ALVEOLA Trade and Service Limited Liability Company (1143 Budapest, Gizella u 28/A., register entry number: 01 09 567918, tax number: 12240911-2-42) (hereinafter referred to as Service Provider, Data Manager)
Registration number of Data Management: NAIH-75323/2014.
Paragraph 1 of Article 20 in Act no. CXII from 2011 on the right to informational self-determination and liberty states that the Data Subject (in this case the User of the web page, hereinafter referred to as User) must be told before data-processing whether the data-processing is based on his/her consent or obligatory.
The Data Subject shall be informed clearly and in details before starting data-processing about all facts related to the data-processing, particularly about the purpose and legal basis of data-processing, the party entitled to data-processing and Data Management, duration of Data Management.
The Data Subject shall be informed according to Point 1 Paragraph 6 of Information Act that his/her personal data may be processed even if it is impossible to get hold of the Data Subject's consent or it would entail an expense disproportionate, and the personal data-processing
The information shall include the Data Subject's rights connected to Data Management and to legal remedy, too.
If the personal advice of Data Subjects is impossible or would entail an expense disproportionate (as in this case on a web page), they may be informed by the publication of the following data too:
a) the fact of data collection,
b) scope of Data Subjects,
c) purpose of data collection,
d) duration of Data Management,
e) possible Data Controllers entitled to get acquainted with the data,
f) the Data Subject's rights connected to Data Management and to legal remedy, and
g) if the Data Management may be recorded in the register of processing operations, the registration number of Data Management.
This Information of Data Management rules the Data Management of the following web pages: http://www.solanie.eu, and it rests on the content-based specifications above.
Amendments of the Information take effect by publication on the above address. Behind each chapter headings of the Information the law reference is indicated.
Definitions (3.§)
1. Data Subject/User: any natural person who is defined and identified by personal data or - is identifiable directly or indirectly;
2. Personal data: data associated with the Data Subject - particularly the name, the identifier, any knowledge of one or more physical, physiological, mental, economic, cultural or social features -, and any conclusions that can be reached about the Data Subject;
3. Sensitive data:
a) any personal data in relation to race, ethnic origin, political affiliation, religion or other world view, membership in representative associations, sexual life,
b) any personal data in relation to health condition, diseased addiction, and criminal data;
4. Consent: a voluntary and clear declaration about the intention of the Data Subject that he/she gives a clear-cut consent to process his/her personal data in full range or only in some actions; this consent may be given based on appropriate advice;
5. Objection: the statement of the Data Subject in which he/she objects against the management of personal data, and he/she asks for discontinuing the Data Management and deletion of the data processed;
6. Data Controller: any natural or legal person, or any association not having legal personality, who or which either independently or jointly with others defines the purpose of Data Management, makes and executes decisions of Data Management (including tools used), or charges an authorized Data Controller;
7. Data Management: any operation or set of operations which is performed upon personal data, independently of the procedure applied, such as collection, recording, organisation, storage, alteration, use, consultation, transfer, disclosure, alignment or combination, blocking, erasure or destruction, and prevention of utilization of data, taking a photo or recording audio or video, and recording any characteristics suitable for identification of a person (e.g. finger- or palmprint, DNA-sample, iridodiagnosis);
8. Data transfer: making data available for an authorized third party;
9. Disclosure: making data available for anybody;
10. Erasure of data: reducing data into an unrecognisable and non-reconstitutable form;
11. Data marking: marking data in order to distinguish them;
12. Data blocking: marking data in order to block data-processing permanently or for a determined period;
13. Data destruction: full physical destruction of the data carrier;
14. Data-processing: execution of technical tasks related to Data Management, irrespective of the methods and tools used, and of the place of application, provided that the technical task is executed on the data;
15. Data Processor: any natural or legal person, or any association not having legal personality, who or which executes data-processing on behalf of the Data Controller, according to an agreement concluded with them, including a conclusion of contract based on a statutory provision;
16. Data responsible: a body with public responsibilities, which prepared the data of public interest that must be disclosed by electronic means, or during the operation of which these data were generated;
17. Data sender: a body with public responsibilities, which disclose the data sent by the data responsible on a website, if the data is not disclosed by the data responsible;
18. Data file: a compilation of data handled in a record;
19. Third party: any natural or legal person, or any association not having legal personality, who or which is not identical to the Data Subject, the Data Controller or the Data Processor.
Legal Basis of Data Management (5.-6.§)
1. Personal data may be processed if
2. Personal data may be processed even if it is impossible to get hold of the consent of the Data Subject, or it would entail an expense disproportionate, and the personal data-processing
a) is necessary to meet any legal obligations relating to the Data Controller, or
b) is necessary to endorse a legitimate interest of the Data Controller or a third party, and the endorsement of this interest is proportionate to the limitation of the right for protection of personal data.
3. If the Data Subject is not able to give consent due to his/her incapacity or other circumstances beyond the control, Data Subject's personal data may be processed to protect the vital interests of the Data Subject or of another person, and in the extent to prevent or avoid a direct threat to life, physical integrity or assets of people while giving consent is hindered.
4. To the validity of the declaration made by a Data Subject of 16 years or older, his/her legal representative does not have to give consent or subsequently approve it.
5. If the purpose of Data Management based on consent is to execute the agreement concluded with the Data Controller in written, the contract shall include all information that the Data Subject should know in connection with the personal Data Management, such as the description of data to be managed, duration of Data Management, the purpose of use, the fact of data transfer, addressees, and the operation of a Data Processor. The contract shall include unmistakably that the Data Subject, signing the contract, gives consent to manage his/her data according to the contract.
6. If the data are registered with the consent of the Data Subject, the Data Controller may use the data registered, unless law provides otherwise,
Purpose Limitation of Data Management (4.§ [1]-[2])
1. Personal data may exclusively be processed to a purpose defined, to exercise rights and to meet obligations. Data Management must comply with the purpose of the Data Management in each phase, any processing of data must be lawful and fair.
2. Only personal data may be processed that are indispensable to achieve the purpose of Data Management, and that are capable of attaining the desired end. Personal data may be processed only in the extent and duration that are necessary to achieve the purpose.
Other Principles of Data Management (4.§ [3]-[4])
During the Data Management, the personal data holds this feature until such time as its connection to the Data Subject is recoverable. The connection to the Data Subject is recoverable if the Data Controller has the technical conditions that are necessary to the recovery.
During the Data Management, the accuracy, the completeness and (if it is necessary regarding the purpose of the Data Management) the up-to-date state of the information must be ensured, in addition, the Data Subject should be identifiable to the minimum of time necessary to the purpose of the Data Management.
Applying for a Training Course
1. According to Paragraph 1 of Article 20 in Act no. CXII from 2011 on the right to informational self-determination and liberty, the following information must be given when applying for a training course:
a) the fact of data collection,
b) scope of Data Subjects,
c) purpose of data collection,
d) duration of Data Management,
e) possible Data Controllers entitled to get acquainted with the data,
f) Data Subjects' rights related to Data Management.
2. The fact of data collection, the scope of data managed: First name and surname, email address, phone number, address, name and address on invoice, data of the parlour, date of application, IP-address at time of application.
3. Scope of Data Subjects: all Data Subjects that apply through the web page.
4. Purpose of data collection: User's personal data are managed for applications for training courses, invoicing participation fees, and executing the obligations connected to it, sending newsletters.
5. Duration of the Data Management, deadline for erasure of data: Accounting documents shall be kept and stored for at least 8 years according to Paragraph 2 of Article 169 in Act no. C from 2000 on accounting.
The accounting document supporting the settlement of accounts directly or indirectly (including ledger accounts, analytic and itemized records) shall be stored in a readable form for at least 8 years, which may be retrieved based on the reference in book-keeping.
6. Possible Data Controllers entitled to get acquainted with the data: Personal data may be managed by Data Controllers with respect of the above principles.
7. Data Subjects' rights related to Data Management: The Data Subject can initiate erasure or alteration of data as follows:
- by post to the address: 1143 Budapest, Gizella u 28/A.,
- via email:
8. Legal basis of Data Management: User's Consent, Paragraph 1 of Article 5 on Information Act, and Paragraph 3 of Article 13/A of Act no. CVIII from 2001 on electronic commerce and on some questions of information society services (hereinafter referred to as: E-commerce Act)
With a view to providing the service, the Service Provider may process the personal data that are technically essential for the service. Other things being equal, the Service Provider shall select and operate the tools used to information society services in a way which enables that personal data are managed only if this is essential to provide the service and to meet other purposes specified in this Act, but even in this case only in the necessary extent and time.
Our E-commerce Policies (13/A, E-commerce)
1. The Service Provider may process natural personal data, address and other data in connection with the time, duration and place of the service in order to invoice the fees based on the information society service contract.
2. With a view to providing the service, the Service Provider may process the personal data that are technically essential for the service. Other things being equal, the Service Provider shall select and operate the tools used to information society services in a way which enables that personal data are managed only if this is essential to provide the service and to meet other purposes specified in the Act on electronic commerce, but even in this case only in the necessary extent and time.
3. The Service Provider may process data related to the service for any other purposes - particularly to increase the efficiency of its service, to send electronic advertisements or other contents to the User, or to market research - only if the purpose of the Data Management is previously identified and the User gave Consent.
4. Before and during making use of the information society service, the User makes continuously sure that Data Management can be forbidden.
5. If the contract is not concluded, or is terminated and after invoicing, data managed shall be erased. Data shall be erased if the purpose of Data Management ceased or the User ordered so. Unless law provides otherwise, data must be erased promptly.
6. The Service Provider shall ensure that the User can get to know any time before and during making use of the information society service for which purposes and which data types the Service Provider processes, including processing data not directly connected to the User.
"Ask the Experts" column
1. According to Paragraph 1 of Article 20 in Act no. CXII from 2011 on the right to informational self-determination and liberty, the following information must be given in connection with the Data Management of Ask the Experts column:
a) the fact of data collection,
b) scope of Data Subjects,
c) purpose of data collection,
d) duration of Data Management,
e) possible Data Controllers entitled to get acquainted with the data,
f) Data Subjects' rights related to Data Management.
2. The fact of data collection, the scope of data managed: First name, email address, age, time of the question, IP-address at the time of the question.
3. Scope of Data Subjects: All Data Subjects using "Ask the Experts" column.
4. Purpose of data collection: to ensure the use of the function.
5. Duration of the Data Management, deadline for erasure of data: Promptly if there is a request for erasure.
6. Possible Data Controllers entitled to get acquainted with the data: Personal data may be managed by Data Controllers with respect of the above principles.
7. Data Subjects' rights related to Data Management: The Data Subject can initiate erasure or alteration of data as follows:
- by post to the address: 1143 Budapest, Gizella u 28/A.,
- via email: .
8. Legal basis of Data Management: User's Consent, Paragraph 1 of Information Act no. 5.
Handling Cookies
1. According to Paragraph 1 of Article 20 in Act no. CXII from 2011 on the right to informational self-determination and liberty, the following information must be given in connection with handling cookies on the web page:
a) the fact of data collection,
b) scope of Data Subjects,
c) purpose of data collection,
d) duration of Data Management,
e) possible Data Controllers entitled to get acquainted with the data,
f) the Data Subjects' rights related to Data Management.
2. The fact of data collection, the scope of data managed: individual identifier, dates, times.
3. Scope of Data Subjects: all Data Subjects that visit the web page.
4. Purpose of the Data Management: identification of Users and follow-up of visitors.
5. Duration of the Data Management, deadline for erasure of data: In case of session cookies, Data Management lasts to the end of the visit on the web pages.
6. Possible Data Controllers entitled to get acquainted with the data: Personal data may be managed by Data Controllers with respect of the above principles.
7. Data Subjects' rights related to Data Management: Data Subjects can delete cookies in the Tools/Settings menu of the browsers, in general, under Data Protection menu item.
8. Legal basis for Data Management: Data Subject's Consent is not necessary if the sole purpose of using cookies is to carry out the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or User.
9. The Service Provider measures the information of visits on the web page by Google Analytics. While using the service, data are transferred. Data transferred can not be used to identify the Data Subject. For more details of Google Privacy: http://www.google.hu/policies/privacy/ads/
Newsletters, DM Activity
1. Pursuant to Article 6 of Act no. XLVIII from 2008 on general terms of business advertisements and its limitations, the User may give consent previously and explicitly that the Service Provider is allowed to send advertisements and other communications to the availabilities given by the User on registration.
2. Furthermore, observed the regulations in this information note, the User may give consent for the Service Provider to handle his/her personal datafor sending advertising offers.
3. Service Provider will not send spams, and the User may unsubscribe the offers freely, without any limitation and explanation. In this case the Service Provider shall erase all personal data of the User - that are necessary to advertising offers - from the records, and no further advertising offers will be sent to the User. The User can unsubscribe the advertisements by clicking on the link in the message.
4. According to Paragraph 1 of Article 20 in Act no. CXII from 2011 on the right to informational self-determination and liberty, the following information must be given in connection with Data Management of newsletters:
a) the fact of data collection,
b) scope of Data Subjects,
c) purpose of data collection,
d) duration of Data Management,
e) possible Data Controllers entitled to get acquainted with the data,
f) the Data Subjects' rights related to Data Management.
5. The fact of data collection, the scope of data managed: name, email address, date, time.
6. Scope of Data Subjects: All Data Subjects who subscribed the newsletter.
7. Purpose of the Data Management: sending electronic advertising messages to the data subject, advice of actual information, products, actions, new functions, etc.
8. Duration of the Data Management, deadline for erasure of the data: Data Management lasts until revocation of the consent, that is until unsubscription.
9. Possible Data Controllers entitled to get acquainted with the data: Personal data may be managed by Data Controllers with respect of the above principles.
10. Data Subjects' rights related to Data Management: The data subject can unsubscribe the newsletter freely and any time.
11. Legal basis of Data Management: voluntary consent of the Data Subject, Paragraph 1 of Article 5 on information Act, and Paragraph 5 of Article 6 of Act no. XLVIII from 2008 on general terms of business advertisements and its limitations:
The advertiser, the advertising provider and the advertising publisher keep records of people's personal data who gave a declaration of consent to them - in scope specified in the consent. The information - relating to the addressee of the advertisement - in these records may only be processed according to the declaration of consent, until its cancellation, and it may only be transferred to a third party by the preliminary consent of the Data Subject.
1. According to Paragraph 1 of Article 20 in Act no. CXII from 2011 on the right to informational self-determination and liberty, the following information must be given in connection with data transfer on the web page:
a) the fact of data collection,
b) scope of Data Subjects,
c) purpose of data collection,
d) duration of Data Management,
e) possible Data Controllers entitled to get acquainted with the data,
f) the Data Subjects' rights related to Data Management.
2. The fact of data collection, the scope of data managed: name and open photo of the User who registered on the Facebook.com social media.
3. Scope of Data Subjects: All Data Subjects who registered on Facebook.com and liked the web site.
4. The purpose of the Data Management: On Facebook.com, sharing and liking some content elements, products, actions or the web site itself.
5. Duration of the Data Management, Data Controllers who are entitled to know the data, and Data Subjects' rights related to Data Management: The Data Subject may request full details of source and management of the data, method of the transfer, and its legal basis on the following address, click here.
6. Data Management is realised on Facebook.com web site, so duration, method, deletion and alteration possibilities of the data are regulated by the facebook.com social media web site, click here.
7. Legal basis of Data Management: Data Subject's voluntary consent to the personal Data Management on Facebook.com.
Data transfer
1. According to Paragraph 1 of Article 20 in Act no. CXII from 2011 on the right to informational self-determination and liberty, the following information must be given in connection with data transfer on the web page:
a) the fact of data collection,
b) scope of Data Subjects,
c) purpose of data collection,
d) duration of Data Management,
e) possible Data Controllers entitled to get acquainted with the data,
f) the Data Subjects' rights related to Data Management.
2. The fact of data collection, the scope of data managed: all personal data on the website.
3. Scope of Data Subjects: all Data Subjects that visit the website.
4. The purpose of the Data Management: website operation.
5. Duration of the Data Management, deadline for erasure of data: lasts until the Data Subject wants.
6. Possible Data Controllers entitled to get acquainted with the data: Personal data may be managed by the following Data Controllers with respect of the above principles.
Hosting service, and server maintenance
NetGo Kft.
Cim: 2100 Gödöllő, Dózsa Gy. u. 13. 2. em 202-204
Tel: +36 28 200 010
Email: info@netgo.hu
7. Data Subjects' rights related to Data Management: the Data Subject may request the Data Controller at the hosting service to erase his/her data as soon as possible.
8. Legal basis of Data Management: User's Consent, Paragraph 1 of Information Act no. 5., and Paragraph 3 of Article 13/A of Act no. CVIII from 2001 on electronic commerce and certain issues of information society services.
Data Safety (7.§)
1. The Data Controller shall plan and execute Data Management operations in the manner that provides protection of the Data Subjects' private sphere.
2. The Data Controller or the Data Processor in its activity shall care of data safety, and shall do all technical and organisational measures and create the procedural regulations that are necessary to effectuate the Information Act and any other confidentiality rules.
3. Data shall be protected by appropriate measures in particular against unauthorised access or disclosure, alteration, transfer, erasure or destruction, accidental destruction or damage, and unavailability due to the change of techniques applied.
4. For protecting data managed electronically in various records, it shall be ensured by appropriate technical solutions the data stored in records can not be connected or aligned to the Data Subjects directly, unless laws allow.
5. During automated processing of personal data, the Data Controller and the Data Processor shall
a. prevent any unauthorised memory inputs;
b. prevent the use of automated data processing systems by unauthorised persons using data communication equipment;
c. ensure that it is possible to verify and establish to which bodies personal data are transmitted or can be transmitted by data communication equipment;
d. ensure that it is possible to verify and establish which personal data, when and by whom have been input into automatic data processing systems;
e. ensure recoverability of installations in the event of a breakdown;
f. ensure to report errors during automated processing.
6. The Data Controller and the Data Processor shall have regard to the degree of technical development when taking measures for the data security. The solution which provides protection of higher level for personal data shall be selected from more possible solutions, unless it would create disproportionate difficulties for the Data Controllers.
Data Subjects' Rights (14.-19.§)
1. The Data Subject may ask the Service Provider for information of the management, correction and erasure or block of his/her personal data - except for the obligatory Data Management.
2. At the Data Subject's request, the Data Controller shall communicate the Data Subject's data that are managed by it or processed by the Data Processor, and the sources, purpose, legal basis and duration of the Data Management, the name and address of the Data Processor and its activity related to the data-processing, in addition the legal basis and addressees of data transfer if the Data Subject's personal data are transferred.
3. The Data Controller shall keep records in order that the legitimacy of data transfer can be controlled and to inform the Data Subject. The records shall include the time, legal basis and addressees of the personal data transfer, the scope of data transferred, and other information specified in law on Data Management.
4. The Data Controller shall inform the Data Subject in the shortest time but maximum in 30 days after the submission of the request, in a clear and written form. Information is free.
5. At the User's request, the Service Provider shall communicate the data that are managed by it, and the sources, purpose, legal basis and duration of the Data Management, the name and address of the possible Data Processor and its activity related to the data-processing, in addition the legal basis and addressees of data transfer if the Data Subject's personal data are transferred. The Service Provider shall give information in the shortest time but maximum in 30 days after the submission of the request, in a clear and written form. Information is free.
6. If the information is incorrect and the Data Controller has the correct data, the Service Provider corrects the personal data.
7. Instead of erasure, the Service Provider blocks personal data if the User requests or if the information available gives grounds for suspecting that erasure might prejudice the User's legitimate interests. Blocked personal data may solely be managed as long as the purpose of Data Management which excluded personal data erasure exists.
8. The Service Provider shall erase personal data if its management is illegal, the User requested, the data managed are incomplete or incorrect - and this is not recoverable legally - provided that erasure is not excluded by law, or if the purpose of Data Management ceased, the legally limited time for data storage expired, court or the National Authority for Data Protection and Freedom of Information ordered.
9. The Data Controller marks the personal data that it manages if the Data Subject debates its correctness or accuracy but the correctness or accuracy of the data debated cannot be stated unambiguously.
10. The Data Subject and everybody who received the data for data-processing earlier shall be informed that they are corrected, blocked, marked or erased. This notice may be ignored if this will not harm the Data Subject's legitimate interests regarding the purpose of the Data Management.
11. If the Data Subject's request regarding correction, blocking or erasure is not remedied, the Data Controller shall communicate the factual and legal reasons why the request for correction, blocking or erasure has been rejected. In case of rejection of the request for correction, blocking or erasure, the Data Controller shall inform the Data Subject which judicial remedies are possible or to which authorities may be applied.
Judicial Remedies
1. The User may object against processing his/her personal data if
a) data-processing or data transfer is only necessary to fulfil legal obligations of the Service Provider, or to endorse a legitimate interest of the Service Provider, the Data Controller or a third party, unless data-processing is ordered by law;
b) the personal data are used or transferred with an eye to marketing, public enquiry or scientific research;
c) there are any other cases specified by law.
2. The Service Provider shall examine the objection, and shall make a decision in the shortest time but maximum in 15 days after the submission of the request, and shall inform the User about the decision in written. If the Service Provider states the merit of the objection, it will cease data-processing, including further data entering and transfer, and blocks data, in addition, informs everybody about the measures taken to whom personal data objected are transferred, and who must take measures to validate the right to object.
3. If the User is not satisfied with the decision made by the Service Provider, it can seek remedy at the court of law in 30 days after the communication. The court will proceed before its turn.
4. Complaint may be laid against the eventual violation of law at the National Authority for Data Protection and Freedom of Information:
Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information)
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Address for correspondence: 1530 Budapest, Post box: 5.
Tel.: +36-1-391-1400
Fax machine: +36-1-391-1410
Email:
Enforcing Rights at Court (22.§)
1. The Data Controller shall prove that the Data Management complies with law. Legality of data transfer shall be proved by the data importer.
2. The process shall be judged by the court. The process may be started at the court where the Data Subject is habitually resident or registered resident - according to the Data Subject's choice.
3. In the process, any person who does not have competence in a court of law can be a party as well. Authority can interfere on behalf of the recovery of the favourable judgement for the Subject Data.
4. If the court grants the request, it may lay the Data Controller under an obligation to give information, correct, block or erase the data, to reverse the decision made by automated data-processing, observe the Data Subject's objection right, or issue the data requested by the data importer.
5. If the court rejects the request of the data importer, the Data Controller shall erase the Data Subject's personal data in 3 days after the communication of judgement. The Data Controller shall also erase data if the data importer does not bring the matter before the court in a period specified.
6. However, the court may order the disclosure of its judgement by publication of identification data of the Data Controller if data protection and protected rights of numerous Data Subjects require.
Compensation and Penalty (23. §)
1. If the Data Controller causes damage to other parties by illegal management of the Data Subject's data or by breach of data safety requirements, the damage shall be compensated by the Data Controller.
2. If the Data Controller causes damage to the Data Subject's personal rights by illegal management of the Data Subject's data or by breach of data safety requirements, the Data Subject may claim for penalty from the Data Controller.
3. The Data Controller is responsible for the damage caused by the Data Processor against the Data Subject, and it shall pay the Data Subject any penalty for violation of personal rights caused by the Data Processor. The Data Controller is exempted from the responsibility for the damage caused and from the penalty payment obligation if it proves that the damage or the violation of the Data Subject's personal rights was triggered out by a cause beyond reasonable control of Data Management.
4. The damage shall not be paid and no penalty may be claimed if the damage or the infringement of rights caused by violation of personal rights can be originated from the Data Subject's serious negligence made intentionally or as a result.
Closing Remarks
In the preparation of the information sheet we took the following regulations into consideration:
- Act no. CXII from 2011 - on the right to informational self-determination and liberty (hereinafter referred to as Information Act)
- Act no. CVIII from 2001 - on electronic commerce and certain issues of information society services (particularly Article 13/A)
- Act no. XLVII from 2008 - on prohibition of unfair commercial practices against consumers
- Act no. XLVIII from 2008 - on general terms of business advertisements and its limitations (particularly Article 6)
- Act no. XC from 2005 - on liberty of electronic information
- Act no. C from 2003 on electronic communications (in particular Article 155)
- Draft Opinion no. 16/2011 on EASA/IAB good practises of on-line behaviour-centered advertising.