This Privacy Policy provides information on the activities of Orange Cube Kft. (hereinafter referred to as the "Controller") regarding the processing of natural persons' data in the performance of its tasks as described below, in accordance with the EU General Data Protection Regulation 2016/679 (hereinafter referred to as the "GDPR"). Information about the arrangements for the protection of the data it uses and the rules it follows in its activities. Finally, it provides information on all the rights that data subjects must protect their interests.
Data processing shall be carried out whenever the Controller enters a contract with its employees, customers, business partners, transfers personal data to external partners or issues invoices to its business partners. Occasionally, in accordance with its legal obligations, it may transfer part of this personal data to an external organisation and/or authority. The purposes of the processing are explained in more detail below.
In addition to the EU General Data Protection Regulation 2016/679, the regulations detailed in this Privacy Policy are based on Act XLVIII of 2008 on the Essential Conditions and Certain Limitations of Business Advertising Activity [Grt.] and Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information [Info tv.].
| Name: | Orange Cube Kft. |
| Registered office and postal address: | 138 Budapest, Marina promenade 1. P. building ground floor Ü-13/A |
| Tax number: | 14356964-2-41 |
| E-mail: | info@orangecube.hu |
| Phone: | +36703137339 |
The Controller shall act in accordance with the following principles:
The Controller shall receive personal data directly from the data subjects. The Controller undertakes to perform the tasks related to the protection of personal data processed in the context of its activities, to help prove to the Authorities, business partners and customers concerned, where applicable, that the Controller has acted in compliance with the Regulation and the Info Act and other relevant legislation (accountability principle).
The Privacy policy defines the following terms:
„personal data” means any information relating to an identified or identifiable natural person („data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
„data subject”: means a natural person in respect of whom the controller processes personal data.
„consent”: of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
„controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
„personal data breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
„data protection officer": a person, as defined by the GDPR, who is an expert in the field of personal data protection in the company employing/assigning him/her, or who liaises with the data protection authority ("NAIH"). In some cases, the employment of a DPO is mandatory by law, in other cases it is optional.
The Controller shall process the data of its business partners, potential business partners, employees, and clients, which it has obtained in any way and to any extent during its activities, in accordance with the provisions of this Privacy Policy, in compliance with the confidentiality obligation and in accordance with the provisions of the applicable Hungarian legislation and the GDPR.
The Controller may legally store the data received in the performance of its activities and related tasks, may organise the data in accordance with the law and may use the data to the extent necessary. Data processing shall cease immediately when the purpose of the processing is fulfilled or ceases to exist, or at the discretion of the Controller if the data subject so requests.
The Controller shall not use profiling or automated decision-making in relation to its activities.
Legal basis: pre-contractual consultation (Article 6 (1) (b) GDPR)
Mode: electronically
Processed data: name, telephone number, e-mail address
Period of data processing: 60 days excluding the conclusion of the contract, in case of conclusion of the contract, 8 years after the termination or expiry of the contract (including the financial and accounting context)
Access to the data: Controller, Controller's accountant
Legal basis: performance of a contract (Article 6 (1) (b) GDPR)
Mode: paper and electronic
Processed data: name, registered office, tax number, telephone number, e-mail address of the business partner in the case of a self-employed entrepreneur; name, telephone number, e-mail address of the representative of the company in the case of a company
Period of processing: 8 years after the termination or expiry of the contract (considering the financial and accounting context)
Access to or transfer of data to contracting parties, accountant of the Controller
Employees have the right to request and receive information about the processing of their personal data recorded. This includes the right to request a copy.
Data subject: all persons who visit the website of the Controller https://www.orangecube.hu/
Cookies (Cookies)
The website also uses the so-called "cookie" technique. A cookie is a small text file that the website provider places on the computer's hard drive. Cookies provide various functions to support the operation of the website. Whenever cookies are used, no information is collected that identifies you personally.
However, you can allow or decline cookies. Cookies are usually enabled automatically by the web browser that you use, but you can modify your browser settings to decline them or, if you prefer, to receive a notification before a cookie is stored. For more information about these features and to fine-tune your cookie settings, please refer to your Internet browser instructions or help screen. If you choose to decline cookies, you may not be able to take full advantage of certain features of our website or other websites.
|
key |
domain |
period of data processing | short description |
|
_gid |
. orangecube.hu |
1 day |
This cookie is set by Google Analytics. It stores and updates a unique value for each page visited and is used to count and track page views. |
|
_ga_QG9VK6D5JS |
. orangecube.hu |
1 year 1 month |
This cookie is used by Google Analytics to keep track of session status |
|
_ga |
. orangecube.hu |
1 year 1 month |
This cookie name is associated with Google Universal Analytics, a major update to Google's more commonly used analytics service. The cookie is used to distinguish individual users by assigning a randomly generated number as a client identifier. It is included in all site page requests and is used to calculate visitor, session, and campaign data for site analytics reports. |
|
_gat_gtag_UA_108555808_1 |
. orangecube.hu |
53 seconds |
This cookie is part of Google Analytics and is used to limit requests (to control the speed of requests). |
Deleting cookies
Certain features will not be available to you if you do not accept the use of cookies. More information on how to delete cookies can be found at the links below, depending on which browser you are currently using:
Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
Chrome: https://support.google.com/chrome/answer/95647
Edge: https://support.microsoft.com/hu-hu/help/4027947/microsoft-edge-delete-cookies
The Controller occasionally transfers personal data to third parties in connection with its activities. The data may be transferred on paper or electronically, in both cases ensuring that the data is only accessible to the recipient.
In case of electronic data transmission, the data will be transmitted from a computer with a unique password, protected against viruses and used exclusively for the purposes of the Controller.
Data are transferred from the controller - with the legal basis of "performance of contracts" or "legal compliance" - to the following partners acting as processors or as independent data controllers:
Contact: ebpavig@nav.gov.hu: +36(1) 427 3200
Legal basis for data transfer: compliance with a legal obligation (Article 6 (1) (c) GDPR; Act C of 2000 on Accounting; Act CL of 2017 on the Rules of Taxation)
Transferred data: name, address, tax number, invoice information
Time and method of transfer: case by case, electronically
Cont-Roll Pont Kft.
Contact: +3620 313 2393
Legal basis for data transfer: compliance with a legal obligation (Article 6 (1) (c) GDPR; Act C of 2000 on Accounting; Act CL of 2017 on the Tax Procedures)
Transferred data: name, address, tax number, invoice information
Time and node of transmission: case by case, electronically
Idea-NET Solutions Kft.
Contact: Debrecen, Telek street 60.; e-mail: info@ideanet.hu
Legal basis for the data transfer: performance of a contract (Article 6 (1) (b) GDPR)
Transferred data: web identifiers
Time and mode of transfer: occasionally, electronically
Right to information: The data subject may request information from the Controller about the processing of his/her personal data within the period of processing. The Controller shall inform the data subject in writing and in an intelligible form, within the shortest possible period of time from the date of the request, but not later than 30 days, of the data processed, the purposes, legal basis and period of the processing and, where the data have been further transferred, of the persons to whom and for what purposes the data are or have been transferred.
Right to rectification of data: The data subject may request the Controller to rectify his/her personal data within the processing period. The Controller shall fulfil the request within 15 days.
Right to erasure ("right to be forgotten"): The data subject has the right to request the erasure of his/her personal data, which the Controller shall fulfil within 15 days at the latest. The right to erasure shall not include the cases where the Controller is legally obliged to continue to store the data, nor the case where the Controller is entitled to continue to process the personal data in accordance with Article 6 (5) of the Infotv.
Right to block the data: the Data Subject may request the Controller to block the personal data if the permanent deletion of the data would harm the Data Subject's legitimate interests. The personal data blocked may be processed only for as long as the purpose which precluded the deletion of the personal data persists.
Right to data portability: based on this right, the data subject has the right to receive personal data relating to him or her which he or she has provided to a controller in a computer-readable format and to transfer these data to another controller without hindrance from the controller to which he or she has provided the personal data. In the context of processing on the Internet, it is not sufficient to ensure the right to erasure, since data are not only stored by one controller but also by many other controllers, and search engines will now make previously stored versions available. Under the new General Data Protection Regulation rules, given the specificities of the internet, data subjects will be able to erase their data at all possible access points, as this is the only way to exercise their rights effectively.
Right to object: the Controller shall review the objection within the shortest possible time from the date of the request, but not later than 15 days, and shall decide whether the objection is justified and inform the data subject in writing of its decision. If the Controller refuses to comply with the data subject's request for rectification, blocking or erasure, it shall, within 30 days of receipt of the request, communicate in writing or, with the data subject's consent, by electronic means, the factual and legal grounds for refusing the request for rectification, blocking or erasure.
The Controller shall delete all personal data
Instead of erasure, the Controller shall block the personal data if the data subject requests it or if, based on the information available to the Controller, the erasure would harm the legitimate interests of the data subject. The personal data blocked in this way shall be processed exclusively for as long as the processing purpose which precluded the erasure of the personal data persists.
The procedure: the Controller shall manage and handle as a complaint any written communication from the natural person concerned to the Controller, where the communication concerns a data protection issue and alleges a grievance in relation to the Controller's practices or omissions inconsistent with the provisions of the present Privacy Policy (hereinafter referred to as " complaint ").
Complaints may be submitted in writing within 30 days of the detection of a specific breach, by sending a notification to the Controller's e-mail address or postal address. Failure to comply with the time limit shall result in forfeiture of rights.
Complaints must contain at least: the name, address (e-mail address), telephone number of the complainant, the date of the grievance, the specific description of the grievance, the signature of the complainant and the consent to the processing of the data contained in the complaint in the procedure related to the complaint, at the same time as the signature of the complaint. In the absence of these data and the declaration, the Controller shall refrain from examining the complaint and shall inform the Complainant in writing.
The Controller shall process the data of the Complainant exclusively in connection with the complaint, shall not disclose the data to third parties, except for requests by authorities and courts as defined by law, and shall not use the data for business purposes.
The Controller shall review the complaint and provide a written and reasoned response within 30 days of receipt in the same way as the complaint was submitted (by e-mail or post). If the 30-day period is not sufficient to review the complaint, the Controller shall notify the complainant accordingly. In this case, a reasoned written response will be provided within 3 months of the notification in the same way as the complaint.
If, after investigating the complaint, the Controller determines that the Complainant's complaint was factual and justified, it shall inform the Complainant of the manner and extent of the remedy for the grievance at the same time as it assesses the complaint.
In case of rejection of the complaint, the Controller shall inform the Complainant in writing that he/she may further submit his/her complaint to the National Authority for Data Protection and Freedom of Information (hereinafter referred to as "the Authority") or, in case of a grievance, to the Court of Justice. The contact details of the National Authority for Data Protection and Freedom of Information (NAIH) are set out below.
According to. Article 52 (1) of the Infotv., the Authority will investigate complaints only if the data subject has already contacted the data controller prior to his/her notification to the Authority in connection with the exercise of the rights specified in the complaint.
In this context, pursuant to Article 14 of the Information Act, the data subject may request the controller to provide information on the processing of his or her personal data, to rectify his or her personal data and, except for mandatory processing, to erase or block his or her personal data.
The Controller shall investigate the objection within the shortest possible time from the date of the request, but not later than 15 days, decide on its merits and inform the applicant of its decision by means of a formality which is in conformity with the request and can be proved (e.g. in writing, by electronic mail).
If the Controller determines that the data subject's objection is justified, it shall immediately cease the processing, including any further collection and transfer of data, and block the data, and notify the data subject of the objection and the measures taken on the basis of the objection to all those to whom the personal data concerned by the objection were previously disclosed and who are obliged to take action to enforce the right to object.
If the data subject disagrees with the Controller's decision or if the Controller fails to comply with the 15-day time limit, the data subject may, within 30 days of the notification of the decision or the last day of the time limit, appeal to the courts or the Data Protection Authority (NAIH) to enforce his or her rights.
The Authority facilitates the enforcement of data subjects' rights by issuing formal notices: https://naih.hu/panaszuegyintezes-rendje.html
| Complaint: | NAIH 1055 Budapest, Falk Miksa street 9-11, |
| E-mail address: | ugyfelszolgalat@naih.hu |
| Phone.: | +36 (1) 391-1400 |
| Website: | www.naih.hu |
The Controller shall store the personal data of the data subjects electronically only on the computer used in the business, which is protected both electronically and physically. This prevents unauthorised access, modification, transmission, deletion, or destruction, including accidental destruction, damage, and inaccessibility due to technical modification.
In all cases, paper-based data storage shall take place in a locked room in a locked cabinet, in a manner inaccessible to unauthorised persons.
The Controller shall not request, receive or store particularly sensitive data (e.g. health data) from anyone. Any unsolicited data sent to it will be deleted immediately and permanently.
Data breach: any act, intervention or omission which gives rise to unlawful treatment or processing of personal data, in particular unauthorised access, alteration, disclosure, transmission, publication, erasure or destruction, accidental destruction or accidental damage.
Any person who becomes aware of such a situation in connection with the activities of the Controller should report it as soon as possible to the following e-mail address: info@orangecube.hu or by telephone: +36-1-878-1681
The Controller shall register the report and investigate it without delay. If the data breach occurred in relation to an IT system, the Controller will inform the service providers responsible for the operation of the databases concerned.
To investigate the report and deal with the incident, the Controller shall collect all information that may be necessary to identify the incident, mitigate any possible damage and develop further measures to remedy the incident. If possible, record
In addition, the Controller shall, as required by law, notify the Authority (NAIH) within 72 hours.
Data Protection Officer: in connection with its main activities, the Controller does not process large amounts of personal data and/or personal data that can be classified as particularly sensitive, it is not a public authority, therefore it does not consider the appointment or employment of a Data Protection Officer to be justified, nor is it required by the applicable legislation.
Note: The Controller hereby reserves the right to update the present Privacy Policy on an ongoing basis, and to unilaterally modify the information detailed herein, also in accordance with changes in legislation. Any modification shall be available at the Controller at any time.
Budapest, March 2024
Orange Cube Kft.