1. Name of the controller
Gy. Gyüre György EV, (hereinafter referred to as: data controller, thegreenminder.com)
Contact
Contact: leaf(at)thegreenminder.com
Phone: +36 70 417 8562
My website is called https://thegreenminder.com, and my aim in starting this site was to create a special Wikipedia-like knowledge base – to bring back to the fore ancient and almost forgotten knowledge about plants, free of charge, accessible to anyone, and not least to save and reintroduce endangered species in our country.
The Greenkeeper is committed to ensuring that its data management processes comply with the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, hereinafter “the Regulation”).
2. Interpretative provisions
Defined terms as defined in the GDPR, of which the following terms are highlighted in accordance with the nature of this Directive:
2.1 Personal data
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
2.2 Data management
Regardless of the process used, any automated or non-automated operation or set of operations which is performed on the data, in particular any collection, recording, recording, organisation, structuring, storage, adaptation or alteration, use, consultation, consultation, disclosure, dissemination, disclosure, alignment or combination, blocking, erasure or destruction of data, prevention of their further use, taking of photographs, audio or video recordings, or any physical characteristics which can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans);
2.3 Data Controller
The natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions regarding the processing (including the means used) or has them implemented by a processor on its behalf.
2.4 Data processing
The performance of technical tasks related to processing operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
2.5 Data processor
A natural or legal person, public authority, agency or any other body which processes data on the basis of a contract with the controller, including a contract concluded pursuant to a legal provision.
2.6 Data protection incident
A breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
3. Data protection principles
3.1 Legality, fairness and transparency:
The company processes the data lawfully and fairly and in a transparent manner for the data subject.
3.2 Specificity of purpose
The company will collect personal data only for specified, explicit and legitimate purposes and will not process it in a way incompatible with those purposes.
3.3 Data economy
The undertaking shall carry out processing which is adequate, relevant and limited to the purpose(s) for which it is intended . Accordingly, the undertaking shall not collect or store more data than is strictly necessary for the purposes for which it is processed.
3.4 Accuracy
The company’s data management is accurate and up to date. The company shall take all reasonable steps to ensure that personal data inaccurate for the purposes of processing are erased or rectified without undue delay.
3.5 Limited shelf life
The company shall store personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed, subject to the storage obligations laid down in the applicable legislation.
3.6 Integrity and confidentiality
The company shall ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage to personal data, by implementing appropriate technical or organisational measures.
3.7 Accountability
The undertaking is responsible for compliance with the principles detailed above and the undertaking shall demonstrate such compliance. Accordingly, the company shall ensure that the provisions of this internal policy are continuously enforced, that its data management is continuously reviewed and that, if necessary, the data management procedures are amended and supplemented.
3.8 Risk-based protection principle
IT security measures should be defined in such a way that their cost is proportionate to the benefits. Measures should be risk-weighted and reviewed regularly.
3.9 The processing of personal data is lawful only if and to the extent that at least one of the legal grounds set out below is fulfilled:
– 3.9.1 Consent-based processing: the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes. Where processing is based on consent, the Customer has the right to withdraw his consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal. The withdrawal of consent shall be made possible in the same simple manner as the granting of consent.
– 3.9.2 Processing based on a contract: Processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into the contract. Where the provision of data is based on a contractual obligation, the possible consequence of not providing the data may be that the data subject is unable to use the service in question. The controller does not verify the personal data provided to him/her. The customer is solely responsible for the data provided.
– 3.9.3 Processing based on a legal obligation: processing is necessary for compliance with a legal obligation to which the company is subject.
– 3.9.4 Processing based on vital interests: processing is necessary for the protection of the vital interests of the data subject or of another natural person.
– 3.9.5 Processing based on a public authority: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the enterprise.
– 3.9.6 Processing based on legitimate interests: processing is necessary for the purposes of the legitimate interests pursued by the company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child. The application of the legal basis of legitimate interest requires that the legitimate interest of the controller to be protected is proportionate to the restriction of the right to the protection of personal data. To establish this, a prior balancing of interests test is required. In the course of the balancing of interests test, thegreenminder.com, as data controller:
1. Identify your legitimate interest in the processing of the personal data subject to the balancing of interests test,
2. Establishes the interests and rights of the data subject in relation to the personal data on which the balancing of interests test is based,
3. It carries out an assessment of the legitimate interests of the data subject and the legitimate interests of the controller and, on that basis, determines whether the personal data can be processed.
4. What personal data do I collect and for what purpose do I collect it?
Cookies (cookies)
When you post a comment on the website, you can stay logged in by saving your name, email and possibly web address in a cookie. This storage is for your convenience so that you do not have to fill in these fields the next time you post. These cookies have an expiry date of 1 year.
– Facebook pixel
A Facebook account is code that allows the website to report conversions, create audiences and provide the site owner with detailed analytics on how visitors use the site. The Facebook pixel is used to display personalised offers and ads to website visitors on Facebook.
You can read the Facebook Privacy Policy here: https://www.facebook.com/privacy/explanation
– Remarketing cookies:
For previous visitors or users, they may appear when browsing other sites on the Google Display Network or searching for terms related to your products or services. and Facebook or Instagram.
The website runs Google Analytics, a software that analyses the number of visits to the website and records data about these visits. The thegreenminder.com receives automatically generated information about its visitors: the visitor’s IP address (Internet Protocol), the time of the visit, the page viewed, the browser program used, and in the case of mobile phones, the type.
When you log in to the website, it creates two cookies that store your login information and the display options for the editor interface. The login cookies are valid for two days, the cookie storing the display options of the editor interface is valid for one year. If the “Remember me” option is checked, the login will continue for two weeks. When you log out, the login cookies are removed.
Legal basis for processing
Contribution based
When you edit a post, your browser stores another cookie. This cookie does not contain any personal data, it simply stores the ID number of the post you have edited. It expires after one day.
Comments
When submitting a comment, in addition to the information provided in the comment form, the commenter’s IP address and browser ID string are collected to filter out unsolicited content. An impersonalized string generated from your email address (commonly called a hash) is sent to the Gravatar service if it is used on the site. The terms and conditions of the Gravatar service can be found at https://automattic.com/privacy/. Once a post is accepted, the content of our post will be publicly displayed.
Using Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site you have visited.
The information generated by the cookies on the website used by the User is usually transferred to a Google server in the USA and stored there. By activating the IP anonymisation on the website, Google will previously shorten the User’s IP address within the Member States of the European Union or in other states that are partly part of the Agreement on the European Economic Area.
The full IP address will be transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity for the website operator and to provide other services relating to website activity and internet usage.
The IP address transmitted by the User’s browser within the framework of Google Analytics will not be merged with other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You may also prevent Google from collecting and processing information about your use of this website (including your IP address) by means of cookies by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=hu
Legal basis for processing
Contribution based
Using Google Ads (adwords) conversion tracking
The data controller uses the online advertising program “Google Ads” and makes use of Google’s conversion tracking service within its framework. Google Conversion Tracking is an analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
When you visit a website through a Google ad, a cookie is placed on your computer for conversion tracking. These cookies have a limited validity and do not contain any personal data, so the User cannot be identified by them. When the User browses certain pages of the website and the cookie has not expired, Google and the data controller can see that the User has clicked on the ad. Each Google Ads customer receives a different cookie, so they cannot be tracked through the Ads customers’ websites.
The information, which is obtained through the use of conversion tracking cookies, is used to provide conversion statistics to Ads customers who opt for conversion tracking. Customers are then informed of the number of users who click on their ad and are referred to a page with a conversion tracking tag. However, they do not have access to information that would allow them to identify any user.
If you do not want to participate in conversion tracking, you can opt-out by disabling the option to set cookies in your browser. You will then not be included in the conversion tracking statistics.
Further information and Google’s privacy statement can be found at: www.google.de/policies/privacy
Legal basis for processing
Contribution based
Register on the website
By storing the data provided during registration, the Data Controller can provide a more convenient service (e.g. the data subject does not have to re-enter the data for a new purchase). Registration is not a condition for the conclusion of a contract
Data processed
In the course of processing, the Data Controller processes your name, address, telephone number, e-mail address, the characteristics of the product purchased and the date of purchase.
Duration of processing
Until your consent is withdrawn.
Legal basis for processing
Contribution based
Processing the order
Processing of orders requires data processing activities in order to fulfil the contract.
Data processed:
In the course of processing, the Data Controller processes your name, address, telephone number, e-mail address, the characteristics of the product purchased, the order number and the date of purchase.
If you have placed an order in the webshop, the processing of the data and the provision of the data is essential for the performance of the contract.
Duration of processing:
Until consent is withdrawn
Legal basis for processing:
Performance of the contract [processing under Article 6(1)(b) of the Regulation]
Issuing the invoice:
The data processing is carried out in order to issue invoices in accordance with the law and to fulfil the obligation to keep accounting records. Pursuant to Article 169 (1) to (2) of the Tax Act, companies are required to keep accounting documents that directly and indirectly support the accounting.
Data processed:
Name, address, e-mail address, telephone number.
Legal basis for processing:
Processing based on a legal obligation
Pursuant to Section 159 (1) of Act CXXVII of 2007 on Value Added Tax, the issue of an invoice is mandatory and must be kept for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting [data management pursuant to Article 6 (1) (c) of the Regulation].
5. Send newsletter
The controller sends the newsletter to the address provided on the basis of the user’s prior, voluntary and explicit consent(!). You can unsubscribe from the newsletter at any time by clicking on the unsubscribe link at the bottom of the newsletter. The newsletter will be sent via a mailing system (Mailchimp). Its privacy policy is available at the link below:
https://mailchimp.com/legal/Mailchimp (GDPR declaration)
The Data Processor contributes to the sending of newsletters on the basis of a contract with the Data Controller. In doing so, the Data Processor processes the name and e-mail address of the data subject to the extent necessary to send the newsletter.
Newsletter collection system Sumo
Sumo (GDPR declaration)
Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity, the User may expressly consent in advance to being contacted by thegreenminder.com with advertising offers and other mailings at the contact details provided at the time of registration.
In addition, the User may, subject to the provisions of this notice, consent to thegreenminder.com processing his/her personal data necessary for sending advertising offers.
thegreenminder.com does not send unsolicited commercial messages and the User may unsubscribe from receiving offers without any restriction and without giving any reason, free of charge. In this case, thegreenminder.com will delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. The User may unsubscribe from advertising by clicking on the link in the message.
Pursuant to Section 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following shall be defined in the data management of newsletter distribution:
a) the fact of data collection,
b) the persons concerned,
(c) the purpose of the data collection,
(d) the duration of the processing,
(e) the identity of the potential controllers who have access to the data,
(f) a description of the rights of data subjects with regard to data processing.
The fact of processing, the data processed: name, e-mail address, date, time.
Data subjects: all data subjects who subscribe to the newsletter.
Purpose of the processing: sending electronic messages containing advertising to the data subject, providing information on current information, products, promotions, new features, etc.
Duration of data processing, deadline for deletion of data: until the withdrawal of the consent, i.e. until unsubscription.
Potential data controllers who may have access to the data: personal data may be processed by the controller’s staff, in compliance with the principles set out above.
Description of the data subjects’ rights in relation to data processing: the data subject may unsubscribe from the newsletter at any time, free of charge.
Legal basis for data processing: the data subject’s voluntary consent, the Infotv. Article 5 (1) of the Act on the Fundamental Conditions and Certain Restrictions of Economic Advertising Activities (Act XLVIII of 2008), Article 6 (5):
The advertiser, the advertising service provider or the publisher of the advertisement shall keep a record of the personal data of the persons who have given their consent within the scope specified in the consent. The data recorded in this register, relating to the recipient of the advertising, may be processed only in accordance with the consent given in the consent form, until it is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.
Method of data storage: electronic
Persons entitled to access the data: data controller/site operator
You can unsubscribe by clicking on the unsubscribe link in the newsletter
By sending a letter to the Data Controller at the following e-mail address: leaf(at)thegreenminder.com
Community sites
Pursuant to Article 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following shall be defined in the scope of data processing of social networking sites:
a) the fact of data collection,
b) the persons concerned,
(c) the purpose of the data collection,
(d) the duration of the processing,
(e) the identity of the potential controllers who have access to the data,
(f) a description of the rights of data subjects with regard to data processing.
The fact of data collection, the scope of data processed: the name registered on Facebook/Instagram/Twitter/Pinterest/Youtube/Instagram etc. social networking sites, and the user’s public profile picture.
Data subjects: all data subjects who are registered on Facebook/Instagram/Twitter/Pinterest/Youtube/Instagram etc. and have “liked” the website.
Purpose of the data collection: to share or “like” certain content, products, promotions or the website itself on social networking sites.
Duration of data processing, time limit for deletion of data, the identity of the possible controllers entitled to access the data and the rights of the data subjects in relation to data processing: the data subject can find out about the source of the data, the processing of the data and the method and legal basis of the transfer on the relevant Community site. The data are processed on the social networking sites, so the duration of the processing, the way in which the data are processed and the possibilities for deleting and modifying the data are governed by the rules of the social networking site concerned.
Legal basis for processing: the data subject’s voluntary consent to the processing of his or her personal data on social networking sites.
Embedded content from other websites
Entries on the website must not use embedded content (e.g. videos, images, articles, etc.) from external sources. Embedded content from external sources will not be allowed.
Links to external sites
The website may contain links to other companies’ or other websites. The Data Controller accepts no responsibility for the data protection measures of external websites visited via such links. Please refer to the privacy policies of these external websites.
Customer relations and other data processing
If the data subject has any questions or problems when using our services, he or she can contact the data controller by the means indicated on the website (telephone, e-mail, social networking sites, etc.).
The Data Controller deletes the data provided in e-mails, messages, telephone, Facebook, etc., together with the name and e-mail address of the interested party and other personal data voluntarily provided by the interested party, after a maximum of 1 year from the date of the communication.
Information about data processing not listed in this notice is provided at the time of collection.
In the case of an exceptional request by a public authority or other bodies authorised by law, thegreenminder.com is obliged to provide information, to disclose data, to hand over data or to make documents available.
In such cases, thegreenminder.com will disclose personal data to the requesting party – provided that the exact purpose and scope of the data have been specified – only to the extent and to the extent that is strictly necessary for the purpose of the request.
6. Data security
The controller shall design and implement the processing operations in such a way as to ensure the protection of the privacy of data subjects.
The data controller shall ensure the security of the data (password, antivirus protection, SSL encryption), take the technical and organisational measures and establish the procedural rules necessary to enforce the Info Act and other data protection and confidentiality rules.
The controller shall take appropriate measures to protect the data, in particular by
unauthorised access,
the change,
the transmission,
the disclosure of,
deletion or destruction,
accidental destruction and damage,
against inaccessibility due to changes in the technology used.
The controller shall ensure, by appropriate technical means, that the data stored in the records cannot be directly linked and attributed to the data subject.
The data controller shall take measures to prevent unauthorised access, alteration and unauthorised disclosure or use of personal data:
the development and operation of an appropriate IT and technical environment,
the controlled selection and supervision of staff involved in the provision of services,
issuing detailed operational, risk management and service procedures.
On the basis of the above, thegreenminder.com ensures that the data it processes
be available to the rightful claimant,
authenticity and verification,
is unchanged,
The information technology system of the Data Controller and its hosting provider protects, among others.
computer fraud,
espionage,
computer viruses,
spam,
the hacks
and other attacks.
7. Data subjects’ rights and means of redress
In accordance with the provisions of the GDPR, the company provides data subjects with:
7.1 Right to information
The data subject may request information on the processing of his/her personal data and request the rectification of his/her personal data, the erasure of his/her data or the restriction of processing at the following e-mail address:
leaf(at)thegreenminder.com
The right to information applies to all legal bases for data processing. The data subject may request the rectification of his or her personal data and the erasure or blocking of his or her personal data, except for mandatory processing.
The undertaking shall provide information to the data subjects in a concise, transparent, comprehensible and easily accessible form, in clear and plain language. The information shall be provided in writing or by other means, including, where appropriate, by electronic means.
a.) Information at the request of the data subject
At the request of the data subject, oral information may be provided, provided that the identity of the data subject has been verified by other means.
Without undue delay, and in any event within 30 days of receipt of the request, the undertaking shall inform the data subject of the action taken on the data subject’s request concerning other data subjects’ rights.
If necessary, and taking into account the complexity of the application and the number of requests, the 30-day deadline may be extended by a further 60 days. The undertaking shall inform the person concerned of the extension, stating the reasons for the delay, within 30 days of receipt of the request. If the data subject has submitted the request by electronic means, the information shall be provided by electronic means where possible, unless the data subject requests otherwise.
b.) Information and action shall be provided free of charge.
Where the request of the data subject is manifestly unfounded or excessive, in particular because of its repetitive nature, the undertaking, having regard to the administrative costs entailed in providing the information or information requested or in taking the action requested:
a) charge a reasonable fee, or
(b) refuse to act on the request.
The burden of proving that the request is manifestly unfounded or excessive lies with the undertaking.
c.) Mandatory information
Where the undertaking has obtained the data directly from the data subject (including in particular customers), the undertaking shall in any event provide information on:
a) the identity and contact details of the representative of the undertaking, if any;
b) the contact details of the Data Protection Officer, if any;
(c) the purposes for which the personal data are intended to be processed and the legal basis for the processing
(d) in the case of processing based on legitimate interests, the legitimate interests of the undertaking or third party;
(e) where applicable, the recipients of the personal data
(f) where applicable, the fact that the undertaking intends to transfer the personal data to a third country or an international organisation,
In addition to the above, at the time of the first acquisition of personal data, the company will also inform the data subjects of the following:
a) the duration of the storage of personal data
(b) the right of the data subject to request the company to access, rectify, erase or restrict the processing of personal data concerning him or her, and to object to the processing of such personal data in the case of processing on certain legal bases, and the right to data portability;
(c) the right to withdraw the processing based on consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal;
(d) the right to lodge a complaint with a supervisory authority (National Authority for Data Protection, hereinafter referred to as “the Authority” or “the NDA”);
(e) whether the provision of the personal data is based on a legal or contractual obligation or is a prerequisite for the conclusion of a contract, whether the data subject is under an obligation to provide the personal data and the possible consequences of not providing the data.
If the undertaking intends to further process personal data for a purpose other than that for which they were collected, it shall inform the data subject of that other purpose and of any relevant additional information referred to in point 34 before further processing.
There are several ways in which a business can comply with the information requirement.
a) The information set out in the point on the information on the date of first obtaining of personal data (“Information Notice”) will be published by the company on its website in a way that is easily accessible and easily findable by any person.
b) In addition to or instead of publication on the website, the undertaking may choose to make the “Privacy Notice” available as an annex to the contract. In this case, it is sufficient to provide the data subject with the information on the processing of personal data relating to the data subject concerned. The “Information Notice on Data Management” should not form part of the General Contractual Conditions (GTC).
If the firm has not obtained the data processed in the course of the statutory audit activity directly from the data subject, the firm has no obligation to inform the data subject, taking into account that the Act imposes a strict confidentiality obligation in relation to the statutory audit activity.
7.2 Right of access
The data subject has the right of access to all legal bases for data processing.
The data subject has the right to receive feedback from the company on whether or not his or her personal data are being processed and, if such processing is taking place, the right to access the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
(c) the recipients or categories of recipients to whom or which the personal data have been or will be disclosed by the undertaking
(d) where applicable, the envisaged period of storage of the personal data
(e) the right of the data subject to obtain from the company the rectification of personal data concerning him or her, the erasure of such data or the restriction of their processing in the case of processing based on certain legal bases and the right to object to the processing of such personal data in the case of processing based on certain legal bases;
(f) the right to lodge a complaint with a supervisory authority;
(g) where the data have not been collected from the data subject, any available information on their source;
(h) the fact of automated decision-making, including profiling, and, at least in those cases, the logic used and clear information on the significance of such processing and its likely consequences for the data subject.
The company shall provide the data subject with a copy of the personal data processed.
For any additional copies requested by the data subject, the undertaking may charge a reasonable fee based on the administrative costs, the amount of which shall be set out in the undertaking’s pricing policy, other rules or other document.
7.3 Right to rectification
The right to rectification is available to the data subject for all legal bases for processing.
The company shall, without undue delay, correct inaccurately processed personal data relating to the data subject upon the data subject’s request. The data subject shall have the right to request that incomplete personal data be completed, inter alia, by means of a supplementary declaration.
7.4 Right to erasure (right to be forgotten)
The right to erasure (forgetting) is not automatically granted to the data subject in respect of all processing operations relating to the legal basis.
The company will delete personal data concerning the data subject without undue delay if one of the following grounds applies:
a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the data subject withdraws his or her consent on which the processing is based (in the case of processing based on consent) and there is no other legal basis for the processing;
(c) the data subject objects to the processing and there is no overriding legitimate ground for the processing in the case of legal grounds for processing used in accordance with points 17 and 18 (processing based on public authority or legitimate interest)
d) the personal data have been unlawfully processed;
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the undertaking;
The company will not comply with the data subject’s request for erasure if the processing is necessary for compliance with a legal obligation applicable to the company that requires the processing of personal data.
If the undertaking receives a request for cancellation, it will first check that the request for cancellation has indeed come from the rightholder. To this end, the undertaking may ask for the identification data of the contract between the data subject and the undertaking (e.g. contract number, date of contract), the identification number of the document issued to the data subject by the undertaking, the personal identification data registered on the data subject (the undertaking may not, however, ask for additional identification data which it does not have on the data subject).
If the company has to comply with a request for erasure, it is obliged to make every effort to ensure that the personal data are erased from all databases.
The undertaking will keep a record of the cancellation in order to prove that it has taken place. The record shall be signed by the representative of the undertaking or by the person(s) authorised to do so by his/her job description. The cancellation report shall contain:
a) the name of the person concerned
b) the type of personal data deleted
c) the date of cancellation.
The company shall inform all those to whom the personal data have been disclosed of the obligation to erase.
7.5 Right to restriction of processing
The right to restriction applies to all legal bases for processing.
At the request of the data subject, the undertaking shall restrict processing if one of the following conditions is met:
(a) the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the undertaking to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;
(c) the personal data are no longer necessary for the purposes of the processing, but are required by the data subject for the establishment, exercise or defence of legal claims; or
(f) the data subject is subject to processing pursuant to a public authority or on the basis of a legitimate interest the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the undertaking prevail over the legitimate grounds of the data subject.
Where processing is restricted on the basis of the previous point, such personal data may be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for important public interests of the European Union or of a Member State.
The undertaking shall inform all those to whom the personal data have been disclosed of the obligation.
7.6 Right to object
The right to object is granted to the data subject in the case of processing based on a public authority or a legitimate interest.
The enterprise may no longer process personal data in the event of a data subject’s request to object, unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such purposes.
If the data subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for these purposes.
7.7 Right to data portability
The right to data portability applies to the legal basis for processing based on consent or contract, where the processing is carried out by automated means.
The undertaking shall ensure that the data subject receives the personal data relating to him or her which he or she has provided to the undertaking in a structured, commonly used, machine-readable format and that the data subject transfers these data to another controller.
8. Remedies
User may object to the processing of his/her personal data if the processing or transfer of personal data is necessary solely for the fulfilment of a legal obligation concerning thegreenminder.com or for the purposes of the legitimate interests pursued by thegreenminder.com, the data recipient or a third party, unless the processing is required by law;
the personal data are used or disclosed for direct marketing, public opinion polling or scientific research purposes; in other cases specified by law.
thegreenminder.com will examine the objection within the shortest possible period of time from the submission of the request, but not later than 15 days, will decide on its validity and will inform the applicant in writing of its decision. If thegreenminder.com establishes the validity of the data subject’s objection, it shall cease processing the data, including further recording and transmission, and block the data, and shall notify the objection and the measures taken on the basis of the objection to all those to whom it has previously transmitted the personal data concerned by the objection and who are obliged to take action to enforce the right to object.
If the User does not agree with the decision of thegreenminder.com, he/she may appeal against it – within 30 days from the date of its notification – to the court. The court shall act out of turn.
Complaints against possible infringements by the data controller can be lodged with the National Authority for Data Protection and Freedom of Information:
(It is also advisable to contact the Data Controller before initiating proceedings to remedy the breach.)
National Authority for Data Protection and Freedom of Information
Hungary, 1125, Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: Hungary, 1530, Budapest, P.O. Box 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
9. Judicial enforcement
The controller must prove that the processing is in compliance with the law. It is for the recipient to prove the lawfulness of the transfer.
The court has jurisdiction to hear the case. The action may also be brought, at the option of the person concerned, before the court of the place of residence or domicile of the person concerned.
A person who does not otherwise have legal capacity to sue can also be a party to the lawsuit. The Authority may intervene in the proceedings in order to ensure that the person concerned is successful.
If the court upholds the application, the data controller shall be obliged to provide the information, rectify, block or erase the data, annul the decision taken by automated processing, take into account the right of the data subject to object, or disclose the data requested by the data subject.
If the court rejects the data subject’s request, the controller is obliged to delete the data subject’s personal data within 3 days of the judgment. The controller shall also be obliged to delete the data if the data subject does not apply to the court within the time limit.
The court may order the publication of its judgment, with the publication of the controller’s identification data, if the interests of data protection and the protected rights of a large number of data subjects so require.
10. Who do I share your user data with? How long will I keep the personal data?
When you post a comment, the comment and its metadata remain in the system for an indefinite period of time. This is to ensure that all subsequent posts are known and approved by thegreenminder.com, i.e. that they are not added to the list of posts to be moderated.
11. Where can I transfer the data?
Comments submitted by visitors can be checked by an automatic spam filtering service.
The data of the operator and data controller of the server thegreenminder.com:
Company name: Gy.Gyüre György EV (data controller, owner)
Address: Hungary, 1116,Budapest,Mezőkövesd utca 41.
Contact: leaf(at)thegreenminder.com
Phone: +36 70 417 8562
Server operator, data processor
Name: ZeroTime Services Kft
Hungary, 2013 Pomaz
Mikszáth K. u. 36/4.
Tax number: 23386031-2-13, HU23386031
Phone: +36-20-931-8834
12. Compensation and damages
If the controller infringes the data subject’s right to privacy by unlawfully processing his or her data or by breaching data security requirements, the data subject may claim damages from the controller.
The controller is liable to the data subject for any damage caused by the processor and the controller is also liable to pay the data subject the damages due in the event of a personal data breach caused by the processor. The controller shall be exempted from liability for the damage caused and from the obligation to pay the damage fee if it proves that the damage or the infringement of the data subject’s personality rights was caused by an unavoidable cause outside the scope of the processing.
No compensation shall be due and no damages shall be payable where the damage or injury to the person concerned has been caused by the intentional or grossly negligent conduct of the victim or by an infringement of a right relating to personality.
13. Legal background
In preparing this information, I have taken into account the following legislation:
Act CXII of 2011 – on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)
Act CVIII of 2001 – on certain aspects of electronic commerce services and information society services (in particular § 13/A)
Act XLVIII of 2008 – on the basic conditions and certain restrictions of economic advertising (in particular § 6)
Act XC of 2005 on Electronic Freedom of Information
Act C of 2003 on Electronic Communications (specifically § 155)
Opinion No 16/2011 on the EASA/IAB Recommendation on best practice on behavioural online advertising
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016
Recommendation of the National Authority for Data Protection and Freedom of Information on the data protection requirements for prior information.
However, if you wish to delete, block or refuse cookies from my website, you can do so using your browser.