Data protection and data management regulations of Vogue Wave Kft.

I. Purpose of the Regulations

The purpose of these Regulations is to set the data protection and ¬management principles applied by Vogue Wave Kft.. (Hereinafter: the Company) and the Company's data protection and ¬ management policy, which the Company acknowledges as binding. In developing these rules, the provisions of Act CXII of 2011. Act CXIX of 1995 on the right to Informational Self-determination and Freedom of Information ("Infotv."), Act VI of 1998 on the processing of name and telephone number data for the purpose of research and direct business acquisition; Act XLVIII of 28 January 1981 promulgating the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, 28 January 1981; Act on the Basic Conditions and Certain Restrictions of Commercial Advertising and the recommendations of the "ONLINE PRIVACY ALLIANCE" were taken into account by the Company.

The purpose of these Regulations is to ensure that in all areas of services provided by the Company, all individuals, regardless of nationality or place of residence, ensure that their rights and fundamental freedoms, in particular the right to privacy, are respected in the processing of personal data (data protection).

The Company's data protection registration ID: NAIH-83702/2015.
II. Definitions
 
Personal data or data: data connected to a specific natural person (hereinafter: data subject), a conclusion that can be drawn from the data about the data subject. Personal data retains this quality during data processing as long as its connection with the data subject can be restored;
Data set: the totality of the data managed in one record;
Data management: any operation or set of operations on personal data, regardless of the procedure used, in particular the collection, recording, recording, systematisation, storage, alteration, use, consultation, transmission, disclosure, coordination or linking, blocking, deletion of personal data and destruction and to prevent further use of the data;
Data controller: the data management can be performed by the following companies on the basis of a separate contract, with their own technical equipment: Vogue Wave Kft. (Address: 1137, Budapest, Carl Lutz rakpart XIII/19., tax number: 13211420-2-41)
Data processing: the performance of data management operations, technical tasks, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
Data destruction: the complete physical destruction of the data carrier;
Data transfer: when the data is made available to a specific third party;
Disclosure: if the data is made available to anyone;
Data processor: a natural or legal person or an organization without legal personality who processes personal data on behalf of the data controller;
Data erasure: making data unrecognizable in such a way that it is not possible to recover it;
Automated data file: a series of data to be processed automatically;
Machine processing: includes the following operations when carried out in part or in full by automated means: storage of data, logical or arithmetic operations on data, alteration, deletion, retrieval and distribution of data.
System: a set of technical solutions that operate the pages and services of Data Controllers and their partners available via the Internet.
User: a natural person who registers for the use of inda services and in the framework of which provides the following III. listed in point.
III. Scope of personal data processed
 
3.1 During the Data Management, based on the User's decision, the Company manages the following data: primary email address, secondary email address.
3.2 Based on the User's decision, the Company may manage the following data in connection with the use of Vogue Wave Kft.’s Services: name, nickname, place of residence, place of residence, postal code, place of birth, date of birth, telephone number.
3.3 If the User, at his / her own discretion, connects his / her Facebook account with the account of Vogue Wave Kft., The Company may manage the following data of the user: Facebook name, Facebook email address, Facebook profile picture, Facebook gender, Facebook friends list.
IV. Scope of additional data managed by the Company
 
4.1 The Company places a small data package (so-called "cookie") on the User's computer in order to provide customized service. The purpose of the cookie is to ensure the highest possible level of performance of the given page in order to increase the user experience. The User can delete the cookie from his / her own computer or set his / her browser to disable the use of cookies. By disabling the use of cookies, the User acknowledges that without a cookie the operation of the given page is not complete.
4.2 Data to be technically recorded during the operation of the systems: the data of the User's login computer, which is generated during the use of the service and which is recorded by the Data Management System as an automatic result of the technical processes. The data that is automatically recorded is automatically logged at the time of entry or exit without any separate statement or action by the User. Only the Data Controller has access to the data.
V. Legal basis, purpose and method of Data Management
 
5.1 The Data Management takes place on the basis of a voluntary statement of the Company's Users based on appropriate information, which statement contains the Users' express consent to the use of their personal data provided during the use of the site and the personal data generated about them. The legal basis of the Data Management is the Infotv. Section 5 (1) (a) the voluntary contribution of the data subject.
5.2 The purpose of managing the automatically recorded data is to ensure the provision of services available through the Company's websites, the display of personalized content and advertisements, the production of statistics, the technical development of the IT system, and the protection of users' rights. The data made available by the Users during the use of the service may be used by the Company to form user groups and to display targeted content and / or advertisements to the user groups on the Company's websites.
5.3 The Data Controller may not use the provided personal data for purposes other than those described in these sections. The transfer of data between the Data Controllers specified in these Regulations may be performed without the separate consent of the User. Disclosure of personal data to third parties or authorities, ¬ unless otherwise required by law - only by official decision or with the prior express consent of the User.
5.4 The data controller does not check the personal data provided to him. The person who provided the data is solely responsible for the accuracy of the information provided.
5.5 When providing the email address of any User, he / she is also responsible for ensuring that he / she only uses the service from the provided email address. In view of this liability, all liability in connection with logins to a given email address rests solely with the User who registered the email address.

 
VI. Principles of data management
 
6.1 Data may only be obtained and processed fairly and lawfully.
6.2 Data may only be stored for specified and lawful purposes and may not be used otherwise.
6.3 The data must be proportionate to the purpose for which they are stored and must comply with that purpose and must not go beyond that purpose.
6.4 Appropriate security measures shall be taken to protect personal data stored in automated data files against accidental or unlawful destruction or accidental loss, and against unauthorized access, alteration or dissemination.
 
VII. Privacy Policy Applied by the Company
 
7.1 The personal data necessary for the use of the Company's services shall be used by the Company with the consent of the data subjects and only for the intended purpose.
7.2 The Company, as the Data Controller, undertakes to transfer the data in its possession to the Infotv. and in accordance with the data protection principles set out in these Regulations, and shall not transfer them to third parties other than the Data Controllers specified in these Regulations.
An exception to the provision contained in this section is the use of data in a statistically aggregated form, which may not contain the name of the relevant User or other data suitable for identification in any form, thus it does not qualify as Data Management or Data Transfer.
7.3 The Company may, in certain cases - cause a violation of the Company's interests, endanger the provision of its services, etc. due to a formal court or police request, legal proceedings for copyright, property or other violations or a reasonable suspicion thereof. - make the available data of the relevant User available to third parties.
7.4 The Company's system may collect data on the activity of the Users, which cannot be linked to other data provided by the Users during registration, or to data generated when using other websites or services.
7.5 The User must be informed about the purpose of the Data Management and the person who will handle and process the data. The information on the Data Management is also provided by the fact that legislation provides for the recording of data on the already existing Data Management by means of transmission or interconnection.
7.6 In all cases where the Company intends to use the provided data for a purpose other than the purpose of the original data collection, it shall inform the User thereof and obtain its prior, express consent, or provide him / her with an opportunity to prohibit the use.
7.7 The Company, as the Data Controller, observes the restrictions set by law in all cases during the recording, recording and management of the data.
7.8 The Company undertakes to ensure the security of the data, to take the technical and organizational measures and to establish the procedural rules that ensure that the recorded, stored and managed data are protected, and to prevent their destruction and unauthorized use. and unauthorized alteration. It also undertakes to call on any third party to whom the data may be transmitted or transferred to fulfill its obligations in this regard.
7.9 The Data Controller shall block the Personal Data if the data subject so requests or if, on the basis of the information available to him or her, it can be assumed that the deletion would harm the data subject's legitimate interests. Personal Data blocked in this way may only be processed for as long as the purpose of the data processing, which precluded the deletion of personal data, exists.
7.10 The rectification, blocking or the deletion must be notified to the User concerned, as well as to all those to whom the data has previously been transferred for the purpose of Data Management. The notification may be omitted if it does not infringe the legitimate interest of the data subject with regard to the purpose of the Data Management.
 
VIII. Duration of Data Management
 
8.1 The processing of the Personal Data provided by the User will continue until the User subscribes to the service with the given user name and at the same time requests the deletion of the data. The date of cancellation is 10 working days from the receipt of the User's cancellation request. In this case, the data will be deleted at all Data Controllers specified in these Regulations.
In case of illegal, misleading Personal Data or in case of a crime or attack on the system committed by the User, the Data Controller is entitled to delete his data immediately at the same time as the User's registration, but also too.
8.2 The Personal Data provided by the User - even if the User does not unsubscribe from the service or by canceling his registration only terminates the possibility of access, the comments and uploaded contents stored in them remain - can be managed by the Company as Data Controller until the User does not expressly request in writing that they be discontinued. The User's request to terminate the Data Management without unsubscribing from the service does not affect his right to use the service, however, he may not be able to use certain services due to the lack of Personal Data. The data will be deleted within 10 working days of receiving the request.
8.3 Data that is automatically and technically recorded during the operation of the system shall be stored in the system for a period of time justified from the point of view of ensuring the operation of the system. The Company ensures that this automatically recorded data cannot be linked to other personal user data, except in cases required by law. If the User has terminated his / her consent to the processing of his / her Personal Data or has unsubscribed from the service, his / her identity - excluding the investigating authorities and their experts - will not be identifiable thereafter.
 
IX. Having personal information
 
9.1 Changes in personal data can be set or modified in the settings of the unified access system of the Inda services and on the profile pages belonging to each service. It is also possible to delete Personal Data here
9.2 The Company's newsletters can be canceled via the unsubscribe link.
9.3 Once the request to delete or modify personal data has been fulfilled, the previous (deleted) data can no longer be restored.
9.4 Users may request information on the handling of their personal data from the Company, as the Data Controller, at any time in writing, by registered mail to the Data Controller's address or by registered letter with return receipt, or by e-mail to the e-mail address. A request for information sent by letter is considered authentic by the Company if the User can be clearly identified on the basis of the sent request. A request for information sent by e-mail is considered authentic by the Data Controller only if it is sent from the User's registered email address. The request for information may cover the User's data managed by the Data Controller, their source, the purpose, legal basis, duration of the Data Management, the names and addresses of any Data Processors, activities related to the Data Management and, if and for what purpose User Information.
9.5 The Data Controller is obliged to answer the question related to the Data Management within 15 working days from the receipt. In the case of email, the date of receipt shall be the first working day following dispatch.
 
X. Data processing
 
10.1 The Company does not use a separate external data processor.
Data controller: data management can be performed by the following companies on the basis of a separate contract, with their own technical equipment:
Vogue Wave Kft. (Address: 1137, Budapest, Carl Lutz quay XIII/19., tax number: 13211420-2-41)
 
XI. External service providers
 
11.1 During the use of certain services of the Company, it may also cooperate with external service providers that facilitate registration and entry. (e.g., Facebook Inc., Google Inc., "External Service Provider") The third-party service providers' own privacy policies apply to the data provided there in External Service Provider's systems.
11.2 With regard to the content made available within the framework of each service and shared on various social networking sites, the External Service Provider enabling the sharing of the content qualifies as the controller of the Personal Data, its activities are governed by its own terms of use and data protection regulations. Examples of such external intermediary services are: Facebook, Google, Pinterest, Tumblr, Twitter.
11.3 The Company may transfer certain data provided by the User to an External Service Provider in connection with the operation of the service, however, the External Service Provider may use the transferred data only for the purpose specified in these Regulations.

 
XII. Possibility of data transfer
 
12.1 The Company, as the Data Controller, is entitled and obliged to transfer all Personal Data at its disposal and duly stored by it to the competent authorities, the transmission of which is obliged by law or a final official obligation. The Data Controller cannot be held liable for such Data Transfer and the consequences thereof.
12.2 If the Company transfers the operation or utilization of the content service and hosting service on its pages to a third party in whole or in part, it may transfer the data managed by it to such third party for further processing without requesting special consent. This Data Transfer may not place the User in a more unfavorable position than the data management rules specified in the text of these Regulations in force at any time.
12.3 The Company keeps a data transfer register in order to check the legality of the Data Transfer and to inform the data subject.

 
XIII. Amendments to the Privacy Policy
 
13.1 The Company reserves the right to amend these Data Management Regulations at any time by a unilateral decision.
13.2 By the next login, the User accepts the provisions of the Data Management Regulations in force at any time, in addition, it is not necessary to seek the consent of each User.
604/5000

 
XIV. Possibility of enforcement
 
14.1 Pursuant to the Infotv and Act V of 2013 (Ptk.), The User may exercise his / her rights in court, and may also request the assistance of the National Data Protection and Freedom of Information Authority in any matter related to Personal Data (1125 Budapest Szilágyi Erzsébet fasor 22 / C; postal address: 1530 Budapest, Pf. 5.)
14.2 The staff of the Data Controller can also be contacted at the provided e-mail address with any questions or remarks related to data management. The address is reservation@restaurantvogue.hu

 
This Privacy Policy entered into force on 01/03/2021.