Costes Kft.
On the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 2016 27.) we provide the following information.
DATA MANAGER AND CONTACTS:
Company name: Costes Kft.
Headquarters: 1092 Budapest, Ráday utca 4.
Representative: Mario Magalhaes, Managing Director
Website: www.costesrestaurant.hu
E-mail: [email protected]
Phone: 36-20-926-7837
The addressee of the prospectus is a natural person affected by his / her personal data.
The person concerned is the person who reads this information – as a visitor, interested party or customer, customer, principal, customer.
DEFINITIONS
- “personal data” means an identified or identifiable natural person (“data subject”) any relevant information; identifies a natural person who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
- “processing” means any operation or set of operations on personal data or files, whether automated or non-automated, such as collection, recording, systematisation, sorting, storage, transformation or alteration, retrieval, consultation, use, communication, transmission or dissemination; by other means of access, coordination or interconnection, restriction, deletion or destruction;
- “controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
- “processor” means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
- “recipient” means a natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
- “data subject’s consent” means voluntary, specific and proportionate to the will of the data subject
an informed and unambiguous statement by which the data subject indicates, by means of a statement or an act unequivocally expressing the confirmation, that he or she consents to the processing of personal data concerning him or her;
- “data protection incident” means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data which have been transmitted, stored or otherwise handled.
PROVISIONS CONCERNING THE HANDLING OF PERSONAL DATA
- Data management of contracting natural person partners – customers, suppliers
records
1.1 Purpose of data management: conclusion, performance, termination of a contract, contractual manages the data of the natural person contracted to him as a buyer or supplier in order to provide a discount.
1.2 Data management title: title based on a legal obligation.
1.3 Stakeholders: natural persons contracted to the company.
1.4 Recipient of the managed data: employees of the Company performing customer service-related tasks, data processor performing accounting and tax tasks.
1.5 Data processed: natural person contracted as a buyer or supplier
o name
o date of birth,
o mother’s name
o address,
o tax identification number,
o tax number, entrepreneurial, primary producer number
o identity card number,
o home address, registered office, site address,
o telephone number, e-mail address, website address,
o bank account number,
1.6 Such data processing shall be lawful even if the data processing is necessary to take steps at the request of the data subject prior to the conclusion of the contract.
1.7 The data subject must be informed before the start of the data processing that the data processing is based on the title of the performance of the contract, that information may also take place in the contract. The data subject shall be informed of the transfer of his or her personal data to the data processor.
1.8 Duration of storage of personal data: In respect of identification and contact data, the validity of the rights and obligations arising from the legal relationship in connection with which the Data Controller handles personal data expires, in respect of data that are documented and the document supports the accounting, the duration of data processing pursuant to Section 169 (2) of Act C of 2000 is at least 8 years.
1.9 Method of data management: electronic.
1.10 Data processor:
Octonull Kft.
head office: 1133 Budapest, Árbóc utca 6.
email: [email protected]
FaboMark Kft.
head office: 1097 Budapest, Vaskapu u. 1 / E
email: [email protected]
- Legal entity customers, buyers, suppliers natural person representatives
contact information
2.1 Purpose of processing personal data: the Company has a legal entity with a partner
contract fulfillment, business relations.
2.2 Data processing title: consent-based processing of personal data.
2.3 Stakeholders: Legal entity representatives of customers, buyers, suppliers.
2.4 Recipients of personal data: employees of the company performing customer service tasks, employees performing accounting and tax tasks, and data processor.
2.5 Data processed: the natural person
- name,
- address,
- telephone number,
- email address
2.6 Duration of storage of personal data: It will be deleted immediately upon termination of the contract or in the event of a change of contact person.
2.7 Method of data management: electronic.
2.8 The existence of a declaration signed by the natural person’s representative of the legal entity’s clients is required for data processing. This statement must be presented by the employee in connection with the customer, buyer or supplier to the person concerned and by signing the statement he / she must request his / her consent to the processing of his / her personal data. The statement must be kept for the duration of the data processing.
2.9 During the data management, the person performing the accounting data processing activity may also get in touch with the contact details of the natural person representatives of the legal entity’s clients.
Data processor:
Octonull Kft.
head office: 1133 Budapest, Árbóc utca 6.
email: [email protected]
FaboMark Kft.
head office: 1097 Budapest, Vaskapu u. 1 / E
email: [email protected]
- Data management related to the management of images, videos and audio recordings of those involved in events and employees during events
3.1 Data controller in accordance with the current Civil Code 2:48. § (1). audio, video and video of the data subject and / or the data subject only with the prior consent of the data subject and shall take the steps (e.g transmission, publication) to which the data subject has consented.
3.2 Data processing can only take place with the voluntary, explicit consent of the data subject.
3.3 The purpose of data management: to strengthen the Company’s image and brand through marketing activities, and in this connection to make and use photographs taken at events.
3.4 Legal basis for data processing: consent-based processing of personal data.
3.5 Stakeholders: participants in events, employees.
3.6 Recipient of the data managed: persons performing marketing tasks.
3.7 Data processed: sound and image of the data subject, other data that can be obtained by taking a photograph.
- Visitor data management on the Company’s website – Information cookies
application
4.1 Cookies are short data files placed by the website you visit a on the user’s computer. The purpose of the cookie is to make the given infocommunication and internet service easier and more convenient. There are many varieties, but they can generally be classified into two major groups. One is a temporary cookie that a website places on a user’s device only during a specific session (e.g., during the security authentication of an Internet bank), and the other type is a persistent cookie (e.g., a website’s language setting) that remains on the computer until the user deletes it. According to the guidelines of the European Commission, cookies [unless they are absolutely necessary for the use of the given service] may only be placed on the user’s device with the user’s permission.
4.2 In the case of cookies that do not require the user’s consent, information must be provided during the first visit to the website. It is not necessary for the full text of the cookie information to appear on the website, it is sufficient for the website operators to briefly summarize the essence of the information and to indicate the availability of the full information via a link.
4.3 In the case of cookies requiring consent, the information may be linked to the website first in the event that the data processing associated with the use of cookies already begins with a visit to the site. If the use of a cookie is related to the use of a function specifically requested by the user, the information may also be displayed in connection with the use of this function. In this case, it is not necessary for the full text of the cookie information to appear on the website, a short summary of the essence of the information and a reference to the availability of the full information leaflet will suffice.
4.4 The Cookie Information on the Website provides information on the use of cookies to visitors. With this information, the Company ensures that the visitor can find out which data management purposes the Company handles for which data management purposes, including the handling of data that cannot be directly contacted by the user, before and during the use of the information society-related services of the website.
4.5 The data processor of the Company’s website is the company itself (Costes Kft.), The stored data will not be transferred to third parties.
- Social pages / Data management on the Company’s Facebook and Instagram pages
5.1 Data Manager is available on the Facebook social portal as well as other social networking sites (TripAdvisor, Youtube, Instagram).
5.2 The use of social networking sites, in particular the Facebook and Instagram pages, and the contact, contact and other operations permitted by the Data Controller through the Data Controller are based on voluntary consent.
5.3 Purpose of data management: Sharing or promoting certain content elements, products, promotions or the website itself.
5.4 Stakeholders: Natural persons who voluntarily follow, share or like the data pages of the Data Controller, in particular the page on facebook.com and instagram.com or the content appearing on it.
5.5 The personal data published by the visitors on the Company’s Facebook and Instagram pages are not handled by the Company. Visitors are subject to the Facebook and Instagram Privacy and Terms of Service.
5.6 In the event of illegal or offensive content being published, the Company may exclude the person concerned from the membership or delete its post without prior notice.
5.7 The Company shall not be liable in violation of any law posted by Facebook users
for data contents, comments. The Company shall not be liable for any errors, malfunctions or problems arising from the operation of Facebook or Instagram.
- Table reservation appointment
6.1 The Data Controller allows the data subjects to book a table with the Data Controller in connection with its service or to agree on other issues related to the reservation by providing their data detailed below.
6.2 Data processing title: consent-based processing of personal data
6.3 Purpose of data management: to provide the data subject with a table reservation and to keep in touch.
6.4 Stakeholders: Any natural person who makes an appointment by providing their details.
6.5 Recipients of personal data: restaurant employees.
6.6 Data managed: natural person initiating the table reservation
His name,
o telephone number,
o email address
o date.
6.7 Data management process:
o The data subject may arrange an appointment for the table reservation at the telephone number and email address provided by the Data Controller.
o The Data Controller records the data revealed to the Data Controller during the reconciliation in an electronic registration system and confirms the booked date orally and / or in writing to the data subject.
o Ideally, the person concerned will appear in person at the restaurant at the time
to use the service.
o The data subject, in accordance with the purpose of the data processing, voluntarily agrees that, if he / she provides his / her contact details, the Data Controller will contact him / her to inform him / her about the possible delay or his / her possible complaint.
respond or take other action on your complaint.
6.8 Duration of storage of personal data: until the purpose is achieved.
6.9 Method of data management: electronically.
6.10 Data processor:
Sevenrooms
Head office: 228 Park Ave South, PMB 33706, New York, NY 10003
e-mail: [email protected]
phone: +45 32555048
data management: https://sevenrooms.com/en/privacy-policy/
- Data management related to the statement of consent
7.1 The data controller requests a data-based or electronic consent statement from the data subjects in order to get to know, manage and, if necessary, transmit their data.
7.2 Title of data processing: consent-based processing of personal data.
7.3 Purpose of data management: the handling of statements of consent is necessary for the demonstration of the legal basis of data management and for the fulfillment of the consent (principle of accountability), as well as for contact.
7.4 Stakeholders: any natural person who gives a statement to the Data Controller consenting to the processing of his / her data for any purpose.
7.5 Recipients of personal data: Employees of an area related to a given data management, data processor.
7.6 Data processed: Data appearing in the consent statement related to a given data processing.
7.7 Duration of storage of personal data: until revoked at the request of the data subject, until the end of a given data processing process.
7.8 Method of data management: on paper or electronically.
RIGHTS OF STAKEHOLDERS
- Right of access
You have the right to receive feedback from the controller as to whether your personal data is being processed and, if such processing is in progress, you have the right to access your personal data and the information listed in the Regulation.
- Right to rectification
You have the right, at the request of the data controller, to correct inaccurate personal data concerning him or her without undue delay. Taking into account the purpose of the data processing, you have the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement.
- Right of cancellation
You have the right, at the request of the controller, to delete personal data concerning him or her without undue delay, and the controller is obliged to delete personal data concerning you without undue delay under certain conditions.
- The right to be forgotten
If the controller has disclosed the personal data and is obliged to delete it, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that you have requested the personal data in question. deleting links or copies or duplicates of such personal data.
- Right to restrict data processing
You have the right, at the request of the data controller, to restrict the data processing if the following
one of the following conditions is met:
- You dispute the accuracy of personal data, in which case the restriction applies to the period of time that allows the data controller to verify the accuracy of the personal data;
- the data processing is illegal and you object to the deletion of the data and request it instead
restrictions on the use of
- the data controller no longer needs the personal data for the purpose of data processing, but you request them to make, enforce or protect legal claims;
- You objected to the data processing; in this case, the limitation is for that period
until it is established that the controller has legitimate grounds
take precedence over your legitimate reasons.
- The right to data portability
You have the right to have the data relating to him made available to him by a data controller receives personal data in a structured, widely used, machine-readable format and has the right to transfer such data to another data controller without being hindered by the data controller to whom the personal data has been made available.
- Right to protest
You have the right to object at any time to the processing of your personal data (…), including profiling based on the above provisions, for reasons related to your own situation.
- Protest in case of direct business acquisition
If your personal data is processed for the purpose of direct business acquisition, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, insofar as it relates to direct business acquisition. If you object to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose.
- Automated decision making in individual cases, including profiling
You have the right not to be covered by a decision based solely on automated data processing, including profiling, which would have legal effect on or similarly affect him or her. The preceding paragraph shall not apply if the decision:
- To enter into or perform a contract between you and the controller
required;
- is made by an EU or Member State law applicable to the controller
which protects your rights and freedoms and legitimate interests
also lays down appropriate measures for obsession
- Based on your express consent.
DEADLINE FOR ACTION
The controller will inform you without undue delay, but in any case within 1 month of receipt of the request, of the action taken on the above requests.
If necessary, it can be extended by 2 months. The data controller shall inform you of the extension of the deadline, indicating the reasons for the delay, within 1 month from the receipt of the request.
If the controller does not take action on your request, it will inform you without delay, but no later than one month after receipt of the request, of the reasons for the non-action and of the fact that you can lodge a complaint with a supervisory authority and have a judicial remedy.
SECURITY OF DATA PROCESSING
The controller and the processor shall take appropriate technical and organizational measures to take into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of the processing and the varying likelihood and severity of risks to the rights and freedoms of natural persons. to guarantee a level of data security commensurate with the level of risk.
POSSIBILITY TO COMPLAIN
Complaints against possible breaches of the data controller can be made to the National Data Protection and Freedom of Information Authority: National Data Protection and Freedom of Information Authority 1125 Budapest, Szilágyi Erzsébet fasor 22 / C. Mailing address: 1530 Budapest, Mailbox: 5. Phone: +36 -1-391-1400 Fax: + 36-1-391-1410 E-mail: [email protected]
During the preparation of the prospectus, we took into account the following legislation:
– Natural persons with regard to the processing of personal data
on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016
– 2011 CXII. Act – on the right to information self-determination and freedom of information (hereinafter: Infotv.)
– CVIII of 2001 Act – on certain issues of electronic commerce services and services related to the information society (especially Section 13 / A)
– XLVII of 2008 Act on the Prohibition of Unfair Commercial Practices against Consumers;
– XLVIII of 2008 Act – on the basic conditions and certain restrictions of commercial advertising (especially § 6)
– 2005 XC. Electronic Freedom of Information Act
– Act C of 2003 on Electronic Communications (specifically Section 155)
– 16/2011. s. Opinion on the EASA / IAB Recommendation on Best Practices for Behavioral Online Advertising