DATA PROTECTION AND PRIVACY STATEMENT

 

The aim of this Statement is to declare the data protection and privacy principles and policies of Services provided by the Service Provider under the brand of Société Group Korlátolt Felelősségű Társaság (registered seat: 1051 Budapest, Sas u. 15., company reg. no. 01-09-287367, registered by the Budapest Capital Regional Court as Court of Registry, tax number: 25755044-2-41, hereinafter referred to as the Service Provider) .

This Privacy Statement shall apply to the processing of personal data by data controller and data processors in the course of the use of services provided and available for downloading through www.societebudapest.com and www.societestore.com operated by the Service Provider (hereinafter referred to as the Websites), and communication for direct marketing and/or promotion (hereinafter jointly referred to as the Services). This Statement shall apply to cases which fall under the scope hereof by the respective provisions of the Service Provider.

This Statement shall form inseparable part of and shall be interpreted jointly with the general contractual terms and conditions applicable to the Services (e.g. the general contractual terms of Société store, the website’s conditions of use, etc. – hereinafter jointly referred to as Conditions of Use); however, for the sake of ensuring easier access hereto, is formulated as a separate document. The Service Provider is entitled to amend this Privacy Statement unilaterally, as a part of the amendment of the Conditions of Use; the data subjects shall be notified of such amendment. The amended provision shall become effective and binding on the concerned data subject as determined in the information or in the Conditions of Use.

 

  1. Name of Controller

 

In the course of the visit of Websites and the use of the Service, the Service Provider shall process the disclosed personal data of the natural persons (as holders of rights related to such personal data) (hereinafter referred to as the User); furthermore, the Service Provider shall be responsible for such personal data in compliance with the prevailing data protection laws and regulations.

 

 

name:

 

Societe Group Kft.

 

registered seat:Hungary, 1051 Budapest, Sas utca 15.

 

executive officer:MÁDI Orsolya

 

tax number:

 

25755044-2-4
mailing address:Hungary, 1051 Budapest, Sas utca 15.

 

e-mail address of the electronic customer service:customerservice@societestore.com
e-mail address for the submission of data processing-related complaints:dataprotection@societebudapest.com

 

contact details of the data protection officer:dataprotection@societebudapest.com

 

data protection supervisory authority:Nemzeti Adatvédelmi Hatóság (Hungarian National Authority for Data Protection and Freedom of Information) 1122 Budapest, Szilágyi Erzsébet fasor 22/C.

 

 

The Service Provider shall process the recorded personal data in compliance with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Privacy Act).

 

The scope of data recorded and processed is determined by Article 6 of Act XLVIII of 2008 on Basic Conditions and Certain Restrictions of Business Advertisements, Articles 13/A-14/C of Act CVIII of 2001 on Electronic Commercial Services and on Certain Questions on Services Related to Information Society, by Act C of 2000 on Accounting and Act XCII of 2003 on Taxation.

 

In the course of processing the personal data, the Service Provider shall observe the following legal principles (Article 5 (1) of the GDPR): a.) lawfulness, fairness and transparency; b.) purpose limitation; c.) data minimization; d.) accuracy; e.) storage limitation; f.) integrity and confidentiality; g.) accountability.

 

  1. The scope of personal data processed by the company and the purpose of data processing

 

  1. The processing of personal data by the Service Provider requires the possession of a valid legal ground thereto. The scope of the data processed and the respective legal ground varies, depending on to which surface or programme, available through the Website, registers the User or which Service the User uses:

 

  • Société Budapest: It is a creative community, a dynamic sphere, a Central-European cultural- and fashion movement, focusing on the organization and arrangement of cultural events, fashion shows, exhibitions and other public- and private gatherings. For further information, please visit societebudapest.com.

 

 

The scope of data processedThe purpose of data processing
username 

the data required for the identification of the User in the course of registration

user’s password
e-mail address
full name
phone number
full nameOn the website, the Service Provider provides the possibility of registration to a newsletter, allowing thereby for the Service Provider the sending of direct marketing or promotion materials. The purpose of data processing is enabling communication for advertisement, direct marketing and other promotional purposes (e.g., newsletter, eDM, etc.).
e-mail address

 

  • Société Store (Webshop): Société Store is engaged in the online sale of Fashion Industry Products (articles of clothing, jewelry, perfumes), distributed by the Société. For further information, please visit societestore.com and check the information available in menu item ‘Conditions of Use’.

 

 

The scope of data processedThe purpose of data processing
username 

The data required for the identification of the User in the course of registration

 

user’s password
e-mail address
full name
full nameThe data required to purchase products from the webshop, serving the following purposes:

  1. identification of Users, the distinction of Users from each other, communication with Users, prevention of unauthorized access to personal data;
  2. facilitation of customization of Service, use of user-friendly functionalities;
  3. preparation of statistics and analyses for the purposes of development of Services;
  4. administration through the customer service of the Service;
  5. sending error messages related to the Service;
  6. in case of webshop operation, the preparation of a contract, establishment or amendment of the content thereof, monitoring of performance of contracts, delivery of ordered items and use of the ordered service, invoicing of the related fees and enforcement of the claim arising therefrom, documentation of properness of completion, performance of accounting obligations;

enabling the performance of data processing and data provision required by laws and regulations.

delivery address
invoicing address
phone number
data of the order, the date and time of placing the order
full nameOn the website, the Service Provider provides the possibility of registration to a newsletter, allowing thereby for the Service Provider the sending of direct marketing or promotion materials. The purpose of data processing is enabling communication for advertisement, direct marketing and other promotional purposes (e.g., newsletter, eDM, etc.).
e-mail address

 

 

  • Société Gastro: Modern restaurant and bar led by chefs, with a kitchen using healthy and natural raw materials. For further information, please visit societebudapest.com/gastro.

 

The scope of data processedThe purpose of data processing
username 

the data required for the identification of the User in the course of registration

user’s password
e-mail address
full name
phone number
full nameOn the website, the Service Provider provides the possibility of registration to a newsletter, allowing thereby for the Service Provider the sending of direct marketing or promotion materials. The purpose of data processing is enabling communication for advertisement, direct marketing and other promotional purposes (e.g., newsletter, eDM, etc.).
e-mail address
e-mail address 

The User may reserve a table through the website; however, the use of this function of the website requires registration.

password
full name
phone number

 

 

  • Société Membership programme: The User participating in the programme may collect points and take benefit of further discounts and allowances; furthermore, in certain cases, the Users participating in the programme are vested with extra rights. For further information, please visit societebudapest.com/membership.

 

The scope of data processedThe purpose of data processing
username 

the data required for the identification of the User in the course of registration

user’s password
e-mail address
full name
phone number
full nameOn the website, the Service Provider provides the possibility of registration to a newsletter, allowing thereby for the Service Provider the sending of direct marketing or promotion materials. The purpose of data processing is enabling communication for advertisement, direct marketing and other promotional purposes (e.g., newsletter, eDM, etc.).
e-mail address
e-mail address 

Required for the use of the services and discounts provided for the User within the frameworks of the programme.

password
full name
phone number

 

 

 

  1. Data processing related to webshop clients

The purpose of data processing: the visitor’s data are recorded by the Service Provider in the course of the visit to www.societestre.com for the purpose of the performance of the service, the control of the portal’s operation and prevention of any abuse.

The legal basis of data processing: the consent of the data subject and Section 13/A (3) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (Electronic Commerce Act).

The purpose of data processing: identification of Users, the distinction of Users from each other, communication, the provision of more customized service to users, granting access to certain services, preparation of user-related statistics, handling of orders and purchases, performance of obligations and exercise of rights arising from the sale transaction, performance of accounting obligations, preparation of records of payment transactions, communication with customers, analysis of customer habits, sending of newsletters.

 

The legal basis of data processing: the consent of the data subject, Section 13/A (2) of Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (Electronic Commerce Act), Section 6 (5) of Act XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity, as well as Section 169 (2) of the Act on Accounting.

 

The scope of the data processed: username, password, family- and given name, e-mail address, phone number, consent to newsletter subscription, the date and time of registration, the date and time of the order, the data of the order (description, quantity and purchase price of the products purchased/ordered/reserved).

 

Deadline for the deletion of data: ten (10) years from the date of the last logging in; the date of withdrawal of the consent given to newsletter subscription. Accounting instruments will be stored for eight (8) years, in line with Section 169 (2) of Act C of 2000 on the Act on Accounting.

 

Data transfer: in case of an online transaction, the amount, date and time of the sale transaction will be forwarded to the payment service provider OTP Bank Nyrt. The legal basis of data transfer: Section 6 (6) of the Privacy Act and the voluntary consent of the data subject.

The services of the Webshop may be used either with or without registration.

The purpose of data processing: performance of purchase transactions in Sociétéstore webshop, issuance of invoices, keeping records and the distinction of the customers from each other, completion of orders, preparation of records on purchase and payment transactions, performance of accounting obligations, communication with customers, analysis of customers’ habits, provision of a more customized service, direct marketing, provision of relevant information, notification of recent offers.

The legal basis of data processing: the voluntary consent of the data subject, Section 13/A of Electronic Commerce Act, Section 169 (2) of the Act on Accounting and Section 6 (5) of Business Advertising Act.

The scope of the data processed: customer code, full name, other address, address of residence, e-mail address, phone number, date of birth, login e-mail address and password, the data of the individual purchase transactions (date, time, the product purchased, value of transaction), invoicing address, delivery address, consent to direct marketing communication.

The term of data processing:

  • with respect to direct marketing communication, until the withdrawal of the consent given thereto,
  • with respect to the profile data, four (4) years from the date of the last login. If the User does not log in to his/her registration profile for a period of one (1) year, the profile will be blocked (deactivated); re-activation may be requested from the controller.
  • with respect to the data of purchase transactions, eight (8) years in line with Section 169 (2) of the Act on Accounting.

Data processing registration number: NAIH-116921/2017

  • Favourite products in the Webshop

The list of favourite products may continuously be extended and is accessible in menu item ‘Favourites’ (accessible by clicking on the profile name). In the course of forwarding link(s) to the favourite product(s) to a third party, the Service Provider will not record the name and e-mail address of either the User or the third party addressee.

 

  1. Data processing related to online visitors

 

The use of the Websites and the subscription to newsletter service through the Websites enables and entitles the Service Provider to process certain personal data of the Users visiting the Websites. The legal basis of this data processing is the voluntary, prior consent of the data subject, granted specifically for the purpose of such data processing (the provision of newsletter service and the improvement of user experience by recording browsing history).

 

The personal data provided on the website may only be used by the Service Provider to send newsletters for the purpose of direct marketing if the User has granted prior consent thereto. The User’s consent granted to the use of his/her personal data by the Service Provider for direct marketing purposes shall be valid until the withdrawal thereof.

 

The User can subscribe to the newsletter by clicking on the ‘Subscription to newsletters’ menu icon or by subscribing in the respective pop-up window and providing the requested personal data.

 

The User’s consent shall be valid and lawful if it (a) is granted voluntarily; (b) refers specifically to the use of the newsletter service; (c) is based on the proper information; and (d) is the unambiguous expression of the User’s will.

 

Prior to the submission of the request for the provision of newsletter service, the Service Provider shall properly notify the User of the method of data processing determined in this subsection. The User shall confirm the receipt of the referred notification by making the respective declaration on the electronic surface (the content of which declaration is granting the User’s consent to the data processing described in this subsection). The required declaration shall be made by ticking out the respective checkbox on the electronic surface. This act is a precondition to the submission to the Service Provider of the request for the provision of the newsletter service.

 

The Service Provider reserves the right the terminate the provision of the newsletter service for the User unilaterally, at any time, if it recognizes the use of such service by the User for improper purposes, in particular for causing harm to the good reputation of the Service Provider’s business activity.

 

The User may withdraw his/her consent given to the provision of the newsletter service at any time, by activating the ‘Unsubscription from newsletter’ command, included in each newsletter. The withdrawal of the consent shall be valid and effective regardless of the acknowledgement thereof by the Service Provider; following the withdrawal of the consent, the Service Provider may not continue sending newsletters to the concerned User.

 

The fact of visiting the Websites operated by the Service Provider grants the authorization to the Service Provider to use cookies for data storage and data processing, the purpose of which is the identification of the User, the facilitation of further visits of the User to the Websites, the sending of targeted advertisement and other targeted promotion materials to the User and the preparation of market researches. The use of the cookies shall always be consented to by the User. Such consent may be given by activating the icon ‘I acknowledge the content of the privacy statement and accept the use of cookies’, located next to information text ‘This website uses cookies’.

 

The User can visit the website even without granting his/her consent to the use of cookies; however, in lack of such consent, the website or certain subpages thereof may not function properly, or the access of the User to certain data may be blocked and rejected by the website. The activation of the icon ‘Further information’, located next to the icon ‘I acknowledge the content of the privacy statement and accept the use of cookies’, will redirect the User to a subpage of the website, where the relevant excerpt of the Privacy Statement concerning the use of the website can be read.

 

Certain user data will be automatically transferred to the Service Provider in the course of the User’s visit to the website. Such data are the following: (a) certain data of the User’s device ensuring the connection of the User to the website through a public network; (b) the IP address of the User.

 

In case of using the Webshop, for the sake of convenience, until the closing of the browser the ID code(s) of the product(s) added to the cart will be stored by so-called browser cookies; hence, the content of the cart remains available during the session, even after registration or login. Description of cookies is available at the following link: http://docs.magento.com/m2/ce/user_guide/stores/cookie-reference.html.

 

The processing of these data serves solely the purposes of measuring and informing the Service Provider on the traffic on the website, as well as enabling the detection, identification, and logging of mistakes of or attempted attacks affecting the website. The Controller logs the following data continuously: the date of visit to the site, IP address, data of operating system versions, type and version number of the browser, the content accessed and the title of the previously accessed content. Logged data shall be deleted after 3 days.

The legal basis of such data processing is the consent of the User and the protection of the legitimate interest of the Service Provider. The Service Provider’s information obligation concerning data processing shall be complied with by disclosing the content of this subsection on the Websites. The User’s acknowledgment and consent in this respect are stated and granted by implication (by visiting the website).

 

The User shall be solely responsible for the prevention of unauthorized access of or disclosure to third parties to his/her username and password, used for logging in on the website operated by the Service Provider. Furthermore, the User shall be responsible for the avoidance of destruction, deletion or loss of such username and password. The Service Provider shall not be responsible for the handling by the User of his/her username, password or any other data provided on the website in a way that violates the provisions of this Privacy Statement and the prevailing laws and regulations, for making the above data accessible or the disclosure thereof to unauthorized third parties by the User, for the deletion, destruction or loss of these data attributable to the User and the risk of consequential prejudices arising directly or indirectly therefrom.

 

The term data processing under this section: ten (10) years from the date of recording of the personal data by the Service Provider.

 

  1. Communication

 

If the User sends e-mail or letter via post to the Service Provider, the User’s e-mail address or (if this information is disclosed) mailing address will be recorded and processed by the Service Provider to the extent and for the term required to the performance of the requested service.

 

 

  • The legal basis of data processing, Users’ rights

 

By ordering or using the Services provided by Société, the data subject acknowledges and grants his/her consent to the processing of his/her personal data by Societe Group Kft., in compliance with the provisions of this Privacy Statement.

 

The legal basis of data processing shall be the voluntary declaration of the users of contents available through the Websites, to be made in possession of proper information. This declaration shall include the expressed consent of the User to the use of his/her personal data disclosed or generated in the course of his/her use of the website.

 

The natural persons whose data are processed by the Service Provider for any reason, shall have the following rights in this respect:

  1. right to information;
  2. right to rectification;
  3. right to be forgotten;
  4. right to the restriction of processing;
  5. right to data portability;
  6. right to object.

[Right to rectification]

If any data of the User is processed by the Controller inaccurately or incompletely, the data subject may request the Controller to rectify such inaccurate data or to complete such incomplete data on the basis of the data provided and verified by the data subject, without undue delay.

 

The User (or the User’s representative) may request the rectification of data by filling out and sending to the Controller the form included in Annex 1 hereto, or by submitting a declaration with identical content.

 

[Right to erasure]

The User may request the erasure of his/her personal data from all records kept by the Controller. The controller shall have an obligation to erase personal data without undue delay where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing; (c) the personal data have been unlawfully processed; (d) the personal data have to be erased for compliance with a legal obligation of the Controller.

 

The User may request the erasure of data by filling out and sending to the Controller the form included in Annex 2 hereto, or by submitting a declaration with identical content.

 

The Controller may reject the request for erasure of personal data if any of the reasons defined in Article 17 (3) of the GDPR applies.

 

[Right to the restriction of processing]

The User shall have the right to obtain from the Controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; (d) the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.

 

The User (or the User’s authorized and verified representative) may request the restriction of processing of data by filling out and sending to the Controller the form included in Annex 3 hereto, or by submitting a declaration with identical content.

 

The data affected by restriction may only be stored by the Controller. The processing of the data affected by restriction is allowed only upon the prior, written consent of the data subject, or for the purposes of submission, enforcement or protection of the Controller’s legitimate interest, or for reasons of important public interest of the European Union or of a Member State.

 

If the conditions of the restriction of processing are not met, the Controller shall relieve the restriction, of which the User shall be notified in advance.

 

[Right to data portability]

With respect to the personal data processed by the Controller in an automated way upon the related consent of the User, the Company may be requested by the User to provide him/her with his/her disclosed personal data in electronic form, as described in Article 20 (1) of the GDPR.

 

In the course of electronic transfer of the collected and stored personal data, the Controller shall consider the fact that the User has the right to transmit his/her electronically collected and stored data or to request the Controller to transmit such data directly to a third-party data controller.

 

The User (or the User’s authorized and verified representative) may request the transmission of data by filling out and sending to the Company the form included in Annex 4 hereto, or by submitting a declaration with identical content.

 

[Right to object]

The User may object to the processing of his/her personal data by the Controller if the purpose of data processing is the enforcement of the legitimate interests of either the Controller or any third party.

 

The holder of rights related to personal data (or his/her authorized and verified representative) may object to data processing by filling out and sending to the Company the form included in Annex 5 hereto, or by submitting a declaration with identical content.

 

Following the acceptance of the declaration of objection, the Controller may no longer process the personal data for the purpose of enforcement of the legitimate interest of the Controller or any third party, unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

 

[Data Protection Officer]

A data protection officer is appointed in order to ensure the transparent, accurate and lawful processing of personal data. You may contact our data protection officer via the following e-mail address: dataprotection@societebudapest.com.

 

  1. The term of data processing

The Service Provider will process the personal and other technical data of the data subject for a term defined in this Statement.

 

The Service Provider shall store the personal data from the date of the consent for a term of five (5) years counted from the expiry/termination of the contractual relationship; the term of data processing falling under the scope of the provisions of Sections 56-57 of Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing shall be eight (8) years from the date of expiry/termination of the contractual relationship. Accounting instruments will be stored for eight (8) years, in line with Section 169 (2) of Act C of 2000 on the Act on Accounting.

 

Unless provided otherwise in this Statement or in the Conditions of Use, the Service Provider will process the data subject’s personal data for the purpose of sending direct marketing or promotion communication until the withdrawal of the consent of the data subject granted thereto. Unless provided otherwise in this Statement, the termination of the Service or the termination of the use of the Service (like the cancellation of registration) shall not qualify as a withdrawal of the consent given to the disclosure of direct marketing and promotion messages; such consent shall be withdrawn separately, with respect to each form of communication (e.g., newsletter, electronic direct marketing, etc.).

 

The withdrawal of the consent to direct marketing communication may be submitted, and the erasure or amendment of personal data may be requested as follows:

  • on the website societestore.com, in the user’s account (in menu item ‘Personal data’),
  1. Data security

 

The Service Provider stores an imprint of each password that enables the checking of correctness thereof; no password may be decrypted from these imprints.

 

Upon the assignment of the Service Provider, the storage of personal data is performed by Central Digitális Média Kft. (1037 Budapest, Montevideo u. 9). The personal data are stored on a server protected by 24-hour security service.

 

  1. Data transfer and data processors (data recipients)

 

The Service Provider and the internal colleagues of the Service Provider shall have access to the personal data. The data will not be disclosed or transferred to third parties.

 

For the purposes of the provision of Services, the satisfaction of the Users’ needs and the operation of the IT system running the Services, the Service Provider employs data processors. The data processors shall perform their activities always in compliance with the prevailing data protection regulations and the applicable laws.

 

We employ the following data processors:

 

company nameregistered seatactivity
MailChimp

 

c/o The Rocket Science Group, LLC ; 675 Ponce de Leon Ave NE Suite 5000

Atlanta, GA 30308

Marketing, newsletters
WEBINFORM Consulting Online Produkciós Korlátolt Felelősségű Társaság 

1025 Budapest, Szépvölgyi út 176.

Operation of the IT system enabling the functioning of Société Store webshop
DHL Express Magyarország Kft

 

1185 Budapest, BUD Nemzetközi Repülőtér repülőtér 302. éptransportation and delivery (transportation of Société Store Products)
Mandrill

 

c/o The Rocket Science Group, LLC ; 675 Ponce de Leon Ave NE Suite 5000

Atlanta, GA 30308

 

sending individual customer e-mails

OTP Bank Nyrt.

 

operation of the electronic payment system
RSM Hungary Zrt.1138 Budapest, Faludi utca 3.accounting
Central Digitális Média Kft.1037 Budapest, Montevideo u. 9.server hosting services

 

The courts, prosecutor’s offices, investigation authorities, the authority dealing with administrative offences, administrative authorities, the Hungarian National Authority for Data Protection and Freedom of Information and other organs authorized by the respective laws may turn to the Service Provider for information, disclosure or transfer of data or for the handover of documents. If the requesting authority has defined the specific purpose of data transfer and the scope of data to be transferred, the Service Provider shall make available for the requesting authority the data which are essential for the achievement of the purpose of the request. The data subjects will not necessarily be notified by the Service Provider of every data transfer initiated towards the authorities and courts or of other mandatory data transfers.

 

The consent of the data subject is not required for the transfer of data to data processors. The Service Provider shall keep records of data transfers.

 

By the acceptance of this Statement, the User expressly acknowledges and consents to the transfer of his/her data to data processors by the Controller.

 

 

  • The activity of external service providers

Our websites contain links leading to the websites and services of third parties, including the websites and services of our third-party partners. Whenever you use a link to navigate from our Websites to another webpage or to request a service from a third party, please, consider that this Privacy Statement shall not apply to such service of the website.

Service providers operating webshops of applications

The service providers (e.g., Apple, Inc., Google, Inc.) operating the webshops of mobile and tablet applications (e.g., Apple Store, Android Store) process the personal data of users of Services installed on the end users’ devices and send updating notifications independently from the activity of the Service Provider.

External payment service providers

The service providers, ensuring the payment of the services provided for due consideration (as defined in the Information), process the personal data transferred to them (e.g., name, number of bank card, bank account number, etc.) in compliance with their own privacy policies. For further information concerning these policies, please, turn to the payment service provider.

Payment in the webshop is possible by bank card (Visa, Maestro, MasterCard) and credit card, as well as by using online payment methods (PayPal, OTP Simple). The above payment service providers are independent data controllers; the Service Provider shall have no access to the bank card data of the User. Successful card payment is confirmed by the individual purchase identification code.

For further information concerning the privacy policies of payment service providers, please visit:

OTP Bank. Nyrt.: http://simplepartner.hu/SimpleFelhasznaloiASZF.html

PayPal: https://www.paypal.com/sk/webapps/mpp/ua/privacy-full

External intermediary service providers

In the course of the provision of Services, certain service providers (like Google Inc., Instagram Inc., Facebook Inc., YouTube Inc., Vimeo) offer applications that facilitate the registration and logging in process, in compliance with such service providers’ own privacy policies. The Service Provider shall process the data transferred to it in the course of the above in compliance with the provisions of this Statement. With respect to the contents made available within the frameworks of the services and shared on different social media sites the service provider enabling such content share shall qualify as the data controller; to this activity, the service provider’s own conditions of use and privacy policy shall apply. External intermediary service providers are, for example:

Link to privacy policyLink to conditions of use
Facebookhttp://www.facebook.com/full_data_use_policyhttp://www.facebook.com/legal/terms?ref=pf
Googlehttps://www.google.com/intl/hu/+/policy/https://www.google.com/intl/hu/+/policy/pagesterm.html
Instagramhttp://instagram.com/privacyhttps://www.facebook.com/help/instagram/478745558852511
YouTubehttps://policies.google.com/privacyhttps://policies.google.com/terms
Vimeohttps://vimeo.com/privacyhttps://vimeo.com/terms

External companies providing web analytics and advertisement services

  1. The service providers providing web analytics and advertisement services use cookies, measuring pixels and so-called campaign codes (serving the purposes of identification of advertisement campaigns) in order to measure the users’ habits and satisfy advertisement needs.
  2. The cookies placed by the service providers may be deleted at any time from the user’s device; while the different setting options of the browser(s) allow the rejection of cookies. The identification of cookies placed by external service providers shall be based on the domain related to the given cookie.
  3. In order to operate the web-based Services, the Service Provider employs external companies providing web analytics and advertisement services. The Service Provider hereby informs the users of its Services of the activities performed by its contractual partners concerning the single data independently from the Service Provider. By using the websites, mobile or tablet applications of the Service Provider, the data subject consents to the use of his/her personal data for the purposes and by the means described hereunder:

(a) The services of Google Inc. (Google Analytics, Google AdSense, and Google AdMob)

Google Analytics uses cookies to facilitate the analysis of the use of the given webpage.

Google AdSense and AdMob places cookies and uses web beacon (webmark) to collect information.

The data stored by cookies (including the IP address of User) are stored on the servers of Google Inc., physically located in the United States. Google Inc. may forward the collected information to third parties, if such data transfer is required by law, or if these third parties are assigned by Google Inc. to process the information forwarded.

Within the frames of Google AdSense and Google Adwords remarketing, Google Inc. places visitor-tracking cookies on users’ computers that observe the online activity of visitors; based on the data collected, Google Inc. will display advertisement for them on other websites, adjusted to their observed activities and scope of interest. This tracking cooking enables Google Inc. to identify the visitor of the website of other webpages as well.  The ‘Privacy Policy’ of Google Inc. is available at http://www.google.hu/intl/hu/policies/privacy/.

(b) Gemius Hungary Kft. uses cookies to identified User’s browser, to enable differentiation between new and returning visitors and to prepare statistics concerning visitors. You may find further information concerning the details of Gemius’ data processing practice, the scope of processed data and the disabling of cookies used by Gemius on the service provider’s website, at http://www.gemius.hu/adatvedelmi-iranyelvek.html

(c) in the course of providing some of its Services and on the advertisement pages operated by it, the Service Provider uses the services of Adverticum Zrt. as advertisement server, the services and data processing practices of which company are described at http://www.adverticum.hu/.

 

External service provider involved in targeted content provision and display of advertisements

 

 

In order to increase user experience and to exploit the possibilities in the Service, the Service Provider uses the targeted content provision and advertisement displaying services of Scarab Research Kft. in the course of operation of some of its web-based Services. Scarab Research Kft. applies cookies, with the help of which it is able to define different clusters of Users, based on their internet use habits observed on the website(s) operated by Société Group Kft. as well as on further data, if provided so by this Statement. The activity of Scarab Research may be prevented by the deletion and banning of the cookie identified as ‘recommender.scarabresearch.com’. Unless provided otherwise by this Statement, neither the Service Provider nor any external company may connect the data collected by the external company to the data provided by the User in the course of registration or use of the Service. For further information concerning the operation of the external service provider, please visit http://www.scarabresearch.com/.

 

This Statement’s date of validityfrom 08 August 2018

 

 

 

Annex 1

 

REQUEST FOR RECTIFICATION

ARTICLE 16 OF THE GDPR

 

 

Societe Group Kft.

1051 Budapest, Sas u. 15.

 

 

Dear Controller,

 

I, the undersigned, ______________________________ (name), as the holder of rights related to my personal data, hereby submit to Societe Group Kft. as controller (hereby referred to as the Controller) the following

 

r e q u e s t.

 

 

 

I hereby request the Esteemed Controller to rectify and/or complete on the basis of my current declaration and request my inaccurate and/or incomplete personal data processed by the Controller, as follows:

 

The inaccurate personal data currently processedThe rectified/completed personal data

 

 

The Esteemed Controller is herewith kindly requested to consider and decide on this request.

 

Done: ___________________________

 

 

Yours faithfully,

Name:

Signature:

 

 

 

Annex 2

 

REQUEST FOR ERASURE

ARTICLE 17 OF THE GDPR

Societe Group Kft.

1051 Budapest, Sas u. 15.

 

 

Dear Controller,

 

I, the undersigned, ______________________________ (name), as the holder of rights related to my personal data, hereby submit to Societe Group Kft. as controller (hereby referred to as the Controller) the following

 

r e q u e s t.

 

 

I hereby request the Esteemed Controller to erase the following personal data, currently processed by the Controller, from each and every record and registration:

The personal data requested to be erased:The reason of erasure (please indicate the applicable reason)
a)     the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

b)     the holder of rights related to the personal data has withdrawn the consent on which the processing is based, and there is no other legal ground for the processing;

c)     the personal data is verified to have been unlawfully processed;

d)     the personal data have to be erased for compliance with a legal obligation of the Company.

The Esteemed Controller is herewith kindly requested to consider and decide on this request.

Done: ___________________________

 

 

Yours faithfully,

Name:

Signature:

 

 

 

Annex 3

 

REQUEST FOR THE RESTRICTION OF PROCESSING

ARTICLE 18 OF THE GDPR

 

 

Societe Group Kft.

1051 Budapest, Sas u. 15.

 

 

Dear Controller,

 

I, the undersigned, ______________________________ (name), as the holder of rights related to my personal data, hereby submit to Societe Group Kft. as controller (hereby referred to as the Controller) the following

 

r e q u e s t.

 

 

 

I hereby request the Esteemed Controller to restrict the processing of my following personal data:

The personal data affected by the restriction of processingreason (please indicate the applicable reason)
a)     the accuracy of the personal data is contested by the data subject;

b)     the processing is unlawful, and the data subject opposes the erasure of the personal data;

c)      the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;

d)     the data subject objects to the processing of the personal data and the priority of the data controller’s legitimate interests shall be verified.

 

The Esteemed Controller is herewith kindly requested to consider and decide on this request.

Done: ___________________________

 

 

Yours faithfully,

Name:

Signature:

 

 

 

Annex 4

 

REQUEST FOR DATA TRANSMISSION

ARTICLE 20 OF THE GDPR

 

 

Societe Group Kft.

1051 Budapest, Sas u. 15.

 

 

Dear Controller,

 

I, the undersigned, ______________________________ (name), as the holder of rights related to my personal data, hereby submit to Societe Group Kft. as controller (hereby referred to as the Controller) the following

 

r e q u e s t.

 

 

 

I hereby request the Esteemed Controller to restrict the processing of my following personal data:

the personal data affected by data transmissionreason (please indicate the applicable reason)
The legal basis of data processing is

–        my consent thereto

–        the performance of a contract

 

I hereby declare that the transmission of the above personal data will not harm or affect the rights or freedom of any third party detrimentally.

The Esteemed Controller is herewith kindly requested to consider and decide on this request and to disclose to me the hereinabove determined data.

Done: ___________________________

 

 

Yours faithfully,

Name:

Signature:

 

 

 

Annex 5

 

OBJECTION

ARTICLE 21 OF THE GDPR

 

 

Societe Group Kft.

1051 Budapest, Sas u. 15.

 

 

Dear Controller,

 

I, the undersigned, ______________________________ (name), as the holder of rights related to my personal data, hereby submit to Societe Group Kft. as controller (hereby referred to as the Controller) the following

 

o b j e c t i o n

 

to the processing of my personal data by the Controller, as follows:

 

the personal data affected by objectionreason (please indicate the applicable reason)
a)     the enforcement of the legitimate interest of the Controller or a third party;

b)     direct marketing.

The Esteemed Controller is herewith kindly requested to consider and decide on this request and to terminate the processing of the hereinabove determined data.

Done: ___________________________

 

 

Yours faithfully,

Name:

Signature: