Privacy Policy
1. Purpose of the Data Management Information
The purpose of this document is to describe the data protection rules, procedures and security measures applied and operated within Flying Objects Design Stúdió Kft. as data controller (hereinafter referred to as the Data Controller) with regard to data qualifying as personal data.
At the same time, in this document, the Data Controller informs its clients, partners, and any natural or legal person who has any - legally interpretable - relationship with the Data Controller and whose data is affected during the processing of personal data, about the rules for the processing of personal data, the applied security measures, procedures and the method of data management.
The Data Controller considers the rules, regulations and obligations described in this Data Management Information to be legally binding on itself and applies them in its operation, and declares that the data protection rules and procedures described and applied in this document comply with the applicable national and European Union data protection laws. The Data Controller further declares that it considers the right to informational self-determination to be important, with special regard to personal data, and within its own competence takes all available organizational, operational, regulatory and technological measures to ensure compliance with and enforcement of these rights.
The current version of the Data Management Information is available at the www.flyingobjects.hu accessibilities. The Data Controller may change the Data Management Information at any time, subject to the obligation to publish and inform the Data Subjects.
2. Data of the Data Controller
2.1 Company Details of the Data Controller
Name: Flying Objects Design Stúdió Kft.
Registered Office: 1095 Budapest, Mester u. 24., 5th floor 3.
Tax Number: 24296270-2-43
Company Registration Number: 01-09-340517
Central Telephone Number: +36 20 9660930
Central Email: info@flyingobjects.hu
2.2 Contact Information of the Data Controller
For data protection inquiries, the Data Controller can be contacted at the following:
tel: +36 20 9660930 e-mail: info@flyingobjects.hu
The Data Controller retains data protection requests (emails) received by it for the period specified in point 3.7, which applies to this data processing. After this period, they will be irrevocably deleted.
2.3 Data Controller's Data Protection Officer
Name: Andras Hunfalvi, Managing Director
Phone number: +36 20 9660930
Email address: info@flyingobjects.hu
3 Data Processing Activities of the Data Controller and the Personal Data Processed
3.1 Personal Data Required During Registration
There is no registration on our website.
3.2 Data Related to Contacting Us
During online administration, such as inquiries via email, we request the following data:
name, contact telephone number, and email address.
During inquiries via telephone, we request the following data:
name, contact telephone number, and email address.
The legal basis for data processing is the consent of the data subject.
The purpose of data processing is to enable users of the www.flyingobjects.hu website to contact us through the website, which is necessary for using the services, providing the services, and documenting the conformity of performance.
Failure to provide data will make it impossible to maintain contact.
The processing of personal data provided during registration and online administration lasts until the administration is completed.
In the case of non-mandatory data, data processing lasts from the time the data is provided until the data in question is deleted.
The above provisions do not affect the mandatory retention for 8 years of data generated during data processing related to invoicing data, as defined in Section 169 (2) of Act C of 2000 on Accounting, or data processing based on further consents given during registration on the website or otherwise.
The data controller will delete the personal data if:
its processing is unlawful,
the data subject requests it, except as provided in the previous point,
the purpose of the data processing has ceased,
the statutory deadline for storing the data has expired, or
the court or the data protection authority has ordered the deletion of the personal data.
3.3 Browser Cookie
3.3.1 Function of Cookies
An HTTP cookie (cookie) is a small data packet that the server containing the visited website creates with the help of the client's web browser during internet browsing upon the first visit, if this is enabled in the browser. Cookies are stored on the user's computer in a predetermined location that varies depending on the browser type. During subsequent visits, the browser sends the stored cookie back to the web server along with various information about the client. With the help of cookies, the server has the opportunity to identify the given user, collect various information about them, and create analyses from this information. The main functions of cookies:
collect information about visitors and their devices;
remember visitors' individual settings, which can be used, for example, when using online transactions, so they do not have to be retyped;
facilitate, simplify, make more convenient, and streamline the use of the given website;
eliminate the need to re-enter already entered data;
generally improve the user experience.
By using cookies, the Data Controller performs data processing, the main purposes of which are:
user identification
identification of individual sessions
identification of devices used for access
storage of certain provided data
storage and transmission of tracking and location information
storage and transmission of data required for analytical measurements
The legal basis for data processing: the Data Subject's opt-in consent.
3.3.2 Session Cookies
The purpose of these cookies is to allow visitors to browse the Data Controller's website completely and smoothly, use its functions, and the services available there. The validity period of this type of cookie lasts until the end of the session (browsing); when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.
3.3.3 Analytical Cookies Placed by Third Parties
The Data Controller also uses Google Analytics cookies as a third-party cookie on its website. By using Google Analytics, a statistical service, the Data Controller's server collects information about how visitors use the website. This data is used to develop the website and improve the user experience. These cookies also remain on the visitor's computer or other browsing device, in its browser, until their expiration date or until the visitor deletes them.
3.3.4 Possibility to Disable Cookies and Set Rules Related to Cookies
The Data Subject has the option to set rules for certain types of cookies, e.g., to avoid the use of cookies, to disable cookies, etc., with the appropriate settings of the browser used. Information on the possibilities of setting selective or general prohibition of cookies can be found in the "Help" menu of the given browser.
The "Help" function in the menu bar of most browsers provides information on how to manage cookies in the browser:
generally disable;
set the method of accepting cookies (automatic acceptance, ask individually, etc.);
disable individually;
delete individually or in groups;
perform other cookie-related operations.
3.4 Use of Managed Data and Retention Period
Name of Data Processing Legal Basis/Regulation Retention Period
online administration consent of the data subject until the closing of the administration
invoicing data performance of the contract for the period specified by law
cookies consent of the data subject duration of storage of the given cookie
4 Purpose, Method, and Legal Basis of Data Processing
4.1 General Data Processing Guidelines
In the Data Processing activities listed in point 3, the Data Controller processes personal data in each case for the purpose specified in the data processing activity and on the legal basis specified therein, in accordance with the laws listed in point 4.2.
The processing of personal data always takes place with the voluntary consent of the Data Subject, which consent the Data Subject is entitled to withdraw at any time.
The Data Controller is obliged to process, transfer, forward, and store certain personal data in a different way than described in the Data Processing activities, due to legal obligations, in certain cases and under certain exceptional conditions. In such cases, the Data Controller shall ensure that the Data Subjects are notified, if the provisions of the given law allow it or do not expressly prohibit it.
4.2 Laws Providing the Legal Basis for Data Processing
The Data Controller processes personal data on the basis of the following laws:
GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) Act V of 2013 - on the Civil Code (Ptk.);
Act V of 2013 - on the Civil Code (Ptk.);
Law 1 regulating or relating to the Data Controller's activity
Law 2 regulating or relating to the Data Controller's activity
Law 3 regulating or relating to the Data Controller's activity
5 Data Storage and Security
Data storage locations
Data Controller's premises: 1053 Budapest, Vámház krt 4.
Name of the hosting provider: Krebsz Ádám EV
Address of the hosting provider: 2623 Kismaros, Liliom utca 30.
Email address of the hosting provider: hello@crabs.hu
Website of the hosting provider: https://www.crabs.hu/
6 Data Transfer, Data Processing, Circle of Persons Who Have Access to the Data
Primarily, the Data Controller or its internal staff are entitled to access the data, to the extent corresponding to the authorization rules, the authorization system, and other internal regulations. The Data Controller has certain data-related operations and tasks performed by third-party Data Processors (e.g., goods delivery), who process the data until the time of delivery of the ordered goods. The Data Controller does not disclose the data beyond those listed above and does not transfer it to other third parties.
7 Rights of the Data Subject
The Data Subject may exercise the rights described below - among other things - in connection with their personal data processed by the Data Controller.
7.1 Right of Access by the Data Subject (Article 15 of the GDPR)
The Data Subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
the envisaged period for which the personal data will be stored;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject and to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from the data subject, any available information as to their source;
the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a widely used electronic form within maximum 30 days from the submission.
7.2 Right to Rectification (Article 16 of the GDPR)
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
7.3 Right to Erasure ('Right to Be Forgotten') (Article 17 of the GDPR)
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
the personal data have been collected in relation to the offer of information society services.
Data erasure cannot be initiated if data processing is necessary:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
for the establishment, exercise or defence of legal claims.
7.4 Right to Restriction of Processing (Article 18)
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
7.5 Right to Data Portability (Article 20)
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
7.6 Right to Object (Article 21)
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
7.7 Automated Individual Decision-Making, Including Profiling (Article 22)
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
7.8 Right to Withdraw Consent
The data subject shall have the right to withdraw his or her consent at any time.
7.9 Legal remedies
In case of infringement of their rights, the Data Subject may request information, remedy or lodge a complaint through the contact details provided in point 2.2 or from the Data Protection Officer specified in point 2.3. If these are unsuccessful, the Data Subject is entitled to apply to a court or contact the National Authority for Data Protection and Freedom of Information.
7.10 Contact details of the National Authority for Data Protection and Freedom of Information (NAIH)
Name: National Authority for Data Protection and Freedom of Information (NAIH)
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, P.O. Box 5.
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
8 Other provisions
In the event of an inquiry from an authority or another organization based on any other legal obligation, the Data Controller may be obliged or may be required to disclose data. In such cases, the Data Controller will endeavor to disclose only as much and such personal data as is strictly necessary for the purpose of the data disclosure obligation.