data processors it engages and ensure the security of the data through appropriate data processing contracts;

    • ensure the integrity (data integrity), authenticity and protection of the data processed.

We are committed to the security of your information. Unfortunately, the transmission of information over the Internet is not completely secure. The Data Controller will do its best to protect your personal data, but cannot guarantee the security of any data uploaded to the Website, so any transmission is at your own risk.

2. Physical storage of data

The data is stored in Hungary.

IV. Rights of the Data Subject

The Data Subject has the following rights in relation to the processing:

a) The right to transparent information: the Data Subject has the right to be informed about the processed and the processing of the data, both before and during the processing, including this Policy;

b) Right of access to stored data: the Data Subject has the right to request information about the data stored about him or her and about certain aspects of the processing (in particular: existence, purpose, legal basis, scope of the data processed, disclosure to third parties, storage period, means of exercise, remedies, data source, profiling, automated decision-making, guarantees, etc.);

c) Right to rectification: in the event of inaccurate data, the Data Subject may initiate the rectification of the data;

(d) Right to erasure (right to be forgotten): the Data Subject may request the erasure of the data if:

    • the data are no longer necessary for the original purpose for which they were collected

    • the Data Subject withdraws his or her consent to the processing of the data

    • the Data Subject objects to the processing and there is no other ground or legal basis for the processing

    • the processing is unlawful

    • a legal obligation requires erasure

    • the collection of the data has taken place in connection with the provision of an information society service;

(e) Right to object: the Data Subject may object to processing based on public interest or legitimate interest; in this case, the Controller may continue to process the data only if there are compelling legitimate grounds for doing so which override the Data Subject's legitimate interests or are related to the exercise of legal claims. An objection to processing for direct marketing purposes may be raised at any time and the data may no longer be processed in the event of an objection;

f) Right to restriction of processing: in the case of unlawful processing or other cases permitted by law, restriction of processing may be requested;

(g) Right to data portability: in the case of processing based on consent or contract, where the processing is carried out by automated means, the Data Subject has the right to request the disclosure of the data he or she has provided in a structured, commonly used, machine-readable format and to transmit the data as he or she wishes;

h) right of withdrawal: the Data Subject may withdraw his or her consent at any time.

The data subject may exercise the above rights at any time. The Data Subject may exercise his or her right to withdraw his or her consent at any time. The Data Controller informs the Data Subjects that the Data Controller is not obliged to appoint a Data Protection Officer under the applicable legal provisions, but a Data Protection Officer is available to the Data Subjects at the above contact details.

The Data Controller is entitled to identify the Data Subject prior to responding (in order to verify that the request originates from the Data Subject). Requests received from the e-mail address of the Data Subject registered by the Data Controller will be considered by the Data Controller as originating from the Data Subject. In the case of requests received in other forms, the Data Controller shall be entitled to authenticate the Data Subject by other means (e.g., to orally enquire about the veracity of a written request at a given telephone number, to request written confirmation of a verbal request, or to initiate other appropriate identification).

The Data Controller shall examine the requests received and either process them without delay, but not later than one month, or in exceptional cases within a longer period permitted by law, or reject them (with reasons). The Data Controller shall inform the Data Subject in writing of the result of the decision. The processing of the request shall be free of charge, except for unfounded or excessive requests, for which the Data Controller may charge a reasonable fee corresponding to its administrative costs.

The Data Subject may at any time lodge a complaint with the Data Controller at the contact details provided above (orink@orinkhungary.hu or at the Data Controller's mailing address at 160 Karolyi Sandor way, 1151 Budapest, Hungary). In addition, the Data Subject shall have the right to institute legal proceedings against the processing of personal data at the court of the Data Controller's registered office or the Data Subject's place of residence, which proceedings shall be free of charge and shall be out of court. In addition to the above, you may also lodge a complaint with the National Authority for Data Protection and Freedom of Information.

The accuracy, completeness and, where necessary for the purposes for which the data are processed, the up-to-dateness of the data must be ensured. In this regard, the Data Controller requests that the Data Subjects inform the Data Controller as soon as possible of any changes to their personal data recorded by the Data Controller.