K
loading...

 

**GENERAL PROVISIONS**

Kristoban Photography, as the Service Provider and Data Controller, acknowledges the content of this legal notice as binding. It commits to ensuring that all data processing related to its activities complies with this regulation and the applicable national laws, as well as the requirements specified in the legal acts of the European Union.

The data protection guidelines related to the data processing of Kristoban Photography are continuously available at www.kristobanphotography.hu/privacy.

Kristoban Photography acts according to this Privacy and Data Processing Regulation and Notice regarding all data processing of natural persons (Clients) related to the services provided through its operated website at www.kristobanphotography.hu and other specified websites (hereinafter referred to as: Websites). By accessing and using the website, the Client accepts the provisions of this regulation as binding.

**PURPOSE OF THE REGULATION**

The purpose of the regulation is to define the scope of personal data processed by the Data Controller, the method of data processing, and ensure compliance with the constitutional principles of data protection and data processing, and the requirements of data security to respect the privacy of natural persons during the machine processing or handling of personal data of the data subjects.

**1. Definitions**

1.1. **Data Controller:** The natural or legal person, or entity without legal personality who alone or jointly determines the purpose of processing personal data, makes and executes decisions regarding data processing (including the tools used).

1.2. **Data Processing:** Any operation or set of operations performed on personal data, regardless of the applied procedure, including collection, recording, storage, modification, use, querying, transmission, disclosure, coordination or combination, blocking, erasure, and destruction of the data.

1.3. **Personal Data:** Any information relating to an identified or identifiable natural person – in particular, the data subject’s name, identification number, as well as one or more characteristics related to the physical, physiological, mental, economic, cultural, or social identity of that person.

1.4. **Consent:** The voluntary and explicit expression of the data subject’s will, based on appropriate information, by which they give unambiguous consent to the processing of their personal data concerning a specific operation or operations.

1.5. **Data Processing Operator:** The natural or legal person, or entity without legal personality processing data on behalf of the Data Controller based on a contract.

1.6. **Data Processor:** The natural or legal person, or entity without legal personality that processes data based on a contract, including one established by law.

1.7. **Data Subject:** Any identified or identifiable natural person based on personal data.

**2. Identification of the Data Controller**

Organization Name: Krisztián Horváth self-employed (Kristoban Photography)
Headquarters: 8360 Keszthely, Fodor Imre u. 34. 
Tax Number: 53744209-1-40
Main Activity: 7420 – Photography
Email: info@kristobanphotography.hu

**3. Authorized Persons for Data Access**

The data may be accessed by the management and employees of the Data Controller organization.

**4. Scope of Processed Personal Data**

This regulation exclusively applies to the data processing of natural persons since personal data can only be interpreted in relation to natural persons. The Websites also provide content accessible to any internet user without registration.

4.1. **Personal Data to be Provided During Registration Process:**

Registration events include:
– For studio photography, scheduling and finalizing an appointment, during which the name, phone number, and email of the Client are recorded in the electronically accessible calendar.
– For kindergarten/nursery or school photography, submission of an order form either in person (printed form) or electronically via email. The Client’s name, phone number, and email address are recorded in written and electronic form.
– Participation in online competitions/raffles, where the registrant’s personal data (name, email, phone number) and other game-related optional data (e.g., wedding date, location) are collected electronically.

4.2. **Technical Data**

Kristoban Photography selects and operates IT tools for the processing of personal data so that the processed data is:
– Accessible to authorized persons (availability),
– Protected against unauthorized access.

Kristoban Photography protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental destruction.

Kristoban Photography ensures the protection of data processing security with technical, organizational, and procedural measures appropriate to the risks arising from data processing.

Kristoban Photography maintains:
– Confidentiality: Protects information so that only those entitled have access;
– Integrity: Ensures the accuracy and completeness of information and processing methods;
– Availability: Ensures that authorized users can access the desired information when needed, and that tools related to it are available.

4.3. **Cookies**

Sure! Here is the English translation:

**4.3.1. Purpose of Cookies**

– They collect information about visitors and their devices.
– They remember visitors’ individual settings, which can be used for online transactions, so there’s no need to re-enter them.
– They facilitate the use of the website.
– They provide a quality user experience.

To personalize the service, a small data package called a cookie is placed on the user’s computer and read on subsequent visits. If the browser returns a previously saved cookie, the service provider has the opportunity to link the user’s current visit to previous ones, but only in relation to its own content.

**4.3.2. Strictly Necessary Session Cookies**

The purpose of these cookies is to allow visitors to browse the Service Provider’s websites smoothly and utilize its functions and the services available there. The validity of these types of cookies lasts until the session (browsing) is completed; upon closing the browser, these cookies are automatically deleted from the computer or the device used for browsing.

**4.3.3. Third-Party Cookies (Analytics)**

The Service Provider also uses third-party cookies, such as Google Analytics, on its website. Google Analytics collects information on how visitors use the websites for statistical purposes. The data is used to improve the website and user experience. These cookies remain on the visitor’s computer or other browsing devices until their expiration or until the visitor deletes them.

**4.4. Data Related to Online Orders and Administration**

The Service Provider may need the Client’s exact name and address for issuing e-invoices. Kristoban Photography uses the Számlázz.hu online invoicing system for electronic invoices. The data shared with the online invoicing system is subject to the privacy policy of Számlázz.hu’s current operator (currently KBOSS.hu Kft.).

**5. Legal Basis, Method, and Purpose of Data Processing**

**5.1. General Data Processing Principles**

The data processing activities of Kristoban Photography are based on voluntary consent and legal authorization. In cases of data processing based on voluntary consent, data subjects may withdraw their consent at any stage of the data processing. In certain cases, the processing, storage, and transmission of a subset of the provided data is mandated by legislation, which the Service Provider must comply with.

Kristoban Photography would like to draw the attention of data providers to the fact that if they do not provide their own personal data, it is the responsibility of the data provider to obtain the consent of the relevant data subject.

Its data processing principles are in accordance with the applicable data protection legislation, in particular with the following:

– Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.)
– Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)
– Act V of 2013 on the Civil Code (Ptk.)
– Act C of 2000 on Accounting (Számv. tv.)
– Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing (Pmt.)

**5.2. In the Case of Non-Commercial (e.g., Studio) Photography**

**5.2.1. The legal basis for data processing is the Client’s voluntary consent. The Client gives consent to the processing of the data specified above by expressly accepting this privacy policy after prior review — by checking the relevant checkbox — or by voluntarily providing the relevant data while using the Websites. Regarding marketing materials, the Client gives explicit and voluntary consent by checking the relevant checkbox for the Data Controller to send news, offers, promotional materials, and information related to the service to the email address provided by the Client.**

**5.2.2. The purpose of data processing is to provide content services related to studio, wedding, and other non-commercial photography (e.g., kindergarten photography) and to provide related information. The Data Controller stores the data provided by the Client for specific purposes. By finalizing the appointment, signing the privacy notice, and the contract, the Client consents to the handling of their personal data for the following purposes: newsletter, service-related information.**

**5.2.3. The method of using email addresses (e-mail addresses) provided during registration by the Data Controller is as follows: the management of email addresses serves the purposes of client identification, communication during service delivery, and sending offers related to the content of the services provided by the organization to the client. The Data Controller provides information regarding the services it offers electronically via email to the client.**

5.2.4. The Client can unsubscribe from the newsletter at any time, free of charge and without justification. The Client can unsubscribe via an email sent to the Data Controller. In this case, the Data Controller will immediately delete the Client’s data from its records.

5.2.5. The purpose of the use of the phone number provided by the Client by the Data Controller is as follows: to serve as a contact method during the process.

5.2.6. The Client’s data (email address and phone number) are processed using computer data processing equipment, and email addresses recorded on paper are stored at the organization’s premises.

5.2.7. In order to extract independent visitor traffic and other web analytics data from the Websites, the Data Controller uses Google Analytics software; therefore, Google Inc.’s privacy policy is accessible at https://google.com/intl/h_All/policies/privacy. The user of the Websites acknowledges that by using the website, they consent to the data processing by Google Inc.

5.2.8. During content service provision, the Data Controller may use Google AdWords services; therefore, Google Inc.’s privacy policy regarding these data is available at https://google.com/intl/h_All/policies/privacy. The Client acknowledges that they consent to data processing by Google Inc. taking into account the marketing preferences specified by the Client.

5.2.9. The Data Controller may not use the provided personal data for purposes other than those described in these points. Disclosure of personal data to third parties or authorities is only possible with the user’s prior, explicit consent, unless otherwise provided by compelling law.

5.2.10. The Data Controller does not verify the personal data provided to it. The person providing the data is solely responsible for the accuracy of the provided data. By providing any email address, the Client assumes responsibility for using the service exclusively from the specified email address. Therefore, all responsibility related to access using the provided email address lies solely with the user who registered the email.

5.3. Physical storage locations of data

Personal data (i.e., data that can be associated with the Client) may come into our possession as follows: firstly, technical data related to the computer, browser program, Internet address used by the Client, and visited pages are automatically generated in our computer system in connection with maintaining the internet connection; secondly, the Client may also provide their name, contact details, or other information if they wish to establish a personal connection with us during the website’s use.

Storage of paper-based contracts takes place at the premises of Kristoban Photography, and they are destroyed using a document shredder within a maximum of 5 years following the conclusion of the contract.

6. Duration of data processing

6.1. Processing of data provided by the Client begins with scheduling an appointment, placing an order, or entering into a contract and continues until its deletion. The maximum storage duration of data is 5 years. The Client can initiate the modification or deletion of provided data via email without justification.

6.2. The above provisions do not affect the fulfillment of retention obligations defined by law (e.g., accounting laws).

7. Persons authorized to access data

7.1. The data are primarily accessible to the Data Controller and its internal employees; however, they are not published or transferred to third parties.

7.2. In the course of operating the underlying IT system, fulfilling orders, and settling accounts, the Data Controller may use a data processor (e.g., system operator, accountant). The Data Controller is not responsible for the data processing practices of such external actors.

7.3. Beyond the above, personal data relating to the Client can only be transmitted in cases mandatorily defined by law or with the Client’s consent.

8. Data subject rights and enforcement options

The Client may request information about the processing of their personal data and request correction or – except for mandatory data processing – deletion, revocation, or exercise their right to data portability and objection in the manner indicated at the data collection or through the contact details provided above.

8.1. Right to information

The Client has the right to request information at any time about personal data processed by the Data Controller relevant to them, and may modify them at any time. Additionally, the Client is entitled to request the deletion of their data via the contact details provided in point 2.

**8.2. Right of Access by the Data Subject**

The data subject is entitled to receive confirmation from the Data Controller as to whether personal data concerning them are being processed, and, if such processing is taking place, they have the right to access the personal data and the following information: the purposes of processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organizations; the envisaged period for which the personal data will be stored; the existence of the right to request rectification, erasure, or restriction of personal data processing and to object to such processing; the right to lodge a complaint with a supervisory authority; information on the data sources; whether automated decision-making, including profiling, is involved, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. The Data Controller shall provide the information within one month of receiving the request.

The Client may contact the Data Controller’s staff with any questions or comments related to data processing at the contact details below.

Mailing Address: 8315 Gyenesdiás Nyírfa u. 18.

Email: info@kristobanphotography.hu

**8.3. Right to Rectification**

The Client is entitled to request at any time the correction or deletion of inaccurately recorded data. The Data Controller will delete the data within 3 working days from the receipt of the request, and it will not be possible to restore them. The deletion does not apply to data processing necessary by law (e.g., accounting regulations) that the Provider retains for the necessary period.

**8.4. Right to Erasure**

The Client has the right to have personal data relating to them deleted without undue delay by Kristoban Photography if one of the following grounds applies:

– Personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
– The data subject withdraws consent on which the processing is based, and there is no other legal basis for the processing,
– The data subject objects to the processing and there are no overriding legitimate grounds for the processing,
– The personal data have been unlawfully processed,
– The personal data must be erased for compliance with a legal obligation under Union or Member State law to which the Data Controller is subject,
– The personal data have been collected in relation to the offer of information society services.

**8.5. Right to Restriction of Processing**

At the request of the Client, Kristoban Photography shall restrict the processing if one of the following applies:

– The data subject contests the accuracy of the personal data, for a period enabling the verification of the personal data’s accuracy,
– The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,
– The Data Controller no longer needs the personal data for processing purposes, but they are required by the data subject for the establishment, exercise, or defence of legal claims,
– The data subject has objected to processing pending the verification of whether the Data Controller’s legitimate grounds override those of the data subject.

If processing has been restricted, such personal data shall, except for storage, only be processed with the data subject’s consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

**8.6. Right to Data Portability**

The Client has the right to receive personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, machine-readable format, and has the right to transmit those data to another Data Controller.

**8.7. Right to Object**

The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them that is based on public interest or the exercise of official authority vested in the Data Controller, or processing based on legitimate interests pursued by the Data Controller or a third party, including profiling based on those provisions. The Data Controller will no longer process the personal data unless they can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of legal claims.

**8.8. Right to Court and Data Protection Authority Proceedings**

If their rights have been violated, the Client may bring a court action against the Data Controller.

Complaints can be filed with the National Authority for Data Protection and Freedom of Information:

Name: National Authority for Data Protection and Freedom of Information

Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.

Mailing Address: 1530 Budapest, Pf.5.

**9. Other Provisions**

9.1. The Service Provider’s system may collect data about user activity, which cannot be linked to other data provided by users at registration or to data generated during the use of other websites or services.

9.2. In any case where the Service Provider intends to use the provided data for a purpose other than the original data collection purpose, the user will be informed, and their prior explicit consent will be obtained. Additionally, the user will be given the opportunity to refuse such usage.

9.3. The Service Provider commits to ensuring data security and takes all necessary technical measures to protect the data collected, stored, and processed, and to prevent their destruction, unauthorized use, or unauthorized alteration.

9.4. The Service Provider reserves the right to unilaterally modify this Policy with prior notice to the Clients. Following the entry into force of the modification, the Client implicitly accepts the terms of the amended Policy by continuing to use the service.

DATA CONTROLLER DECLARATION

The Data Controller acknowledges the content of this policy as binding and commits to ensuring data processing related to its services complies with the provisions set forth in this policy.