The aim of this Statement is to declare the data protection and privacy principles and policies of Services provided by the Service Provider under the brand of Société Group Korlátolt Felelősségű Társaság (registered seat: 1051 Budapest, Sas u. 15., company reg. no. 01-09-287367, registered by the Budapest Capital Regional Court as Court of Registry, tax number: 25755044-2-41, hereinafter referred to as the Service Provider) .
This Privacy Statement shall apply to the processing of personal data by data controller and data processors in the course of the use of services provided and available for downloading through www.societebudapest.com operated by the Service Provider (hereinafter referred to as the Websites), and communication for direct marketing and/or promotion (hereinafter jointly referred to as the Services). This Statement shall apply to cases which fall under the scope hereof by the respective provisions of the Service Provider.
This Statement shall form inseparable part of and shall be interpreted jointly with the general contractual terms and conditions applicable to the Services (e.g. the general contractual terms of Société store, the website’s conditions of use, etc. – hereinafter jointly referred to as Conditions of Use); however, for the sake of ensuring easier access hereto, is formulated as a separate document. The Service Provider is entitled to amend this Privacy Statement unilaterally, as a part of the amendment of the Conditions of Use; the data subjects shall be notified of such amendment. The amended provision shall become effective and binding on the concerned data subject as determined in the information or in the Conditions of Use.
In the course of the visit of Websites and the use of the Service, the Service Provider shall process the disclosed personal data of the natural persons (as holders of rights related to such personal data) (hereinafter referred to as the User); furthermore, the Service Provider shall be responsible for such personal data in compliance with the prevailing data protection laws and regulations.
|name:||Societe Group Kft.|
|registered seat:||Hungary, 1051 Budapest, Sas utca 15.|
|executive officer:||Salgó István|
|mailing address:||Hungary, 1051 Budapest, Sas utca 15.|
|e-mail address for the submission of data processing-related complaints:||email@example.com|
|contact details of the data protection officer:||firstname.lastname@example.org|
|data protection supervisory authority:||Nemzeti Adatvédelmi Hatóság (Hungarian National Authority for Data Protection and Freedom of Information) 1122 Budapest, Szilágyi Erzsébet fasor 22/C.|
The Service Provider shall process the recorded personal data in compliance with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Privacy Act).
The scope of data recorded and processed is determined by Article 6 of Act XLVIII of 2008 on Basic Conditions and Certain Restrictions of Business Advertisements, Articles 13/A-14/C of Act CVIII of 2001 on Electronic Commercial Services and on Certain Questions on Services Related to Information Society, by Act C of 2000 on Accounting and Act XCII of 2003 on Taxation.
In the course of processing the personal data, the Service Provider shall observe the following legal principles (Article 5 (1) of the GDPR): a.) lawfulness, fairness and transparency; b.) purpose limitation; c.) data minimization; d.) accuracy; e.) storage limitation; f.) integrity and confidentiality; g.) accountability.
|The scope of data processed||The purpose of data processing|
|username||the data required for the identification of the User in the course of registration|
|full name||On the website, the Service Provider provides the possibility of registration to a newsletter, allowing thereby for the Service Provider the sending of direct marketing or promotion materials. The purpose of data processing is enabling communication for advertisement, direct marketing and other promotional purposes (e.g., newsletter, eDM, etc.).|
The use of the Websites and the subscription to newsletter service through the Websites enables and entitles the Service Provider to process certain personal data of the Users visiting the Websites. The legal basis of this data processing is the voluntary, prior consent of the data subject, granted specifically for the purpose of such data processing (the provision of newsletter service and the improvement of user experience by recording browsing history).
The personal data provided on the website may only be used by the Service Provider to send newsletters for the purpose of direct marketing if the User has granted prior consent thereto. The User’s consent granted to the use of his/her personal data by the Service Provider for direct marketing purposes shall be valid until the withdrawal thereof.
The User can subscribe to the newsletter by clicking on the ‘Subscription to newsletters’ menu icon or by subscribing in the respective pop-up window and providing the requested personal data.
The User’s consent shall be valid and lawful if it (a) is granted voluntarily; (b) refers specifically to the use of the newsletter service; (c) is based on the proper information; and (d) is the unambiguous expression of the User’s will.
Prior to the submission of the request for the provision of newsletter service, the Service Provider shall properly notify the User of the method of data processing determined in this subsection. The User shall confirm the receipt of the referred notification by making the respective declaration on the electronic surface (the content of which declaration is granting the User’s consent to the data processing described in this subsection). The required declaration shall be made by ticking out the respective checkbox on the electronic surface. This act is a precondition to the submission to the Service Provider of the request for the provision of the newsletter service.
The Service Provider reserves the right the terminate the provision of the newsletter service for the User unilaterally, at any time, if it recognizes the use of such service by the User for improper purposes, in particular for causing harm to the good reputation of the Service Provider’s business activity.
The User may withdraw his/her consent given to the provision of the newsletter service at any time, by activating the ‘Unsubscription from newsletter’ command, included in each newsletter. The withdrawal of the consent shall be valid and effective regardless of the acknowledgement thereof by the Service Provider; following the withdrawal of the consent, the Service Provider may not continue sending newsletters to the concerned User.
Certain user data will be automatically transferred to the Service Provider in the course of the User’s visit to the website. Such data are the following: (a) certain data of the User’s device ensuring the connection of the User to the website through a public network; (b) the IP address of the User.
The processing of these data serves solely the purposes of measuring and informing the Service Provider on the traffic on the website, as well as enabling the detection, identification, and logging of mistakes of or attempted attacks affecting the website. The Controller logs the following data continuously: the date of visit to the site, IP address, data of operating system versions, type and version number of the browser, the content accessed and the title of the previously accessed content. Logged data shall be deleted after 3 days.
The legal basis of such data processing is the consent of the User and the protection of the legitimate interest of the Service Provider. The Service Provider’s information obligation concerning data processing shall be complied with by disclosing the content of this subsection on the Websites. The User’s acknowledgment and consent in this respect are stated and granted by implication (by visiting the website).
The User shall be solely responsible for the prevention of unauthorized access of or disclosure to third parties to his/her username and password, used for logging in on the website operated by the Service Provider. Furthermore, the User shall be responsible for the avoidance of destruction, deletion or loss of such username and password. The Service Provider shall not be responsible for the handling by the User of his/her username, password or any other data provided on the website in a way that violates the provisions of this Privacy Statement and the prevailing laws and regulations, for making the above data accessible or the disclosure thereof to unauthorized third parties by the User, for the deletion, destruction or loss of these data attributable to the User and the risk of consequential prejudices arising directly or indirectly therefrom.
The term data processing under this section: ten (10) years from the date of recording of the personal data by the Service Provider.
If the User sends e-mail or letter via post to the Service Provider, the User’s e-mail address or (if this information is disclosed) mailing address will be recorded and processed by the Service Provider to the extent and for the term required to the performance of the requested service.
By ordering or using the Services provided by Société, the data subject acknowledges and grants his/her consent to the processing of his/her personal data by Societe Group Kft., in compliance with the provisions of this Privacy Statement.
The legal basis of data processing shall be the voluntary declaration of the users of contents available through the Websites, to be made in possession of proper information. This declaration shall include the expressed consent of the User to the use of his/her personal data disclosed or generated in the course of his/her use of the website.
The natural persons whose data are processed by the Service Provider for any reason, shall have the following rights in this respect:
[Right to rectification]
If any data of the User is processed by the Controller inaccurately or incompletely, the data subject may request the Controller to rectify such inaccurate data or to complete such incomplete data on the basis of the data provided and verified by the data subject, without undue delay.
The User (or the User’s representative) may request the rectification of data by filling out and sending to the Controller the form included in Annex 1 hereto, or by submitting a declaration with identical content.
[Right to erasure]
The User may request the erasure of his/her personal data from all records kept by the Controller. The controller shall have an obligation to erase personal data without undue delay where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing; (c) the personal data have been unlawfully processed; (d) the personal data have to be erased for compliance with a legal obligation of the Controller.
The User may request the erasure of data by filling out and sending to the Controller the form included in Annex 2 hereto, or by submitting a declaration with identical content.
The Controller may reject the request for erasure of personal data if any of the reasons defined in Article 17 (3) of the GDPR applies.
[Right to the restriction of processing]
The User shall have the right to obtain from the Controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; (d) the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.
The User (or the User’s authorized and verified representative) may request the restriction of processing of data by filling out and sending to the Controller the form included in Annex 3 hereto, or by submitting a declaration with identical content.
The data affected by restriction may only be stored by the Controller. The processing of the data affected by restriction is allowed only upon the prior, written consent of the data subject, or for the purposes of submission, enforcement or protection of the Controller’s legitimate interest, or for reasons of important public interest of the European Union or of a Member State.
If the conditions of the restriction of processing are not met, the Controller shall relieve the restriction, of which the User shall be notified in advance.
[Right to data portability]
With respect to the personal data processed by the Controller in an automated way upon the related consent of the User, the Company may be requested by the User to provide him/her with his/her disclosed personal data in electronic form, as described in Article 20 (1) of the GDPR.
In the course of electronic transfer of the collected and stored personal data, the Controller shall consider the fact that the User has the right to transmit his/her electronically collected and stored data or to request the Controller to transmit such data directly to a third-party data controller.
The User (or the User’s authorized and verified representative) may request the transmission of data by filling out and sending to the Company the form included in Annex 4 hereto, or by submitting a declaration with identical content.
[Right to object]
The User may object to the processing of his/her personal data by the Controller if the purpose of data processing is the enforcement of the legitimate interests of either the Controller or any third party.
The holder of rights related to personal data (or his/her authorized and verified representative) may object to data processing by filling out and sending to the Company the form included in Annex 5 hereto, or by submitting a declaration with identical content.
Following the acceptance of the declaration of objection, the Controller may no longer process the personal data for the purpose of enforcement of the legitimate interest of the Controller or any third party, unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
[Data Protection Officer]
A data protection officer is appointed in order to ensure the transparent, accurate and lawful processing of personal data. You may contact our data protection officer via the following e-mail address: email@example.com
The Service Provider will process the personal and other technical data of the data subject for a term defined in this Statement.
The Service Provider shall store the personal data from the date of the consent for a term of five (5) years counted from the expiry/termination of the contractual relationship; the term of data processing falling under the scope of the provisions of Sections 56-57 of Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing shall be eight (8) years from the date of expiry/termination of the contractual relationship. Accounting instruments will be stored for eight (8) years, in line with Section 169 (2) of Act C of 2000 on the Act on Accounting.
Unless provided otherwise in this Statement or in the Conditions of Use, the Service Provider will process the data subject’s personal data for the purpose of sending direct marketing or promotion communication until the withdrawal of the consent of the data subject granted thereto. Unless provided otherwise in this Statement, the termination of the Service or the termination of the use of the Service (like the cancellation of registration) shall not qualify as a withdrawal of the consent given to the disclosure of direct marketing and promotion messages; such consent shall be withdrawn separately, with respect to each form of communication (e.g., newsletter, electronic direct marketing, etc.).
The withdrawal of the consent to direct marketing communication may be submitted, and the erasure or amendment of personal data may be requested as follows:
The Service Provider stores an imprint of each password that enables the checking of correctness thereof; no password may be decrypted from these imprints.
Upon the assignment of the Service Provider, the storage of personal data is performed by Central Médiacsoport Zrt. (1037 Budapest, Montevideo u. 9). The personal data are stored on a server protected by 24-hour security service.
The Service Provider and the internal colleagues of the Service Provider shall have access to the personal data. The data will not be disclosed or transferred to third parties.
For the purposes of the provision of Services, the satisfaction of the Users’ needs and the operation of the IT system running the Services, the Service Provider employs data processors. The data processors shall perform their activities always in compliance with the prevailing data protection regulations and the applicable laws.
We employ the following data processors:
|company name||registered seat||activity|
|MailChimp||c/o The Rocket Science Group, LLC ; 675 Ponce de Leon Ave NE Suite 5000
Atlanta, GA 30308
|Mandrill||c/o The Rocket Science Group, LLC ; 675 Ponce de Leon Ave NE Suite 5000
Atlanta, GA 30308
|sending individual customer e-mails|
|Szám- Biztos Kft.||2151 Fót, Attila u. 23.||accounting|
|Central Médiacsoport Zrt.||1037 Budapest, Montevideo u. 9.||server hosting services|
The courts, prosecutor’s offices, investigation authorities, the authority dealing with administrative offences, administrative authorities, the Hungarian National Authority for Data Protection and Freedom of Information and other organs authorized by the respective laws may turn to the Service Provider for information, disclosure or transfer of data or for the handover of documents. If the requesting authority has defined the specific purpose of data transfer and the scope of data to be transferred, the Service Provider shall make available for the requesting authority the data which are essential for the achievement of the purpose of the request. The data subjects will not necessarily be notified by the Service Provider of every data transfer initiated towards the authorities and courts or of other mandatory data transfers.
The consent of the data subject is not required for the transfer of data to data processors. The Service Provider shall keep records of data transfers.
By the acceptance of this Statement, the User expressly acknowledges and consents to the transfer of his/her data to data processors by the Controller.
Our websites contain links leading to the websites and services of third parties, including the websites and services of our third-party partners. Whenever you use a link to navigate from our Websites to another webpage or to request a service from a third party, please, consider that this Privacy Statement shall not apply to such service of the website.
Service providers operating webshops of applications
The service providers (e.g., Apple, Inc., Google, Inc.) operating the webshops of mobile and tablet applications (e.g., Apple Store, Android Store) process the personal data of users of Services installed on the end users’ devices and send updating notifications independently from the activity of the Service Provider.
External payment service providers
The service providers, ensuring the payment of the services provided for due consideration (as defined in the Information), process the personal data transferred to them (e.g., name, number of bank card, bank account number, etc.) in compliance with their own privacy policies. For further information concerning these policies, please, turn to the payment service provider.
External intermediary service providers
External companies providing web analytics and advertisement services
2. The cookies placed by the service providers may be deleted at any time from the user’s device; while the different setting options of the browser(s) allow the rejection of cookies. The identification of cookies placed by external service providers shall be based on the domain related to the given cookie.
3. In order to operate the web-based Services, the Service Provider employs external companies providing web analytics and advertisement services. The Service Provider hereby informs the users of its Services of the activities performed by its contractual partners concerning the single data independently from the Service Provider. By using the websites, mobile or tablet applications of the Service Provider, the data subject consents to the use of his/her personal data for the purposes and by the means described hereunder:
(a) The services of Google Inc. (Google Analytics, Google AdSense, and Google AdMob)
Google AdSense and AdMob places cookies and uses web beacon (webmark) to collect information.
The data stored by cookies (including the IP address of User) are stored on the servers of Google Inc., physically located in the United States. Google Inc. may forward the collected information to third parties, if such data transfer is required by law, or if these third parties are assigned by Google Inc. to process the information forwarded.
External service provider involved in targeted content provision and display of advertisements
In order to increase user experience and to exploit the possibilities in the Service, the Service Provider uses the targeted content provision and advertisement displaying services of Scarab Research Kft. in the course of operation of some of its web-based Services. Scarab Research Kft. applies cookies, with the help of which it is able to define different clusters of Users, based on their internet use habits observed on the website(s) operated by Société Group Kft. as well as on further data, if provided so by this Statement. The activity of Scarab Research may be prevented by the deletion and banning of the cookie identified as ‘recommender.scarabresearch.com’. Unless provided otherwise by this Statement, neither the Service Provider nor any external company may connect the data collected by the external company to the data provided by the User in the course of registration or use of the Service. For further information concerning the operation of the external service provider, please visit http://www.scarabresearch.com/.
Information – video and audio are recorded at our events
Please be informed that at the public events of Societe Group Ltd. (headquarters: 1051 Budapest, Sas u. 15; Cg: 01-09-287367; hereinafter: “Société“) a picture and sound recording will be made. By participating in the Société Events and entering the Event Site, the Participant, without further request, consents to the recording of his / her image and sound, by expressing his / her personalization only with his / her explicit consent. If a participant qualifies as a public figure, it may be named without its consent. The use of image and sound recordings is unlimited, transferable in space, time, and mode of use. Subsequently, Société is free to use, use (eg promote its Events on Facebook, Instagram post, newsletter image, etc.), reproduce, publish, without limitation, any participant’s audio and/or video recording and display of the participant, revise, disclose, communicate to and distribute to the public, subject to applicable legal requirements and respect for privacy. The participant shall not be entitled to any compensation for these, either ex-ante or ex-post, and shall not make any claim towards Société. The legal basis for the processing of the above data is the consent of the data subject, which will be processed until revoked. The controller of the personal data is Société. Detailed information on data management, including all relevant facts, can be found at www.societebudapest.com
This Statement’s date of validity from 01 July 2021