Related to the website at www.khibu.hu
Kornél Csiszár, as the owner of the website www.khibu.hu, acts as the data controller with regard to the personal data processing related to the website. When you visit the website, your personal data will be processed by means of short text files, so-called cookies, related to the operation of the website, and in other cases (e.g. contacting us) depending on your activities on the website. In connection with the processing of your personal data, we provide you with the following information:
1. Who are we?
1.1. Hiker Solutions Kft. (hereinafter referred to as the “Data Controller”)
Company registration number: 01-09-401675
Registered office: 1107 Budapest, Kékvirág utca 14. II. emelet 8.
Tax number: 27874972-2-42.
Community VAT number: HU27874972.
Our e-mail address: info@khibu.hu
Our phone number: 06 70 397 1803
Our website: https://www.khibu.hu
The Data Controller is not obliged to appoint a DPO under Article 37 of the GDPR and therefore the Data Controller does not employ a DPO.
Name, address and contact details of the hosting provider of the Data Controller: DotRoll Kft. 1148 Budapest, Fogarasi út 3-5.
2.2 The Data Controller, in order to provide our customers with a high quality service, uses the following data processors for the processing of data:
NAME | ADDRESS | ACTIVITIES |
DotRoll Kft. | 1148 Budapest Fogarasi út 3-5. | hosting service |
Khibuhiker | 1107 Budapest, Kékvirág utca 14., II. emelet 8. | database maintenance and processing, making reports |
Where we change the scope of our data processors, we will reflect the changes in this notice.
2. What principles do we follow in our data management?
The Data Controller follows the following principles in its data processing:
- we process your personal data lawfully and fairly and in a transparent manner for you;
- we collect personal data only for specified, explicit and legitimate purposes and do not process it in a way incompatible with those purposes;
- the personal data we collect and process is adequate, relevant and limited to what is necessary for the purposes for which it is processed;
- we will take all reasonable steps to ensure that the personal data we process is accurate and, where necessary, kept up to date, and we will promptly delete or rectify inaccurate personal data.
- we store your personal data in a form which permits identification for no longer than is necessary for the purposes for which the personal data are processed.
- we ensure adequate security of your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage by applying appropriate technical and organisational measures.
With regard to your personal data
- on the basis of your prior informed and voluntary consent and only to the extent necessary and in any event for the purposes for which it is collected, recorded, processed, stored and used.
- in some cases, the processing of your data is based on legal requirements and is mandatory, in which case we will draw your attention to this fact.
- What kind of data do we process?
Activity description and purpose of the processing | Legal basis | Data processed | Duration | Registration number |
Website visitsThe purpose is to ensure the proper and high quality operation of the website, to monitor and improve the quality of our services, to identify malicious visitors who attack our website, to measure the number of visits, for statistical purposes | Legitimate interest of the Controller (Article 6(1)(f) GDPR) | your IP address the time of your visit and the pages you visited, the operating system and browser type you use | ||
Administration, receiving and responding to complaints | fulfil our legal obligations (Article 6(1)(c) GDPR) | – full name- e-mail address- telephone number – mailing address- other personal message | 5 years |
When the website is viewed, the start and end times of the user’s visit are automatically recorded, and in some cases, depending on the user’s computer settings, the browser and operating system type and IP address. This data is automatically used to generate statistical data. The data are not linked to personal data.
When you log in, the website sends you a session ID, which is an identifier that identifies your computer, and also places short text or numeric identifier files (cookies) on your computer when you browse the website. Please note that neither the session ID nor any other cookies used are suitable for identification by the Data Controller, as they do not identify the user (i.e. the person visiting the website), but the browser program and device used.
3. What are cookies and how do we handle them?
3.1. What are cookies?
Cookies are small data files (hereinafter “cookies”) that are transferred to your computer through the use of the website by your website by being saved and stored by your internet browser. Most commonly used internet browsers (Chrome, Firefox, etc.) accept and allow the download and use of cookies by default, but it is up to you to modify your browser settings to refuse or block them, or to delete cookies already stored on your computer. For more information on the use of cookies, please see the “help” section of each browser.
We use two types of cookies during the operation of the website – temporary (or session) cookies and persistent cookies that are stored for a longer period of time. Both temporary cookies and cookies that are stored for a longer period of time are used to identify a particular browser and thus a particular computing device (e.g. desktop computer, laptop). The data processed in this process are therefore the cookies used for identification purposes and the activity on the website related to the identifier (e.g. time of opening, leaving/closing the website, actions performed on the website, website accessed from there).
The legal basis for processing is your consent, which you can give by clicking on the “I accept” button in the highlighted text bar on the website. By clicking on the “I accept” button, you also consent to the use by the Data Controller of third-party service providers (e.g. Google, Facebook) of third-party codes necessary for the collection of the data and information indicated in this notice in connection with the website and also consent to the processing of your personal data in this way.
The Data Controller does not use or allow cookies that allow third parties to collect data without your consent.
Acceptance of cookies is not mandatory, but the Data Controller is not responsible if our website does not function as expected without cookies being enabled.
3.2. What cookies do we use?
Type | Contribution | Description | Target | Validity |
Session ID | not required | the cookie contains the session ID | is essential for the visitor to be able to use various functions, such as remembering previous actions, text entered | deleted when the browser is closed at the end of the session |
cookies for statistical purposes | requires | through the collection of visitor information, the Data Controller mainly obtains information on the number of visitors to its website and the time spent on the website. The program recognises the IP address of the visitor and can therefore track whether the visitor is a returning or new visitor. | better understand website usage patterns and analyse information to help improve and develop website services | 30 days |
If you disable (delete) the cookies in the browser program you use, the processing of data through them will continue until that time. Most often, you can delete cookies from your own computer in the settings of your browser program, and you can also disable their use here.
3.3. Third party cookies
Our website uses third-party code from Google, as a third-party service provider, which also contains cookies. Please note that Google may store both anonymous data (for statistical purposes) about your visit to the site and data about your browser settings and activity on the site (e.g. what content you have viewed on the site, when you viewed it). These codes are not used by Google or the website operator to identify you personally, as they do not contain any personal data about the visitor, but only identify the browser software you are using.
For more information about cookies set by Google, please visit: https://policies.google.com/technologies/types
The website is hosted by the codes of the following external service providers: Google LLC. and Facebook Inc.
You have the right to disable or personalise the functionality of cookies used by Google. For more detailed information about Google’s processing of your data, please visit https://www.google.hu/intl/hu_hu/policies/privacy.
You have the right to disable or restrict the functionality of the cookies used by Facebook on your device. For more detailed information about Facebook’s data processing, please visit https://www.facebook.com/policies/cookies/.
You also have the right at any time to generally disable the use of cookies in your browser, in which case access to certain services available through the website and the uninterrupted use of certain functions may be restricted. You can most often delete cookies from your own computer in the settings of your browser programs, and you can also disable their use here.
The following company acts as an external service provider for the cookies used by Google:
- company name: Google LLC.
- address:1600 Amphitheatre Parkway Mountain View, CA 94043 United States
- contact, tel.: 1-650-253-0000
Google LLC. is a registered member of the Privacy Shield Agreement between the United States of America and the Commission of the European Union, so any transfer of data to Google LLC. is presumed to be subject to a level of protection equivalent to that of the EU, and is therefore not subject to any additional conditions.
The Data Controller does not transfer data outside the European Union in connection with the operation of the website. In connection with the use of cookies by Google, as an external service provider, the data referred to above may be transferred to Google’s servers (possibly overseas), but Google LLC, as a result of the Privacy Shield Agreement, is presumed to have a level of protection equivalent to that of the EU, and therefore no further conditions are attached to the transfer.
4. What else do you need to know about our data management on our website?
Your personal data are provided voluntarily by you in your dealings with the Data Controller, and we therefore ask you to gradually ensure their truthfulness, accuracy and correctness when providing us with your data, for which you are responsible. Incorrect, inaccurate or incomplete data may prevent you from using our services.
If you do not provide your own personal data but that of another person, we will assume that you have the necessary authorisation to do so.
You may withdraw your consent to data processing at any time, free of charge.
For technical reasons, we will register the withdrawal of consent within 3 working days, but please note that we may process certain data after the withdrawal of consent in order to comply with a legal obligation or to pursue our legitimate interests.
In the event of the use of misleading personal data, we will delete your personal data without delay or, if necessary, retain it for the duration of the civil liability assessment or criminal proceedings.
5. Other data management issues
We may only transfer your data within the limits set by law and, in the case of our data processors, we ensure that they cannot use your personal data for purposes that are not in accordance with your consent by setting contractual conditions. For more information, see Section II.
The court, the prosecutor’s office and other authorities (e.g. police, tax office, National Authority for Data Protection and Freedom of Information) may contact the Data Controller in order to provide information, data or documents. In such cases, we are obliged to fulfil our obligation to provide the data to the extent strictly necessary to achieve the purpose of the request.
The data controller’s agents and employees involved in the processing of your personal data are entitled to access your personal data to the extent specified in advance, subject to confidentiality obligations.
The Data Controller takes great care to ensure that your data is adequately protected physically and by information technology when developing the technical and procedural rules for data processing operations. We will take appropriate technical and other measures to protect your personal data and to ensure its security, availability and protection against unauthorised access, alteration, damage or disclosure and any other unauthorised use. The Data Controller shall also ensure that the processed data are accessible only to those authorised to have access to them and that the authenticity and integrity of the processed data are ensured, and the Data Controller shall choose the means and measures used for processing accordingly.
As part of our organisational measures, we control physical access to personal data in our buildings, provide continuous training to our employees and keep paper documents locked away with appropriate protection. Technical measures include encryption, password protection and anti-virus software. The measures used are primarily aimed at preventing and preventing unauthorised access to the data processed, unauthorised alteration, transmission, disclosure, deletion or damage to the data.
Please note, however, that the transmission of data over the Internet cannot be considered a fully secure transmission of data, but we do maintain strict standards for the security of your data and the prevention of unlawful access to data received by the Data Controller.
If you have any questions about data processing, you can request further information by e-mail at info@khibu.hu or by post at 1107 Budapest, Kékvirág utca 14, 2. emelet 8., and we will send you a reply without delay, within 15 days, to the contact details you have provided.
What are your rights and options for legal redress?
In relation to data processing, you have the right to.
- to receive adequate and transparent information, including feedback on whether your personal data are being processed;
- to request the rectification, modification or integration of personal data that we process,
- request the deletion of your personal data processed where the processing is based solely on your consent;
- request the restriction of the processing of your personal data;
- object to the processing of their personal data or withdraw their consent at any time;
- to receive the personal data concerning you that you have provided to the Controller in a structured, commonly used, machine-readable format, and to transmit such data to another controller. You have this right where the processing is based on consent or a contract and is carried out by automated means. The exercise of this right must not adversely affect the rights and freedoms of others.
- have a right of appeal to a court,
- contact the supervisory authority in case of allegedly harmful processing (https://naih.hu/panaszuegyintezes-rendje.html).
Supervisory Authority: National Authority for Data Protection and Freedom of Information
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Postal address: 1530 Budapest, Pf.: 5.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: https://naih.hu/
At your request, within the shortest possible time from the date of your request, but no longer than 8 days, we will provide you with information about the personal data we process about you or that we or our data processors process.
- about your data,
- their source,
- the purposes and legal basis of the processing,
- and, if this is not possible, the criteria for determining this period,
- the names and addresses of our data processors and their data processing activities,
- the circumstances and effects of data breaches and the measures we have taken to respond to and prevent them; and
- the legal basis and recipient of the transfer of your personal data.
The information is free of charge unless you have already submitted a request for information on the same data in the current year. We will reimburse you for any charges you have already paid if we have processed the data unlawfully or if the request for information has led to a correction. We may only refuse to provide information in cases provided for by law, by indicating the legal position and by informing you of the possibility of judicial remedy or of recourse to the National Authority for Data Protection and Freedom of Information.
Our Company will notify you and all those to whom it has previously disclosed the data for processing purposes of the rectification, blocking, marking and erasure of personal data, unless the non-notification is not in your legitimate interest.
If we do not comply with your request for rectification, blocking or erasure, we will inform you in writing or, with your consent, by electronic means within 15 days of receipt of the request, of the reasons for our refusal and inform you of the possibility of judicial remedy and of recourse to the National Authority for Data Protection and Freedom of Information.
If you object to the processing of your personal data, we will consider your objection as soon as possible, but no later than 15 days after the request is made, and we will inform you in writing of our decision. If we have decided that your objection is justified, we will stop the processing, including further collection and transfer, and block the data, and notify the objection and any action taken in response to it to all those to whom we have previously disclosed the personal data to which the objection relates and who are obliged to take steps to exercise the right to object.
We will refuse to comply with a request if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. If you do not agree with our decision or if we fail to comply with the time limit, you have 30 days from the date of notification of the decision or the last day of the time limit to take legal action.
Data protection litigation falls within the jurisdiction of the courts, which may, at the choice of the data subject, be brought before the courts for the place of residence or domicile of the data subject, if the Data Controller is considered to be processing personal data in breach of the law or of provisions of a binding legal act of the European Union. A foreign national may also lodge a complaint with the supervisory authority of his or her place of residence.
Please contact the Data Controller before lodging a complaint with a supervisory authority or a court, in order to discuss and resolve the problem as quickly as possible.
What is the main legislation governing our activities?
- Regulation (EU) 2016/679 of the European Parliament and of the Council on the processing of personal data of natural persons (GDPR)
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Info tv.)
- Act V of 2013 on the Civil Code (Civil Code Act)
- Act CVIII of 2001 on certain aspects of electronic commerce services and information society services – (Eker tv.)
- Act C of 2003 on electronic communications – (Ehtv)
- Act CLV of 1997 on Consumer Protection (Consumer Protection Act)
- Act CLXV of 2013 on complaints and notifications of public interest (Pktv.)
- Act No VI of 1998 on the Protection of Individuals with regard to Automatic Processing of Personal Data, ratifying the Convention done at Strasbourg on 28 January 1981.
5. Amendments to the Privacy Notice
Our Company reserves the right to modify this Privacy Notice and will inform the data subjects accordingly. Information on data processing will be published on the website www.khibu.hu/adatvedelmi-tajekoztato.
Date
5 June, 2022