Tetszik egy fotó? Vásárlással és egyéb lehetőségekkel kapcsolatban írj nekem az alábbi elérhetőségeken: aquilaphoto.blog@gmail.com *** Do you like an image? For ordering a print or collaboration contact me via e-mail: aquilaphoto.blog@gmail.com

Terms & Conditions

Terms & Conditions

Name and Contact Information of Data Controllers:

Data Controller Name: Benedek Lampert

Tax ID: 55666370-1-42

Address: HU- Budapest, 1165, Hunyadvar st. 41/b

E-mail adress: benedek@figsfanphotos.com

Website: http://www.figsfanphotos.com

Introduction provisions, basic concepts

The Data Controller conducts its activities for the promotion of a offline/online photography courses,  product selling (like canvas photos or later photography merchandise), offine workshops, and other photography (especially toy photography) related online and offline events, projects and products for the purpose of promote/selling them.

The Data Controller informs the data subjects through this data protection notice about all the facts related to the processing of personal data, including but not limited to the identity of the data controller, the purpose of the data processing, the scope of the processed data, the legal basis for data processing, the duration of data processing, the use of data processors, the circle of persons authorized to access the data, the data security measures, and the rights and options for enforcing the data subjects' rights.

This notice is continuously available in electronic form on the Data Controller's website.

The Data Controller processes personal data lawfully, fairly, and in a transparent manner for the data subjects. To achieve lawful, fair, and transparent data processing, the Data Controller prepares an easily understandable data protection notice for the data subjects. The Data Controller implements appropriate technical and organizational measures to ensure the security of the data subjects' personal data.

The Data Controller does not use personal data for purposes other than those stated in the notice, and it cannot use them. The Data Controller processes only data that has been made known to the data subject or obtained through other lawful means and does not disclose them to third parties except in cases specified by applicable law. Personal data can only be transmitted in accordance with the provisions of the relevant legislation and in the cases set forth in this notice.

The Data Controller carries out its data processing activities in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation or GDPR) and Act CXII of 2011 on Informational Self-Determination and Freedom of Information.

Basic concepts:

personal data: any information relating to an identified or identifiable natural person ('data subject') (e.g., the name and residence of a natural person attending the event).

Affected: Any identified or identifiable natural person based on personal data (in this information, the natural person who uses the service is considered as affected)

Data processing: Any operation or set of operations performed on personal data or data sets, whether automated or not, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction;

Data controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In relation to the data processing defined in this information, the data controller is the Data Controller;

Data processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the data controller, in a contractual relationship with the Data Controller;

Supervisory authority: In Hungary, the National Authority for Data Protection and Freedom of Information (hereinafter: NAIH), whose task is to ensure the right to informational self-determination.

Purposes, legal bases, categories of data subjects and processed personal data

Data processing related to invoicing and the retention of accounting documents

The purpose of data processing and the categories of processed data:

For the purpose of issuing and retaining accounting documents (invoices) related to the products sold and services provided by the Data Controller – based on legal obligation – the Data Controller processes the following categories of personal data:

  1. Invoicing data (Name, invoicing address, and tax number of the data subject);

Categories of data subjects: Natural persons who purchase products or use services.

Here's the translation of the text:

kotlinLegal basis and duration of data processing:

The legal basis for data processing is Article 6(1)(c) of the GDPR, as data processing is necessary for the data controller to fulfill its legal obligations specified in section 169(2) of the Accounting Act. The data controller is required to provide data to the National Tax and Customs Administration regarding issued invoices, based on points 1, 4, and 6 of Annex 10 to Act CXXVII of 2007 on value-added tax.

The duration of data processing: The retention period for data is determined by section 169(2) of the Accounting Act, which is at least 8 years.

kotlinData processing during sending newsletters/EDM activities Purpose of data processing and categories of processed data

The data controller processes the following personal data categories of the data subject for sending electronic messages containing advertisements, providing information about current news, products, promotions, free downloadable content, and new features:

kotlinFirst name provided by the data subject (optionally, last name)Email address of the data subject

Categories of data subjects: All natural persons subscribing to the newsletter service

kotlinLegal basis and duration of data processing

The legal basis for data processing: The data subject's consent (Article 6(1)(a) of the GDPR), and, if not otherwise provided by law, direct marketing to natural persons as recipients of advertising messages, especially by means of electronic mail or other individual communication equivalent to it, with the exception of advertising messages addressed to the recipient, which may only be communicated if the addressee has given his or her prior explicit and express consent (Section 6(1) of Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising activity).

Duration of data processing: Until the consent is withdrawn by the data subject, or until the data subject unsubscribes from the newsletter service.

kotlinData processing during online purchase on the website Purpose of data processing and categories of processed data

For smooth processing of purchases made through the website operated by the data controller, the following personal data categories of the data subject are processed:

kotlinName provided by the data subject (last name and first name)Email address of the data subjectAddress of the data subjectBilling address provided by the data subject (if different from the address)Phone number of the data subjectoptionally; company name, tax number

Categories of data subjects: Natural persons who purchase products or use services.

Regarding the preservation of accounting documents, the Hungarian Accounting Act of 2000, Section 169 (2) stipulates that such data must be retained for 8 years. Accounting vouchers, including the general ledger, detailed accounts, and other supporting documents, must be kept in a readable form and in a retrievable manner based on accounting entries for at least 8 years.

Regarding the handling of cookies and IP address data on the Controller's website: The Controller processes data arising from the use of cookies (hereinafter: "cookies") by the User who displays the website in their internet browser.

A cookie is data sent by the visited website to the visitor's browser (in the form of a variable name-value pair), which is stored so that the same website can load its content later. With every subsequent HTTP(S) request, the browser sends this data to the server, thus modifying the data on the user's device.

The Controller uses the Google Analytics service (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States of America) to analyze website traffic. Within the framework of the Google Analytics service, the Controller processes the IP address recorded during the visit of the User in an anonymized (masked) manner. Before any storage or processing takes place, the IP addresses are anonymized/masked. The anonymized data is no longer capable of identifying the User, and therefore, under GDPR, such data does not qualify as personal data. The Controller uses the service to analyze website traffic by categorizing users by device, browser use, and measuring website visits (visit time, session length, bounce rate). Google Analytics keeps the data in the above-mentioned anonymized form for 24 months. (For more information on Google's privacy policy: https://www.google.com/policies/privacy/, and for more information on Google Analytics anonymization: https://support.google.com/analytics/answer/2763052).

Users can delete cookies from their own computer, or they can configure their browser to disable cookies.

Regarding the data transfer operations performed by the Controller as part of its activities: The Controller carries out occasional personal data transfers if requested by an authority, court, public body, organization, or person with public authority or if the data transfer is based on the appropriate legal reference provided by the Controller.

Right to Restrict Processing, Right to Rectification, Right to Object, Right of Access and Procedure for Submitting and Handling Requests

The Right to Restrict Processing

The Controller shall restrict the processing of personal data if:

  • the data subject disputes the accuracy of the personal data, in which case the restriction applies for the time necessary to verify the accuracy of the data;
  • the processing is unlawful, but the data subject opposes the erasure of the data and requests the restriction of their use;
  • the processing is no longer necessary for the purposes for which the data was collected, but the data subject requests the data to be processed to establish, exercise, or defend a legal claim;
  • the data subject has objected to the processing of their data.

The data subject has the right to request that the Controller restrict the processing of their data if any of the above conditions apply.

The Right to Rectification

The data subject has the right to request the Controller to rectify without undue delay any inaccurate personal data concerning them. The Controller is obliged to rectify or amend the data even without the request of the data subject.

The Right to Object

The data subject has the right to object, at any time, to the processing of their personal data when such processing is based on the legitimate interests of the Controller. In case of objection, the Controller may only continue to process the data if they demonstrate compelling legitimate grounds that override the interests, rights and freedoms of the data subject.

The Right of Access

The data subject has the right to request from the Controller confirmation as to whether or not personal data concerning them is being processed ("right of access"). The Controller shall provide the data subject with information about the purposes of the processing, the categories of data concerned, the recipients to whom the data has been or will be disclosed, the envisaged period for which the personal data will be stored, the data subject's rights, the right to lodge a complaint with the supervisory authority, and the source of the data. The Controller shall provide a copy of the personal data undergoing processing, upon request.

Procedure for Submitting and Handling Requests

Data subjects may submit requests related to the processing of their personal data in person (verbally) or in writing (in person, by email, or by post) to the Controller's contact details.

The Controller shall provide the data subject with information about the action taken in response to their request or requests for information, without undue delay and at the latest within one month of receipt of the request. The information shall be provided in the manner requested by the data subject.

If the identity of the person submitting the request is uncertain, the Controller may request further information necessary to confirm their identity. The Controller's request for additional information shall be sent within 5 working days following the receipt of the request.

The Data Controller does not charge a separate fee for providing information and taking action related to the data subject's rights, except in exceptional cases where the request is clearly unfounded or the data subject requests multiple copies of the data and the fulfillment of the request involves significant administrative costs.

Data Subject Remedies: Complaint to the National Data Protection and Freedom of Information Authority

If the data subject believes that their request regarding their personal data has not been satisfactorily resolved by the Data Controller, or if they believe that a serious breach of their rights related to the processing of their personal data has occurred, or if the Data Controller fails to comply with GDPR provisions regarding data processing, they are entitled to file a complaint with the National Data Protection and Freedom of Information Authority.

The supervisory authority to which the complaint was filed must inform the customer about the procedural developments and the outcome of the complaint.

Contact Information for the National Data Protection and Freedom of Information Authority:

yamlheadquarters: 1055 Budapest, Falk Miksa utca 9-11.mailing address: 1374 Budapest, Pf. 603.phone: +36 (1) 391-1400fax: +36 (1) 391-1410email: ugyfelszolgalat@naih.huwebsite: www.naih.hu

Right to Go to Court

If the data subject experiences unlawful data processing, they may initiate a civil lawsuit against the Data Controller. The decision on the lawsuit falls under the jurisdiction of the court. The lawsuit can be initiated before the court of the data subject's place of residence, as chosen by the data subject.

Laws Used:

My data processing principles comply with the applicable laws related to data protection, including in particular:

csharpAct CXII of 2011 on Informational Self-Determination and Freedom of Information (Infotv.);Act V of 2013 on the Civil Code (Ptk.);Act CLV of 1997 on Consumer Protection (Fgytv.);Act XIX of 1998 on Criminal Proceedings (Be.);Act C of 2000 on Accounting (Számv. tv.);Act CVIII of 2001 on Electronic Commerce Services and Certain Issues Related to Information Society Services (Eker. tv.);Act C of 2003 on Electronic Communications (Eht.);Act CXXXIII of 2005 on the Rules of Personal and Property Protection and Private Investigation Activities (SzVMt.);Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Grt.);Act CLIX of 2012 on Postal Services (Postatv.)