Privacy policy

Date of publication: 2021.01.03.

A Mozgó Cívisért Közhasznú Egyesület (registered office: 4032 Debrecen Németh László utca 38., registration number: 09-02-0003943, tax number: 18146743-1-09.), as a data controller (hereinafter: data controller) within the framework of this data management information and regulations (hereinafter: data management regulations) informs its Customers, visitors (users) of its websites about the personal data processed by it, the conditions and conditions of personal data processing and the rights and enforcement possibilities .

European Parliament and Council Regulation (EC) No 2016/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) 679. (hereinafter referred to as the General Data Protection Regulation or GDPR ).

In the course of maintaining the online contracting and service platform called “Foggo” operated at https://foggo.hu, the service activities of the data controller are performed by customers and website visitors using the services (hereinafter together: concerned). ) for some of your personal information.

I. SCOPE OF PRIVACY POLICY

1. Temporal scope of the data management regulations: these data management regulations 12.10.2018. It enters into force on the day of its entry into force and is valid until the creation of the new data management policy of the data controller The data controller reserves the right to amend the data management policy or to create a new data management policy with prior notice to the data subjects.

2. Subject (personal) scope of the Data Protection Policy: covers data subjects referred to in Article 4 (1) of the GDPR, ie "identified or identifiable natural person" whose personal data are affected by data processing activities covered by this Data Protection Policy.

3. Subject matter: covers all data processing by the controller.

II. NAME, DATA, CONTACT DETAILS OF DATA CONTROLLER

1. Name of the data controller: A Mozgó Cívisért Közhasznú Egyesület

2. Headquarters of the data controller (also activity center): 4032 Debrecen Németh László utca 38.

3. Legal representative of the data controller: President László János Kollár

4. Registration number of the data controller: 09-02-0003943 (Court of Debrecen)

5. Telephone contact of the data controller (and legal representatives): +36 30 / 415-1174

6. Central website of the data controller: http://amozgocivisert.hu

7. Further website of the data controller: https://foggo.hu/

8. Central e-mail address of the data controller: info@amozgocivisert.hu

9. Privacy Officer: None

10. Number of data controllers: less than 250

The person concerned may exercise the powers provided for in Annex VIII at the contact points provided for in this Chapter. the rights of the data subject under this Chapter.

III. PURPOSE OF DATA MANAGEMENT

Purposes of data management:

(a) establishing the identification data necessary for the use of the online contracting and service platform maintained by the data controller under the name "Foggo" or for the use of sports services and data characterizing sports services, ensuring contact and contact with the data subject;

b) promoting the user-friendly use of the online contracting and service platform, customizing the website and user accounts, enhancing the user experience;

c) sending newsletters, informing the data subject about the data controller's offers;

d) to get acquainted with the usage habits of the data subject, to develop the internet websites operated by the data controller, to compile and analyze visitor statistics.

The data controller does not use the personal data of the data subject for purposes other than those stated.

IV. LEGAL BASIS FOR DATA MANAGEMENT

The controller manages the data on the basis of Article 6 (1) (a) and (b) of the GDPR, such as the data subject's consent and the performance of contracts for the use of the online contracting and service platform personal data of the data subjects.

The legal basis for the processing of data processed for the purposes of point III / a) is the performance of contracts concluded with the data controller for the use of the service platform or for the use of sports services transmitted through the service platform.

The legal basis for the processing of data processed for the purposes of points III / b-d) shall be the data subject's consent, which shall be prior, well-informed, voluntary, specific and clear.

The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the data processing prior to withdrawal.

The data processing of the data controller based on the performance of contracts shall not be affected by the lack or withdrawal of the data subject's consent. However, the data processing referred to by the data controller shall be limited to the data that are strictly necessary for the data subject.

V. SCOPE OF MANAGED DATA

The controller handles the following personal data for each data subject in accordance with the specific purpose of the data processing:

(a) Name of the person concerned (surname and first name);

b) Address of the data subject (delivery address);

c) Contact details of the data subject (telephone number, e-mail address);

d) In relation to the data subject providing the service, the data subject's education, qualifications, forms of training taught by the data subject, data and characteristics of the sports facility under the data subject's possession - sporting event, real estate offered for sports purposes;

e) Stakeholder's interests in the field of sports, popular sports, forms of movement;

f) Images (images) uploaded to the affected user account, introductory data;

g) Internet browsing data required for analytical analysis of the affected web [eg: IP address; browser type; type of operating system; date of visit; the (sub) site, function or service visited; click].

The data specified in points a) -d) shall be processed on the basis of the performance of the contracts, the data specified in points e) -g) shall be processed on the basis of the consent of the data subject.

V / g. In order to manage the data according to point 1, a data package (cookie or cookie) is placed by the data controller on the affected computer (browser program) of the website visitor. If a previously saved cookie is returned by the affected user's browser, the service providers that handle it will only be able to link the user's current visit to their previous visits for their own content only.

Types of cookies used:

a.) Technically essential session cookies: without which the site would not function functionally, they are necessary to identify the user. Cookies are valid until the end of the session (browsing), and when you close the browser, these types of cookies are automatically deleted from your computer or other device used for browsing.

b.) Cookies for statistical and analytical purposes: the data controller also uses Google Analytics cookies as a third party on its website. Using Google Analytics for statistical purposes, the data controller collects information about the use of the website by the stakeholders who visit the website. The purpose of cookies is to improve the website and improve the user experience. Until their expiration or deletion, cookies remain on the user's computer or other device or browser used for browsing.

Learn more about Google Analytics cookies here: https://developers.google.com/analytics

c.) Marketing cookies: collect information about a user's behavior within the website they are visiting. Cookies allow website usage data to be shared with the data controller's social media, advertising and analytics partners.

Data Manager uses Facebook pixels to increase the effectiveness of Facebook ads. A Facebook pixel is a snippet of code placed in the source code of the www.foggo.hu website, with the use of which Facebook is given the opportunity to track user activity on the www.foggo.hu website using a cookie. By using the referenced cookie, the data controller can optimize the display of advertisements and display his advertisements to users who may be interested in the services according to the advertisements.

Facebook pixel remarketing lists are not personally identifiable and do not contain the visitor's personal information.

Facebook sends reports to advertisers (including the data controller) about who saw their ads and how their ads performed, but Facebook does not provide information to the data controller that could personally identify the person viewing the ad, or based on which the data controller could personally contact the person viewing the advertisement. Facebook sends the advertiser information about general demographics and interests (e.g., what age group, geographic location, gender, interest) viewed the ad, and what action (e.g., viewing, searching, downloading content on the data controller’s website) ) finished.

The data controller shall inform the data subject on his / her website that the website uses cookies, for the use of which, with the exception of technically essential session cookies, the data subject requests the consent of the data subject.

The legal basis for the processing of data by cookies is the data subject's consent, which can be given by using the following cookie setting box at the bottom of the website:

The data subject may delete the cookie from their own computer (device) or disable its use in their browser.

For information on cookie settings for the most popular browsers, visit the following links:

Google Chrome:
https://support.google.com/accounts/answer/61416?hl=en

Firefox:
https://support.mozilla.org/en/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn

Microsoft Internet Explorer 11:
http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

Microsoft Edge:
http://windows.microsoft.com/en-us/windows-10/edge-privacy-faq

Safari:
https://support.apple.com/en-us/HT201265

VI. DURATION OF DATA PROCESSING, DATA TRANSMISSION, DATA SOURCE

1. The data required for the performance of the contracts will be processed by the data controller until the performance of the contracts.

2. Data processing based on the data subject's consent shall be carried out by the data controller until the data subject's consent is revoked - until the data subject's request for deletion (Chapter VIII, point 5) is submitted (deletion of his / her customer profile, installed cookies).

Transfer

3. The data controller shall transmit the data specified in Chapter V, points a) -c) to the legal entity providing the sports service or using the service ordered through the service platform for the mutual information of the parties and the performance of the given service. Data controller for V / d. It also forwards information on the form of training taught in accordance with point (ordered sports service) and the booked sports facility to the legal entity using the service.

With the consent of the data subject, the data controller uses data files (cookies) built into the program of the data browser concerned (see Chapter V), which data can be used to transfer the data data of the data subject to Google LLC and Facebook Inc. for web analytics. .

In addition to the data transfers referred to, the controller does not disclose the personal data of the data subjects to third parties, but only to public authorities which are legally entitled to request it from the controller. The data controller does not carry out joint data management.

4. The controller does not allow the transfer of personal data to subjects in another Member State or in a third country, with the exception of browsing and user data that may be required for web analytics.

5. The data controller’s websites may contain simple links to social media operator websites. If you use the links, the website of the given social media operator will open in the form of a pop-up window. The use of the linked websites and the publication of information are governed by the provisions of the regulations of the respective social media operator.

Data Source

6. The source of the data managed by the data controller is primarily the communication of the data subject, the data controller does not collect personal data from publicly available sources.

7. The source of the data processed for web analytical purposes is the data files (cookies) built into the program of the affected browser based on the consent of the data subject. Consent to the use of cookies is voluntary on the part of the user, refusal of consent does not have any adverse consequences for the user. The use of data files can be disabled by the data subject using the appropriate settings of the browser program he or she is using.

VII. MISCELLANEOUS PROVISIONS

1. The data controller does not carry out automated decision-making or profiling.

2. The data controller does not handle special categories of personal data.

3. The data controller is not obliged to employ a data protection officer or to carry out a data protection impact assessment at the time of the creation of the data protection regulations.

VIII. RIGHTS CONCERNED

1. The right to transparent information and communication

The data controller complies with the information obligation set out in Article 12 (1) of the GDPR by creating these rules, publishing them on its websites and at its registered office.

At the request of the data subject, the controller shall also provide oral information, provided that the identity of the data subject has been otherwise verified.

The data controller facilitates the exercise of all data subjects' rights.

The controller may not refuse a request for the exercise of the data subject's rights unless he or she proves that the data subject cannot be identified.

The controller shall, without undue delay, but no later than one month after receipt of the request, inform the data subject of the measures taken in relation to the exercise of the data subject's rights. If necessary, taking into account the complexity of the application and the number of applications, that period may be extended by a further two months. The data controller shall inform the data subject of the extension of the time limit, indicating the reasons for the delay, within one month from the receipt of the request. If the data subject has submitted the request electronically, the controller shall provide the information electronically, unless the data subject requests otherwise. If the controller does not act on the data subject's request, it shall inform the data subject without delay, but no later than one month after receipt of the request, of the reasons for the non-action and of the data subject's complaint to the supervisory authority (Chapter IX of the Rules); and may exercise its right of judicial review.

The data controller shall provide the information requested by the data subject referred to in this (VIII) chapter and the information provided to them free of charge. If the data subject's request is manifestly unfounded or, in particular due to its repetitive nature, excessive, the controller, taking into account the administrative costs of providing the requested information or information or taking the requested action:

(a) charge a reasonable fee, or

(b) refuse to act on the request.

In the case of Article 12 (6) GDPR, if the controller has reasonable doubts about the With regard to the identity of the natural person submitting the application pursuant to Article 1, he may request the provision of additional information necessary to confirm the identity of the data subject.

2. Information provided by the data controller to the data subject

The controller shall provide the data subject with the following information at the time the personal data are obtained from the data subject:

(a) the name and contact details of the controller (and his representative); (see Chapter II),

(b) the purpose of the intended processing of the personal data and the legal basis for the processing;
(see Chapters III and IV)

The data controller does not have a data protection officer. The transmission of data and the possible recipients of data management are described in Annex VI. Chapter.

At the time of obtaining personal data from the data subject, the controller shall, in order to ensure fair and transparent data processing, provide the data subject with the following additional information:

(a) the duration of the storage of personal data (see Chapter VI);

(b) the data subject may request from the controller access to, rectification, erasure or restriction of the processing of personal data concerning him or her and may object to the processing of such personal data, exercise his or her right to data portability;

(c) the data subject has the right to withdraw his or her consent to the processing at any time (however, the withdrawal does not affect the lawfulness of the processing carried out prior to the withdrawal and the processing on a different legal basis);

(d) the person concerned may lodge a complaint with the supervisory authority (Chapter IX of the Rules of Procedure);

e) the provision of certain personal data is a precondition for concluding a contract, using the service platform, the provision of personal data is voluntary, the data controller does not carry out automated decision-making and profiling;

f) The data controller does not intend to carry out further data processing on personal data for purposes other than the purpose for which they were collected.

3. Right of access

The data subject shall have the right to receive feedback from the controller as to whether the processing of his or her personal data is in progress and, if such processing is in progress, shall have the right to access the personal data and the following information:

(a) the purposes of the processing;

(b) the categories of personal data of the data subject;

(c) where applicable, the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;

(d) the data subject may request the controller to rectify, erase or restrict the processing of personal data concerning him or her and to object to the processing of such personal data;

(e) the person concerned may lodge a complaint with the supervisory authority (Chapter IX).

The data controller informs the data subject about the transmission of the data and the recipients of the data. Upon request, the data controller shall inform the data subject of the source of the data.

The data controller shall provide the data subject with a copy of the personal data which are the subject of the data processing. The controller does not charge a fee for additional copies requested by the data subject. If the data subject has submitted his / her request electronically, the data controller shall provide the information in a widely used electronic format (.doc, .xls, .pdf, .jpg), unless the data subject provides otherwise.

4. Right to Correction

The data subject shall have the right, at his request, to have inaccurate personal data concerning him rectified without undue delay. The data subject has the right to request the completion of incomplete personal data.

5. Right to delete ("right to forget")

The data subject shall have the right, at his or her request, to have his or her personal data deleted without undue delay, and the controller shall be obliged to delete the personal data relating to him or her without undue delay if one of the following reasons exists:

(a) personal data are no longer required for the purpose for which they were collected or otherwise processed;

(b) the data subject withdraws his or her consent to the processing and there is no other legal basis for the processing;

(c) if the person concerned has the right to object (see Rule VIII / 9)

(d) personal data have been processed unlawfully;

(e) personal data must be deleted in order to comply with a legal obligation to which the controller is subject under Union or Member State law;

(f) personal data have been collected from children in connection with the provision of information society services.

The data controller does not disclose personal data, so there is no obligation to inform the data controllers who handle the data.

A request for deletion may be refused by the controller for the reasons set out in Article 17 (3) of the GDPR.

In the case of a deletion request, the controller identifies the data subject, taking into account that deletion on an unauthorized request may result in a data protection incident.

6. Right to Restrict Privacy

The data subject shall have the right, at the request of the controller, to restrict the processing if one of the following conditions is met:

(a) the data subject contests the accuracy of the personal data, in which case the limitation shall apply for a period which allows the controller to verify the accuracy of the personal data;

(b) the processing is unlawful and the data subject opposes the erasure of the data and instead requests that their use be restricted;

(c) the controller no longer needs the personal data for the purpose of processing the data, but the data subject requests them in order to make, enforce or protect legal claims; or

(d) the data subject has objected to the processing in accordance with Article 21 (1) of the GDPR; in that case, the restriction shall apply for as long as it is established whether the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject.

In the event of a restriction: such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of bringing, enforcing or protecting legal claims,

The data controller shall, in writing, inform the data subject at whose request the data processing has been restricted as described above in advance of the lifting of the data processing restriction.

7. Obligation to notify the rectification or erasure of personal data or restrictions on the processing of personal data

Pursuant to Article 19 of the GDPR, the data controller shall inform the recipients of the data processing of the rectification, deletion or restriction of the data processing.

8. Right to portability

The data subject has the right to receive personal data concerning him or her provided to a data controller in a structured, widely used machine-readable format. (The format of the file in accordance with point VIII / 3 shall apply, unless the person concerned requests it in another format.)

The controller shall not process the data in an automated manner, so that the data subject is not entitled to transfer it to another controller in respect of the data received in accordance with the previous paragraph.

9. Right to protest

The data subject has the right to object to the processing of his or her data on the basis of the legitimate interests of the data controller, If the data subject exercises the right of protest, the data controller is obliged to support and prove the legitimate and compelling reasons of the data processing.

10. Inform the data subject about the privacy incident

"Data protection incident" means a breach of security within the meaning of Article 4 (12) of the GDPR, which results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized disclosure of personal data transmitted, stored or otherwise handled. results in access.

If the data protection incident is likely to involve a high risk for the data subject or data subjects, the controller shall inform the data subject of the data protection incident without undue delay. The information provided to the data subject shall clearly and intelligibly describe the nature of the data protection incident and shall include at least the following information:

(a) the name and contact details of the Data Protection Officer (if any) or other contact person for further information;

(b) a description of the likely consequences of the data protection incident;

(c) a description of the measures taken or planned by the controller to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences of the data protection incident.

The data subject need not be informed as mentioned in the previous paragraph if any of the following conditions are met:

(a) the controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular measures such as the use of encryption which prevent unauthorized access to personal data; make the data incomprehensible to individuals;

(b) the controller has taken additional measures following the data protection incident to ensure that the high risk referred to above is no longer likely to materialize;

(c) the information would require a disproportionate effort. In such cases, the data subject shall be informed through publicly available information or a similar measure shall be taken to ensure that the data subject is informed in an equally effective manner.

IX. REMEDIES:

1. Without prejudice to other administrative or judicial remedies, any data subject shall have the right to lodge a complaint with the following supervisory authority if he or she considers that the processing of personal data concerning him or her infringes the provisions of the GDPR:

National Data Protection and Freedom of Information Authority
1125 Budapest, Szilágyi Erzsébet avenue 22 / C.
Mailing address: 1530 Budapest, Mailbox: 5.
Phone: + 36-1-391-1400
Fax: + 36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: https://www.naih.hu/

2. Available administrative or non-judicial remedies, including appeals to the supervisory authority, IX / 1. Without prejudice to the right under point 1, the person concerned shall have the right to a judicial remedy if, in his or her opinion, his or her rights under the GDPR have been violated as a result of improper handling of his or her personal data in accordance with the GDPR.

3. Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the GDPR is entitled to compensation from the controller for the damage suffered.

X. DATA SECURITY

The data controller shall ensure the security of the data, shall also take all technical and organizational measures, and shall establish the procedural rules necessary for the protection of the stored and processed data. The data controller shall prevent the destruction, unauthorized use and alteration of the data by all available means.

The personal data of the data subjects are stored by the data controller on the password-protected non-portable computers located at the administrative headquarters of Németh László utca 38, 4032 Debrecen, Bánat utca, and on a dedicated server protected from external influences. Documents containing personal data from data subjects will not be printed by the data controller.

The date of publication of this Privacy Policy is 01/01/2021