DATA MANAGEMENT POLICY
I. The data controller
Name of the data controller: Szilvia Jánky
E-mail address: This email address is being protected from spambots. You need JavaScript enabled to view it.
II. Objectives and legal basis of data processing
This data management policy applies to the storage and management of the voluntarily consented data of the readers registered on the www.confidenceinlife.com website.
The management of the data is performed on the basis of the voluntary, informed and explicit consent of the users (people concerned), and according to the data and statements given during registration. The users accept the rules laid down by this policy and approve the management of their personal data.
The data controller cannot be held responsible for the authenticity and veracity of the provided data, these data are not checked at the time of registration or after, except in cases of infringements.
If for the use of any of the services a payment is needed, and it is done by bank transfer, the data controller does not record the credit card number or any other personal data necessary for the payment. Instead, in these cases the management of data is performed through the system of the organization or financial institute executing the payment transaction. Therefore, the data management of this nature are governed by the data management policy of the relevant entities.
If the authorities with such power request the data controller to disclose personal or traffic data required by the law, then pursuant to that statutory obligation the data controller provides the requested and available information.
1. Blog comments
The purpose of receiving comments in the blog is to initiate a conversation in a certain topic through involving the readers of the blog. When commenting to the blog, a name and email address need to be given. The legal basis of data management is the consent of the concerned user. For the sake of performing a spam check the comments are filtered by the service of Akismet.
2. Newsletter/eDM
I will send newsletters about the latest information and novelties to the users who have given their consent to this. The newsletters contain the name and contact information of the enterprise, and therefore constitute advertising. The users can subscribe to the newsletters by giving their names and email addresses.
III. Withdrawal of consent
Processing of data based on consent (see above) for the following activities:
- sending newsletters with advertisement content
- operation of the Facebook page
- comments in the blog
- production of visitor statistics
The consent can be withdrawn at any time, just as easily as it was given.
In the case of newsletters the consent can be withdrawn by clicking on the unsubscription button at the end of the newsletter.
The consent can be withdrawn in the case of the Facebook page by unliking the page, while in the case of private messages and comments by deleting them.
The data management prior to the withdrawal of consent is regarded as lawful.
IV. Duration of data storage
Comments received on the blog (name, email address, comment) – until the erasure request
Subscription for newsletters (name, email address) – until unsubscription
Facebook page (name, comment) – until deleting the Facebook page, the user’s withdrawal of liking the page or the delete operation of the user
Website maintenance services (e.g. storage of safety backups) – until the end of the contract
V. Recipients
I’m using the services of data processing companies in order to carry out certain duties of my enterprise.
Hosting services:
3 in 1 Hosting Bt.
2310 Szigetszentmiklós, Dévai utca 10/A
Receiving and sending emails:
Gmail – Google Inc., Mountain View, California, USA
(Access to emails and all their corresponding data.)
Subscription for newsletters:
MailChimp
(Access to the name and email address of the subscribers.)
Spam check of the comments:
Automattic Inc.
60 29th Street #343
San Francisco, CA 94110, USA
Data management policy: https://automattic.com/privacy/
(Access to the name, email address, comment, IP address and browser string of the user. In the case of using Gravatar, access to the encrypted string created from the email address.)
Facebook page:
Facebook Inc.
Menlo Park, California, USA
Data management policy: https://www.facebook.com/about/privacy/update
(Access to the name and comment of the user.)
Google Analytics:
Google Inc., Mountain View, California, USA
(Access to the anonymised and disidentified IP address of the users of the web page.)
Pinterest share button:
Pinterest-Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Írország
Data management policy:: https://policy.pinterest.com/hu/privacy-policy
(Access to the data of the visits.)
VI. Data transfers to a third country
The only third country where data is transferred to is the United States of America. On 12 July 2016 an adequacy decision was adopted with the US (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en), which Google (https://policies.google.com/privacy/frameworks), Facebook (https://www.facebook.com/about/privacyshield) and Pinterest (https://policy.pinterest.com/hu/privacy-policy) complies with. Automattic adheres to the GDPR through a contractual clause (https://automattic.com/privacy/).
VII. In the case of complaints
Your data will be processed with the utmost care. Should you have any questions, please feel free to contact me on the This email address is being protected from spambots. You need JavaScript enabled to view it. email address.
- Rights of the people who register to the blog
The user may request from the data controller for
- a) information on processing the user’s personal data,
- b) the correction of the user’s personal data, and
- c) the erasure or blocking of the user’s personal data, with the exception of the mandatory data processing.
Upon the request of the user the data controller provides information on the handling of the concerned user’s personal data, on the source, purpose, legal basis and duration of data management, on the related activities, and – in the case of transferring the concerned user’s personal data – on the legal basis and recipients of the data transfers.
If the data controller determined the merits of the user’s objection, the data controller ceases the data management – including the further data recordings and data transfers – , blocks the data, and informs all those parties about the objection and the subsequently taken measures, to whom the personal data concerned with the objection had previously been transferred.
If the user disagrees with the decision of the data controller under the preceding paragraph, or if the data controller fails to meet the deadline, the user is entitled – within 30 days from the last day of the deadline – to apply to a court and to initiate the procedure of the National Authority for Data Protection and Freedom of Information.
VIII. Regulations taken into consideration when determining the legal basis of data management
Newsletters with advertisement content can only be sent upon consent, which is defined by Section (1) a) of Article 6 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 and by Sections (1) – (3) of Article 6 of the Act XLVIII of 2008 on the essential conditions and certain limitations of business advertising activity.
With regard to contacting through the website, making comments in the blog and the operation of the Facebook page Section (1) a) of Article 6 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 has been taken into consideration.
- Bases and scope of the data management policy
- The Data Management Policy was created on the basis of the General Data Protection Regulation (GDPR) of the EU, and Act CXII, modified by Act XXXIV. of 2019 and Act XXXVIII. of 2018.
- During 2017 the data management recorded by the National Authority for Data Protection and Freedom of Information (NAIH) under number NAIH-134246/2017 is conducted from the registration on the website until the cancellation of the registration requested by the registered person. The legal basis of the data management is the consent of the registered person.
- The data to be kept include the name, username, email address, IP address and the code derived from the log in password (from which the password cannot be decrypted) of the users registered on the blog. The recorded data is used for marking the comments on the blog by the username and for email communications in matters relating to the blog. With the registration the registered user confirms that he/she is an adult (this is necessary for the legality of the acceptance of the blog’s policy). Users between the ages of 14 and 18 can write comments to the blog entries on the Facebook page of the blog.
- Moderation
If a content is insulting or it is unbecoming to the purpose of the website, the data controller is entitled to delete the comment appearing on the blog or to cancel the registration of the user. This includes, for example, the religious, political or commercial contents.
This policy enters into force on 15 September 2019.