PPC Online Webmarketing Korlátolt Felelősségű Társaság (head office: Hungary, 1048 Budapest, Megyeri street 234. 4. floor. 12.; company registration number: 01-09-404942; hereinafter referred to as the “Data Controller”), pursuant to Article 13 of the European Union’s Data Protection Regulation (Regulation 2016/679) on the protection of personal data (hereinafter referred to as the “GDPR”) and Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information (hereinafter referred to as the “Info Act”), publishes the following privacy notice on the use of personal data collected by it and the rights of the natural persons concerned.
This Privacy and Processing Notice is published on the website (https://ppconlineagency.com/) operated by the Data Controller.
- Data Controller’s data
| Company name: | PPC Online Webmarketing Korlátolt Felelősségű Társaság |
| Location: | Hungary, 1048, Budapest, Megyeri Street 234. 4. Floor 12. |
| Company registration number: | 01-09-404942 |
| Tax number: | HU32061729 |
| Representative: | Dávid Hrepka Managing Director |
| E-mail address, telephone number: | info@ppconline.hu, +36 70 533 0257 |
| Website: | www.ppconlineagency.com |
2. Basic concepts of data management
For the purposes of this notice:
2.1. personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2.2. data processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
2.3. controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
2.4. data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
2.5. data subject: the natural person whose personal data are affected by the processing;
2.6. data subject’s consent: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act unambiguously expressing his or her consent, that he or she wishes to have personal data concerning him or her processed;
2.7. supervisory authority: the National Authority for Data Protection and Freedom of Information
3. Data processors, transfer of data
3.1. Access may be subject to compliance with the necessity principle.
3.2 The Data Controller may transfer the data processed in connection with invoicing to an accounting service provider as a data processor in order to fulfil its tax and accounting obligations. The Data Controller uses an online invoicing software to perform its invoicing tasks. In addition, invoicing data will be transferred to the National Tax and Customs Administration.
Details of the accounting service provider:
| Name: | Melinda Jóri self-employed |
| Location: | Hungary, 2376 Hernád, Fő Street 161. |
| Registration number: | 55786595 |
| Tax number: | 57186953-1-33 |
| E-mail address, telephone number: | jorimelinda@gmail.com , +36 30 421 3282 |
Details of the provider of the online billing service:
| Company name: | Billingo Technologies Zrt. |
| Location: | Hungary, 1133 Budapest, Árbóc street 6. |
| Company registration number: | 01-10-140802 |
| Tax number: | 27926309-2-41 |
| Representative: | Albert Sárospataki Member of the Board of Directors |
| E-mail address, telephone number: | hello@billingo.hu |
| Website: | www.billingo.hu |
3.3 The Data Controller does not transfer personal data to third countries or international organisations.
4. Processing activities
4.1. Processing of customer data, data relating to contracting partners (natural person customers and natural persons acting on behalf of legal person customers)
| Purpose, legal basis for processing | The legal basis for the processing of data for the purposes of concluding a contract on the basis of an order and the performance of the rights and obligations arising from the contract concluded, the notification of the contracting partners and the maintenance of contact is the performance of the order pursuant to Article 6 (1) (b) of the GDPR. |
| Scope of the data processed | identification data (name, name at birth, date of birth, mother’s name at birth, address, tax identification number, tax number, identity card number, address)contact details (e-mail address, telephone number, customer identification number)bank account number. |
| Duration of data processing | 5 years after the termination (performance) of the contract. |
4.2. Processing of data for tax and accounting purposes, invoicing
| Purpose, legal basis for processing | The legal basis for the processing of the data necessary for issuing an invoice for tax and accounting purposes is the fulfilment of a legal obligation pursuant to Article 6(1)(c) of the GDPR. |
| Scope of the data processed | identification data (name, name at birth, date of birth, mother’s name at birth, address, tax identification number, tax number, identity card number, address)contact details (e-mail address, telephone number, customer identification number)bank account number. |
| Duration of data processing | 8 years |
4.3. Processing of data of other persons who have contact with the Data Controller
| Purpose, legal basis for processing | The legal basis for processing for the purpose of responding to and properly dealing with a question, complaint, observation or other request from an individual is the consent of the data subject pursuant to Article 6(1)(a) of the GDPR. |
| Scope of the data processed | The personal data provided by the individual in his/her request and the content of the communication. |
| Duration of data processing | 5 years after the request or until the data subject’s consent is withdrawn. |
4.4. Contact through the website of the Data Controller, processing of website visitors
The website of the Data Controller (www.ppconline.hu) can be visited without providing personal data and without registration. However, the website visitor has the possibility to contact the Data Controller via the website by providing his/her name, e-mail address and telephone number for information or request for a quote.
| Purpose and legal basis for processing | The purpose of the processing is to contact the website visitor through the website, the legal basis is the consent of the data subject pursuant to Article 6 (1) (a) of the GDPR. |
| Scope of the data processed | name, e-mail address, telephone number, other information provided by the website visitor in the request. |
| Duration of data processing | The duration of the processing is 5 years from the date of the request sent through the website or until the withdrawal of the data subject’s consent. |
4.5. Processing of data relating to opinions published on the Controller’s website
In the “Our references” section of the Controller’s website, the opinions expressed by the Controller’s customers are displayed, together with the names of the customers.
| Purpose and legal basis for processing | The purpose of the processing is the publication of customer opinions and recommendations on the website on the basis of the data subject’s consent in accordance with Article 6(1)(a) of the GDPR. |
| Scope of the data processed | name, website |
| Duration of data processing | The period of processing lasts until the data subject’s consent is withdrawn. |
4.6. Information about the use of “cookies”
Cookies are small files that store information sent by a website in the browser of the website visitor.
Cookies cannot be used to identify the website visitor and cannot access the user’s hard disk space.
The Data Controller’s website may record and process the following data using cookies during the use of the website:
- the IP address used by the visitor,
- the type of browser used by the visitor,
- the operating system of the device used for browsing,
- the time of the visit to the website,
- clicks.
The above data will be kept by the Data Controller for a maximum of 540 days.
By visiting the Controller’s website, the visitor consents to the use of cookies. This consent may be withdrawn at any time in the cookie settings of the browser used by the visitor. Certain functions of the website may not function properly without cookies.
The Data Controller uses the following cookies on the website www.ppconline.hu:
- Essential session-id cookies: these are necessary for the functioning of the website and for the proper use of the website’s features. Without accepting them, the website or parts of the website may not function properly or at all.
- Functional cookies: these are used to enhance the user experience. These cookies help to make the use of the website more convenient, for example by automatically logging you in, storing the language you choose, text size and other settings that you have set for the website.
- Analytics or performance cookies: these are used to collect information about the website visitor’s activity on the website (time spent on the website, clicks).
For more information on Google Analytics cookies, please visit https://support.google.com/analytics/answer/6004245#zippy.
- Targeting or advertising cookies: These are used to ensure that the website visitor is shown advertisements relevant to their interests.
For more information about Google AdWords cookies, please visit https://support.google.com/adwords/answer/2407785?hl=hu.
4.7. Processing of data related to visits to the Data Controller’s social networking sites (Facebook, Instagram)
| Purpose and legal basis for processing | The purpose of data management is to maintain contact, share and publish information on the activities of the Data Controller on social networking sites. The Data Controller will only contact the data subjects through the social networking site, and thus the purpose of the scope of the data processed will only become relevant if the data subject contacts the Data Controller through the social networking site. The legal basis for processing is the data subject’s consent pursuant to Article 6(1)(a) of the GDPR. |
| Scope of the data processed | a name that is publicly available on a social networking site, a photo that is publicly available on a social networking site, any data voluntarily shared by the data subject through the social networking site. |
| Duration of data processing | The duration of the processing is 5 years from the date of the request sent through the Community site or until the withdrawal of the data subject’s consent. |
4.8. Data processing of subscribers to the newsletter of the Data Controller
| Purpose and legal basis for processing | The purpose of data processing is to send newsletters and advertising material about the services of the Data Controller to subscribers. The legal basis for processing is the consent of the data subject pursuant to Article 6(1)(a) of the GDPR. |
| Scope of the data processed | |
| Duration of data processing | The duration of data processing lasts until the newsletter service is maintained or the data subject’s consent is withdrawn. |
5. Data security and data retention policy
The Data Controller shall store the personal data processed by it at its headquarters (1048 Budapest, Megyeri út 234, 4th floor 12) on paper or in electronic form on its own IT system, ensuring data security. In this context, the Data Controller shall protect its IT system with firewalls and virus protection.
The Data Controller shall process the personal data collected and stored by it only for the purposes and with the appropriate legal title specified in this information notice or by law, and shall keep the personal data in a way that prevents unauthorised persons from accessing them.
6. Information on the rights of the data subject
6.1 Right of access
The data subject shall have the right to obtain from the Controller feedback as to whether or not his or her personal data are being processed and, in the case of ongoing processing, the right to access the personal data processed in relation to him or her and the following information: the purposes and duration of the processing; the categories of personal data processed; the recipients of the processing; the rights of the data subject.
Right to rectification
The data subject shall have the right to obtain, at his or her request, the integration or correction by the controller of incomplete or inaccurate personal data relating to him or her.
Right to data portability
The data subject shall have the right to receive data relating to him or her in a structured, commonly used, machine-readable format and the right to transmit such data to another controller without hindrance by the Controller.
Right to erasure
The data subject shall have the right to obtain, at his or her request, the erasure of personal data relating to him or her by the Controller where one of the following grounds applies:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing;
- the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject.
Right to restriction of processing
The data subject shall have the right to obtain, at his or her request, the restriction of processing by the Controller if one of the following conditions is met:
- the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period of time which allows the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
- the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims;
- the data subject has objected to the processing; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.
Right to object
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data where it is based on the performance of a task carried out in the public interest or necessary for the purposes of the legitimate interests pursued by the controller or a third party, including profiling based on the aforementioned provisions. In such a case, the controller may no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data relating to him or her.
6.2. How the right is exercised
The data subject may exercise his or her rights by sending a written request by post to the following address: 1048 Budapest, Megyeri út 234. 12. or by e-mail to the e-mail address of the Data Controller info@ppconline.hu.
Within 30 days of receipt of the request, the Controller shall inform the data subject of the action taken in response to the request or the reasons for non-action, of the possibility to lodge a complaint with a supervisory authority and of the right to judicial remedy.
6. Remedies
The data subject has the right to lodge a complaint with the supervisory authority (National Authority for Data Protection and Freedom of Information; address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c; telephone: +36 (1) 391-1400; website: http://www.naih.hu; e-mail: ugyfelszolgalat@naih.hu) or to apply to the court having jurisdiction and competence pursuant to Act CXXX of 2016 on the Code of Civil Procedure to enforce his or her rights concerning his or her personal data.
Budapest, 25 August 2022.
PPC Online Webmarketing Korlátolt Felelősségű Társaság
on behalf of
Hrepka Dávid Managing Director
