Privacy Policy

1 Purpose of the Privacy Policy
The purpose of this document is to describe the data protection rules, procedures and safeguards applicable to personal data used and operated by Flying Objects Design Stúdió Kft. as the data controller (hereinafter referred to as the "Controller").
The Data Controller shall also inform its customers, partners and all natural and legal persons who have any kind of relationship with the Data Controller, from a legal point of view, and who are affected by the processing of personal data, of the rules for the processing of personal data processed by the Data Controller, of the protection measures applied, of the procedures and of the way in which the data are processed.
The Data Controller considers itself legally bound by the rules, provisions and obligations described in this Privacy Notice and applies them in its operations and declares that the data protection rules and procedures described and applied in this document comply with the applicable national and European Union data protection legislation. The Data Controller further declares that it attaches importance to the right to informational self-determination, in particular with regard to personal data, and that it will take all available organisational, operational, regulatory and technological measures within its sphere of influence to respect and enforce these rights.
The current version of the Privacy Notice is available at www.flyingobjects.hu. The Privacy Notice may be modified by the Data Controller at any time, subject to the obligation to publish it and to inform the Data Subjects.


2 Data of the Data Controller


2.1 Company data of the Data Controller
Name: Flying Objects Design Stúdió Kft.
Registered office. 3.
Tax number: 24296270-2-43
Company registration number: 01-09-340517

Central telephone number: +36 20 9660930
Central e-mail: info@flyingobjects.hu


2.2 Contact details of the Data Controller
For data protection matters, the Data Controller can be contacted at the following contact details:
tel: +36 20 9660930 e-mail: info@flyingobjects.hu
The Data Controller shall keep the data protection requests (e-mails) received by it for the period specified in Section 3.7. After this period, they will be irrevocably deleted.

2.3 Data Controller's Data Protection Officer
Name: Andras Hunfalvi, Managing Director
Phone number: +36 20 9660930
Email address: info@flyingobjects.hu

3 Data Processes of the Data Controller and the personal data processed

3.1 Personal data to be provided during registration
There is no registration on our website

3.2 Contact details
When contacting us online, e.g. by e-mail, please provide the following details:
name, contact telephone number and e-mail address.
When contacting us by telephone, please provide the following information:
name, contact telephone number and e-mail address.
The legal basis for processing is the personal consent of the data subject.
The purpose of the processing is to contact users of the website www.flyingobjects.hu via the website, to provide the services necessary for the use of the website, to provide the services and to document the adequacy of the services.
Failure to provide data will not allow the contact to be maintained.
Personal data provided during registration and online administration will be processed until the administration is completed.
In the case of non-mandatory data, the processing lasts from the moment the data is provided until the deletion of the data in question.
The above provisions do not affect the mandatory retention of data generated in the course of processing billing data for 8 years, as defined in Article 169 (2) of Act C of 2000 on Accounting, and the processing of data based on additional consents given during registration on the website or otherwise.
The Controller shall erase personal data if
the processing is unlawful,
the Data Subject requests it, except as provided for in the previous point,
the purpose of the processing has ceased,
the statutory period for storing the data has expired, or
the erasure of personal data has been ordered by a court or the data protection authority.

3.3 Browser Cookie - Cookie

3.3.1 What cookies are for
An HTTP cookie is a small data packet that is created by the server containing the visited website during the Internet browsing process, using the client's web browser, on the first visit, if enabled in the browser. Cookies are stored on the user's computer in a predefined location, which varies according to the browser type. On subsequent visits, the browser sends the stored cookie back to the web server, together with various information about the client. Cookies allow the server to identify the user, collect various information about the user and analyse it. The main functions of cookies are:
to collect information about visitors and their devices;
to remember visitors' individual preferences, which are used, for example, when making online transactions, so that they do not have to be re-entered;
to make the use of a website easier, simpler, more convenient and smoother;
to make it unnecessary to re-enter data that has already been entered;
to generally improve the user experience.
By using cookies, the Data Controller carries out processing of data, the main purposes of which are:
identification of the user
identification of each session
identification of the devices used for access
storage of certain data provided
storage and transmission of tracking and location information
storage and transmission of data for analytical measurements
Legal basis for processing: opt-in consent of the Data Subject.

3.3.2 Session cookies
The purpose of these cookies is to allow visitors to browse the website of the Data Controller, use its functions and services fully and smoothly. The validity period of this type of cookie lasts until the end of the session (browsing), and when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.

3.3.3 Third-party analytics cookies - analytics cookie
The Data Controller also uses Google Analytics as a third-party cookie on its website. By using Google Analytics for statistical purposes, the Controller's server collects information about how visitors use the website. The data is used to improve the website and the user experience. These cookies will also remain on the visitor's computer or other browsing device, their browser, until they expire or until they are deleted by the visitor.

3.3.4 Possibility to disable cookies and set cookie-related rules
The Data Subject has the possibility to set rules for certain types of cookies, e.g. to refuse the use of cookies, to disable cookies, etc., by setting the appropriate settings in the browser used. Information on the options to selectively or generally disable cookies can be found in the "Help/Help" menu of the relevant browser.
The "Help" function in the menu bar of most browsers provides information on how to disable cookies in the browser:
generally;
to set the way cookies are accepted (automatic acceptance, ask for them one by one, etc.);
to disable them one by one;
to delete them one by one or in groups;
to perform other cookie-related operations.

3.4 Use and retention period of the data processed
Name of the data processing Legal basis/Legal basis Retention period
online administration consent of the data subject until the end of the administration
billing data performance of the contract for the period specified by law
consent of the cookie data subject duration of storage of the cookie

4 Purpose, method and legal basis of processing

4.1 General Data Processing Policy
The Data Controller will process personal data in the data processing operations listed in section 3, in each case for the purposes and on the basis of the legal basis specified in the data processing, in accordance with the legislation listed in section 4.2.
The processing of personal data is always carried out with the Data Subject's voluntary consent, which the Data Subject has the right to withdraw at any time.
The Data Controller is obliged, by law, in certain cases and under certain exceptional conditions, to process, transfer, transmit, store certain personal data in a manner different from that described in the Data Processing. In such cases, the Data Controller shall ensure that the Data Subjects are notified, where this is permitted or not expressly prohibited by the relevant legal provisions.

4.2 Legal basis for the processing
The Controller processes personal data in accordance with the following legislation:
GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 Act V of 2013 on the Civil Code (Civil Code);
2013. Act V of 2013 on the Civil Code (Civil Code);
Legislation governing or relating to the activities of the controller 1
Legislation governing or relating to the activities of the controller 2
Legislation governing or relating to the activities of the controller 3

5 Storage and security of data
Data storage locations
Data controller's premises: 1053 Budapest, Vámház krt 4.
Name of the hosting provider: Krebsz Ádam EV
Address of the hosting provider: 2623 Kismaros, Liliom utca 30.
E-mail address of the hosting provider: hello@crabs.hu
Website of the hosting provider: https://www.crabs.hu/

6 Data transfer, data processing, access to data
The Data Controller and its internal staff are the primary recipients of the data, in accordance with the rules of eligibility, the system of eligibility and other internal regulations. The Data Controller performs certain operations and tasks related to the data through third party data processors (e.g. delivery of goods), who process the data until the time of delivery of the ordered goods. The Data Controller does not disclose the data to third parties beyond the above mentioned.

7 Data subject rights
The Data Subject may exercise the rights described below, among others, in relation to the personal data processed by the Controller.

7.1 Right of access of the Data Subject (GDPR 15. Article 15)
The Data Subject has the right to receive feedback from the controller as to whether or not his or her personal data are being processed and, if such processing is ongoing, the right to access the personal data and the following information:
the purposes of the processing;
the categories of the Data Subject's personal data;
the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
the envisaged period of storage of the personal data;
the Data Subject's right to rectification, erasure or restriction of processing and to object to processing;
the right to lodge a complaint with a supervisory authority;
if the data have not been collected from the Data Subject, all available information about their source;
the fact of automated decision-making, including profiling, and clear information about the logic used and the significance of such processing and the likely consequences for the Data Subject.
The Data Controller shall provide the Data Subject with a copy of the personal data subject to the processing. For additional copies requested by the Data Subject, the Controller may charge a reasonable fee based on administrative costs. If the Data Subject has made the request by electronic means, the Controller shall provide the information in a commonly used electronic format, unless the Data Subject requests otherwise, within a maximum of 30 days of the date of submission.

7.2 Right of rectification (Article 16 GDPR)
The Data Subject has the right to obtain, upon request and without undue delay, the rectification of inaccurate personal data relating to him or her and the right to obtain the integration of incomplete personal data, taking into account the purposes of the processing.

7.3 Right to erasure (GDPR 17. Article GDPR)
The Data Subject shall have the right to obtain from the Controller, upon his/her request, the erasure of personal data relating to him/her without undue delay and the Controller shall be obliged to erase personal data relating to the Data Subject without undue delay where one of the following grounds applies:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
the Data Subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the Controller is subject;
the personal data have been collected in connection with the provision of information society services.
The deletion of data cannot be initiated if the processing is necessary:
for the exercise of the right to freedom of expression and information;
for the fulfilment of an obligation under Union or Member State law to which the controller is subject to comply with personal data processing or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the field of public health;
for archiving, scientific or historical research or statistical purposes in the public interest;
for the establishment, exercise or defence of legal claims.

7.4 Right to restriction of processing (18. Article 18)
At the Data Subject's request, the Controller shall restrict processing if one of the following conditions is met:
the Data Subject contests the accuracy of the personal data, in which case the restriction shall be for a period of time that allows the Controller to verify the accuracy of the personal data;
the processing is unlawful and the Data Subject opposes the erasure of the data and requests instead the restriction of their use;
the Controller no longer needs the personal data for the purposes of the processing but the Data Subject requires them for the establishment, exercise or defence of legal claims; or
the Data Subject has objected to the processing, in which case the restriction shall apply for a period of time until it is determined whether the legitimate grounds of the Controller override the legitimate grounds of the Data Subject.
Where processing is subject to restriction, personal data other than storage may be processed only with the consent of the Data Subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the Union or of a Member State.

7.5 Right to data portability (Article 20)
The Data Subject has the right to receive the personal data concerning him or her that he or she has provided to the Data Controller in a structured, commonly used, machine-readable format and to transmit such data to another Data Controller.

7.6 Right to object (Article 21)
The Data Subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data, including profiling based on the aforementioned provisions. In such a case, the Controller may no longer process the personal data, unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests or rights of the Data Subject or for the establishment, exercise or defence of legal claims.

7.7 Automated decision making in individual cases, including profiling (Article 22)
The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

7.8 Right of Withdrawal
The Data Subject has the right to withdraw his or her consent to the processing of his or her personal data at any time.

7.9 Remedies
In the event of a breach of their rights, the Data Subject may request information, seek redress or lodge a complaint via the contact details provided in section 2.2 or with the Data Protection Officer provided in section 2.3. In the event of failure to do so, the Data Subject shall have the right to take legal action or to apply to the National Authority for Data Protection and Freedom of Information.

7.10 Contact details of the National Authority for Data Protection and Freedom of Information
Name: National Authority for Data Protection and Freedom of Information
Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5.
Tel: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu

8 Other provisions
In the event of a request from a public authority or other body based on other legal obligations, the Data Controller may be obliged or required to disclose the data. In such cases, the Controller shall endeavour to disclose only such personal data as is strictly necessary for the purposes of the obligation to disclose.