Privacy policy

Data management and terms of use

Privacy policy of H2Online Kft., the owner of the h2online.hu website

 

A H2Online Ltd. (registered office: 4026 Debrecen, Csemete u. 20., info@h2online.hu, tax number: 14299478-2-09, hereinafter referred to as H2Online, Service Provider, Data Controller), as the Data Controller, acknowledges the contents of this legal notice as binding upon it.

H2Online undertakes to ensure that all data processing in relation to its activities complies with the requirements set out in this notice and in the applicable legislation. 

H2Online reserves the right to unilaterally change this policy at any time and will notify registered users of the portal of any changes in a timely manner.

If you have any questions about this communication, please contact us at adatkezeles@h2online.hu.

 

Definitions

 

  • personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
  • processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  • restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;
  • controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
  • „processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  • „profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
  • „pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
  • „filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
  • „recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  • „third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
  • „consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  • „personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

 

Data of the data controller

 

Name: H2Online Kft. (hereinafter referred to as the “Service Provider”)

Address4026 Debrecen, Csemete u. 20.

Company register number: 09-09-014917

Tax number14299478-2-09

Contactinfo@h2online.hu 

 

Name of the data processing

h2online.hu website visitor database.

 

Scope of data processed Data processed by the Service Provider

The range of data that is recorded or can be recorded for each visitor:

a. During the use of the website, the portal collects the time and place of the user’s visit, as well as the technical parameters of the browsing (browser, screen resolution, type of operating system). This data is automatically monitored by the system, but it is not logged and not linked to other personal data. The data is only used for the duration of the visit for the purpose of optimum display.

b. Cookies to provide a personalised service, a small piece of data, known as a cookie, is placed on the user’s computer and read back during a subsequent visit. Cookies facilitate the use of the website, provide a quality user experience, remember visitors’ individual preferences, and provide information about the visitor and their device. Visitors have the option to disable cookies in their browser or delete previously stored cookies.

  • Session cookies: the purpose of these cookies is to enable visitors to browse the Service Provider’s website, use its functions and services fully and smoothly. The validity period of this type of cookie lasts until the end of the session (browsing), and is automatically deleted from the computer or other browsing device when the browser is closed.

Any user can disable cookies in their browser settings or delete previously received files at any time.

 

H2Online selects and operates the IT tools used to process personal data in the operation of the portal in such a way that the data processed is:

– accessible to authorised persons (availability);

– authenticity and verification (authenticity of data processing);

– its immutability can be verified (data integrity);

– be protected against unauthorised access (data confidentiality).

The Service Provider shall take appropriate measures to protect the data against unauthorized access, alteration, disclosure, disclosure, deletion or destruction and against accidental destruction.

The Service Provider shall ensure the security of data processing by technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with the processing.

In the course of data processing, the Service Provider shall retain

  • confidentiality: it protects information so that only those who are entitled to it have access to it;
  • integrity: protects the accuracy and completeness of the information and the method of processing;
  • availability: making sure that when the authorised user needs it, he or she can actually access the information and has the means to do so.

 

Data stored by third parties

 

The Service Provider also uses third party services on its website to provide and improve the services of the website. The operators of h2online.hu do not have direct access to the personal data collected by placing cookies during the following services, the data management policies of the respective service provider are applicable.

  • By using Google Analytics for statistical purposes, the Service Provider collects information about how visitors use the website. The data collected is anonymous, accessible in aggregate form for statistical purposes, and cannot be linked to personal data for the Service Provider.

Any user can disable cookies in their browser settings or delete previously received files at any time.

 

Legal basis for data processing

 

Voluntary consent of the data subject pursuant to Article 6 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR).

 

Purpose of data processing

 

The portal is used to record statistical data in order to improve the website. You have the possibility to control or disable this in the data management settings of the respective service provider.

In the case of data recorded in the log file during the use of the website, the data is stored for technical and statistical purposes only. The anonymous visitor identifier as a series of signals (cookies) is not in itself able to identify the customer, i.e. the visitor, in any way, but only to recognise the visitor’s computer. The user has the possibility to configure his/her browser to not allow the placement of the unique identifier on the user’s computer or to delete previously placed cookies. In this case, the user will still be able to use a significant part of the service, but in some cases (for example, in the case of customised solutions) the user will not be able to use some of the features of the service to the fullest extent. 

 

Duration of data processing

 

The Service Provider does not store data about visits. Personal data recorded for statistical purposes are stored by h2online.hu’s Google Analytics profile for 72 months, after which they are automatically deleted.

 

Rights of data subjects and means of redress

 

The data subject may request information about the processing of his or her personal data and may request the rectification, erasure or withdrawal of his or her personal data, except for mandatory data processing, and may exercise his or her right to data portability and objection in the manner indicated when the data were collected, or at the above contact details of the controller.

  1. Right to information

The Service Provider shall take appropriate measures to provide the data subject with all the information referred to in Articles 13 and 14 of the GDPR and each of the disclosures referred to in Articles 15 to 22 and 34 of the GDPR concerning the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.

  1. The right of access of the data subject

The data subject shall have the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom or with which the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations; the envisaged period of storage of the personal data; the right to rectification, erasure or restriction of processing and the right to object; the right to lodge a complaint with a supervisory authority; information on the data sources; the fact of automated decision-making, including profiling, and clear information on the logic used and the significance of such processing and its likely consequences for the data subject. The controller shall provide the information within a maximum of one (1) month from the date of the request.

  1. Right of rectification

The data subject may request the correction of inaccurate personal data relating to him/her processed by the Service Provider and the completion of incomplete data.

  1. Right to erasure (“right to be forgotten”)

The data subject shall have the right to have personal data concerning him or her erased by the Service Provider without undue delay upon his or her request if one of the following grounds applies:

– the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

– the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;

– the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

– the personal data have been unlawfully processed;

– the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;

– the personal data have been collected in connection with the provision of information society services.

  • The erasure of data cannot be initiated if the processing is necessary:
  • – for the exercise of the right to freedom of expression and information;
  • – to comply with an obligation under Union or Member State law to which the controller is subject to which the processing of personal data is subject or to carry out a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • – for archiving, scientific and historical research purposes or statistical purposes in the public interest in the field of public health; or
  • – for the establishment, exercise or defence of legal claims.
  1. Right to restriction of processing

At the request of the data subject, the Service Provider shall restrict the processing of data if one of the following conditions is met:

– the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the accuracy of the personal data to be verified; – the processing is unlawful and the data subject opposes the erasure of the data and requests instead that its use be restricted;

– the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims; or

– the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.

Where processing is restricted, personal data, except for storage, may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.

  1. Right to data retention

The data subject has the right to receive personal data relating to him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and to transmit these data to another controller.

  1.  Right to object

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the controller may no longer process the personal data, except on compelling legitimate grounds which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

  1. Automated decision-making in individual cases, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

  1. Right of withdrawal

The data subject has the right to withdraw his or her consent at any time without giving reasons.

  1. If the User detects a violation of his/her rights in the course of data processing, he/she has the following options:
  • directly to the Data Controller by post (H2Online Kft., 4026 Debrecen, Csemete u. 20.) or by e-mail at the following contact details: info@h2online.hu
  • may take legal action against unlawful processing of your data and breaches of data security. You may be entitled to compensation and damages as provided by law. For information on the jurisdiction and contact details of the court, please visit the following website: www.birosagok.hu
  • may lodge a complaint with the supervisory authority concerned, the National Authority for Data Protection and Freedom of Information [NAIH]. Contact details of the NAIH: Headquarters: H-1125 Budapest, Falk Miska utca 9-11. Phone: 06-1-391-1400 Email: ugyfelszolgalat@naih.hu, Website: http://www.naih.hu

 

Name of data processors

Pharmapromo Kft. (programming)

NOOP IT Services Kft. (Administrator services):

Hetzner Online GmbH (server hosting)

 

Address of data processors

4026 Debrecen, Csemete u. 20.

4028 Debrecen, Kassai út 129/B 2/205.

91710 Gunzenhausen, Deutschland, Industriestr. 25.

 

Name of data processing

Performing technical tasks related to the operation of the portal.

 

Possibility to amend the privacy policy

The Service Provider reserves the right to unilaterally modify this Privacy Policy with prior notice to users. By using the Service after the effective date of the amendment, you accept the amended Privacy Policy.

(Updated: 2023. 02. 22.)