Privacy Policy

Introduction

Pánácz Digital Kft. (9672 Gérce, Kossuth utca 2.) Tax number: 32579374-2-18, Company registration number: 18-09-116022 (hereinafter: Service provider, data controller) considers the following regulations binding on itself:

For natural persons, the personal on the protection and free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) according to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) we provide the following information.

This data protection policy regulates the data management of the following pages and services: Parking Hungary mobile application, www.parking-hungary.hu website

This Data Management Information can be unilaterally modified by Pánácz Digital Kft. at any time. This data management information is published on the www.parking-hungary.hu website and is also available in the Parking Hungary mobile application. Amendments to the regulations will enter into force upon publication at the above address.

The data controller and its contact details

Name: Pánácz Digital Kft.
Headquarters: 9672 Gérce, Kossuth utca 2.
E-mail: info@parking-hungary.hu

Concepts

Personal data
is any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

Data management
is any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise making it available through, alignment or connection, restriction, deletion or destruction;

A data controller
is a natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;

A data processor
is a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;

Recipient is
the natural or legal person, public authority, agency or any other body to whom or with which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;

The consent of the data subject is
a voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;

A data protection incident
is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.

Principles for handling personal data

Personal data:

its handling must be carried out legally and fairly, as well as in a transparent manner for the data subject ("legality, fair procedure and transparency");

be collected only for specific, clear and legitimate purposes, and they should not be handled in a way that is incompatible with these purposes; in accordance with Article 89 (1), further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes is not considered incompatible with the original purpose ("purpose limitation");

they must be appropriate and relevant for the purposes of data management and must be limited to what is necessary ("data sparing");

they must be accurate and, where necessary, up-to-date; all reasonable measures must be taken to promptly delete or correct personal data that is inaccurate for the purposes of data processing ("accuracy");

its storage must take place in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may be stored for a longer period only if the personal data will be processed in accordance with Article 89 (1) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the data subjects and subject to the implementation of appropriate technical and organizational measures required to protect your freedoms ("restricted storage");

its handling must be carried out in such a way that adequate security of personal data is ensured through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data ("integrity and confidentiality").

The data controller is responsible for compliance with the above, and must also be able to prove this compliance ("accountability").

The data controller declares that its data management is carried out in accordance with the basic principles contained in this point.

Data management

The fact of the data collection, the scope of the managed data and the purposes of the data management:
E-mail address: Keeping in touch, sending system messages
Notification phone number: Keeping in touch Order
number: Fulfillment of the service
Billing name and address: Issuing the regular invoice, as well as creating the contract, defining and modifying its content , monitoring its performance, invoicing the resulting fees, and asserting related claims.
Parking location: Fulfillment of the service
Purchased parking ticket data (zone code, validity period): Fulfillment of the service

The e-mail address does not need to contain personal data.
Scope of stakeholders: all stakeholders who use the Service.
The duration of data management, the deadline for data deletion: It lasts until the data subject's request for deletion.
Based on Article 19 of the GDPR, the data controller informs the data subject electronically of the deletion of any personal data provided by the data subject. If the data subject's deletion request also covers the e-mail address he/she has provided, the data controller will also delete the e-mail address after the information has been provided.
The person of the possible data controllers entitled to access the data, the recipients of the personal data: The personal data may be processed by the authorized employees of the data controller based on the provisions of this information.

Description of the rights of data subjects related to data management:

The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
the data subject has the right to data portability and to withdraw consent at any time.

The data subject can initiate access to, modification of, or restriction of processing of personal data, as well as portability of data in the following ways:

by post at Pánácz Digital Kft. 9672 Gérce, Kossuth utca 2,
by e-mail at the e-mail address info@parking-hungary.hu,

Legal basis for data management
1. GDPR Article 6 (1) b) and c)
2. CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act (hereinafter: Elker Law) 13/A. Section (3):
For the purpose of providing the service, the service provider may process the personal data that is technically absolutely necessary for the provision of the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.
3. In case of issuing an invoice in accordance with the accounting legislation, point c) of Article 6 (1).
4. In case of enforcement of claims arising from the contract, Act V of 2013 on the Civil Code 6:21. 5 years according to §.
6:22 a.m. § [Prescription]
(1) If this law does not provide otherwise, claims become time-barred within five years.
(2) The statute of limitations begins when the claim becomes due.
(3) The agreement to change the limitation period must be in writing.
(4) An agreement excluding the limitation period is void.

Contact

The fact of the data collection, the scope of the managed data and the purpose of the data management:
Name: Identification
E-mail address: Keeping in touch, sending reply messages
Message content: Necessary for the reply
Date of contact: Execution of a technical operation.

In the case of the e-mail address, it is not necessary that it contain personal data.
Scope of stakeholders: All stakeholders who send messages via the contact form.
Duration of data management, deadline for data deletion: If one of the conditions set out in Article 17 (1) of the GDPR exists, it lasts until the data subject's request for deletion.
The person of the possible data controllers entitled to access the data, the recipients of the personal data: Personal data can be handled by the authorized employees of the data controller.
Description of the rights of data subjects related to data management:

The data subject may request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and
the data subject has the right to data portability and to withdraw consent at any time.

The data subject can initiate access to, modification of, or restriction of processing of personal data, as well as portability of data, in the following ways:

by post at Pánácz Digital Kft. 9672 Gérce, Kossuth utca 2,
by e-mail at the e-mail address info@parking-hungary.hu,

The legal basis for data management is the
consent of the data subject, Article 6 (1) points a) b) and c). If you contact us, you consent to the handling of your personal data (name, e-mail address) received during the contact process in accordance with these regulations.
We would like to inform you that
this data management is based on your consent and
requires you to provide personal data in order to be able to contact us.
failure to provide data results in the inability to contact the Service Provider.
System message by e-mail
The Service sends system messages to its Users from time to time. System message is any message that relates to the operation of the Service, possible service outages, maintenance, the functions of the Service, changes to existing and new functions, new functions, the range of available services and the way to use the Service, the General Terms of Use, the Data Management Information, or those modification, the Users' rights and obligations related to the Service, related to the services used, including confirmation messages, certificates, notifications, confirmations, electronic receipts, and invoices sent for the individual services used.

In order to send the System Message, the Service performs the following data management:
e-mail address: Fulfillment of the service

Legal basis for data management: GDPR Article 6 (1) point b)

Additional data controllers

Stripe Payment Processor
Cloudflare CDN Network
Billingo
Google
APP Store IOS

Management of cookies

1. The so-called "cookie used for a password-protected session", "shopping cart cookies", "security cookies", "necessary cookies", "functional cookies" and "cookies responsible for managing website statistics" k" does not require prior consent from the data subjects.
2. The fact of the data management, the scope of the managed data: Unique identification number, dates, times.
3. Scope of stakeholders: All stakeholders visiting the website.
4. Purpose of data management: Identification of users, monitoring of visitors, ensuring customized operation.
5. Duration of data management, deadline for data deletion:

Type of cookie: Session cookies or other cookies that are absolutely necessary for the operation of the website.
Legal basis for data management: No data management is carried out using cookies.
Duration of data management: The period until the end of the relevant visitor session, so it only remains on the computer until the browser is closed.

Type of cookie: Statistical, marketing cookies.
Legal basis for data management: Article 6, paragraph 1, point a) of the GDPR.
Duration of data management: 1 day - 2 years, in accordance with the cookie information, or until the consent of the data subject is withdrawn.

6. The person of the possible data controllers authorized to see the data: The data controller can see the personal data.
7. Description of the data processing rights of data subjects: The data subject has the option to delete cookies in the Tools/Settings menu of browsers, usually under the settings of the Data Protection menu item.
8. Most browsers used by our users allow you to set which cookies are saved and allow (certain) cookies to be deleted again. If you limit the saving of cookies on specific websites or do not allow third-party cookies, this may lead to the fact that our website can no longer be used in its entirety under certain circumstances. Here you can find information on how to customize cookie settings for standard browsers:
Google Chrome (https://support.google.com/chrome/answer/95647?hl=hu)
Internet Explorer (https://support .microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies)
Firefox (https://support.mozilla.org/hu/kb/sutik-engedelizeze-es-tiltasa-amit -weboldak-hazn)
Safari (https://support.apple.com/hu-hu/guide/safari/sfri11471/mac)

Using Google Ads conversion tracking

The data controller uses the online advertising program called "Google Ads", and also uses Google's conversion tracking service within its framework. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google").
When a User accesses a website through a Google ad, a cookie required for conversion tracking is placed on their computer. The validity of these cookies is limited and they do not contain any personal data, so the User cannot be identified by them.
When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User has clicked on the ad.
Each Google Ads customer receives a different cookie, so they cannot be tracked through the websites of Ads customers.
The information - obtained with the help of conversion tracking cookies - serves the purpose of creating conversion statistics for Ads' customers who choose conversion tracking. In this way, clients are informed about the number of users who click on their ad and are redirected to a page with a conversion tracking tag. However, they do not get access to information that could identify any user.
If you do not wish to participate in conversion tracking, you can decline this by disabling the installation of cookies in your browser. After that, you will not be included in the conversion tracking statistics.

Based on Google Consent Mode v2, Google also uses two new types of cookies: ad_user_data and ad_personalization, which are based on the consent of the data subject and which relate to the use and sharing of data. ad_user_data is used to provide consent for user data to Google for advertising purposes. ad_personalization controls whether the data can be used to personalize ads (e.g. remarketing). The data controller ensures the acquisition and withdrawal of appropriate consents on the cookie banner / panel. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.

Further information and Google's privacy statement are available at https://policies.google.com/privacy

Application of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are saved on your computer, thus facilitating the analysis of the use of the website visited by the User.
The information created by cookies related to the website used by the User is usually sent to and stored on one of Google's servers in the USA. By activating IP anonymization on the website, Google shortens the User's IP address beforehand within the member states of the European Union or in other states that are parties to the Agreement on the European Economic Area.
The full IP address is transmitted to a Google server in the USA and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate how the User used the website, to prepare reports related to website activity for the website operator, and to provide additional services related to website and Internet use.
Within the framework of Google Analytics, the IP address transmitted by the User's browser is not combined with other Google data. The User can prevent the storage of cookies by setting their browser accordingly, but please note that in this case, not all functions of this website may be fully usable. You can also prevent Google from collecting and processing the User's website usage data (including IP address) through cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=en

Rights of data subjects

The right to request information:
Via the contact page, you can request information from us about which of your data, on which legal basis, for which data management purpose, from which source and for how long. Upon your request, we will send information to the e-mail address provided in the request within 30 days at most.
Right to rectification:

You can ask us to change any of your data via the contact page. Upon your request, we will take care of this within 30 days at the most, and we will send information to the e-mail address provided in the request.

Right to erasure:

You can ask us to delete your data via the contact page. At your request, we will do this within a maximum of 30 days, and we will send information to the e-mail address provided in the request.

The right to block:

You can ask us to block your data via the contact page. The blocking lasts as long as the reason indicated by you makes it necessary to store the data. At your request, we will do this within a maximum of 30 days, and we will send information to the e-mail address provided in the request.

The right to protest:

You can object to data processing via the contact page. We will examine the objection within a maximum of 15 days from the submission of the application, we will make a decision on its validity, and we will inform you of the decision by e-mail.

The possibility of legal enforcement related to data management:

In case of illegal data processing that you have experienced, notify us via the contact page, so that it is possible to restore the legal status in a short time. We will do everything in your power to resolve the issue.

Action deadline

The data controller will inform you of the measures taken following the above requests without undue delay, but in any case within 1 month from the receipt of the request.
If necessary, this can be extended by 2 months. The data controller will inform you of the extension of the deadline, indicating the reasons for the delay, within 1 month of receiving the request.
If the data controller does not take measures following your request, it will inform you without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as the fact that you can file a complaint with a supervisory authority and exercise your right to judicial redress.

Security of data management

The data manager and the data processor implement appropriate technical and organizational measures, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons. , to guarantee a level of data security appropriate to the degree of risk, including, among others, where appropriate:

pseudonymization and encryption of personal data;

ensuring the continuous confidentiality, integrity, availability and resilience of the systems and services used to manage personal data;

in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;

a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to guarantee the security of data management.

Informing the data subject about the data protection incident

If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay.
In the information provided to the data subject, the nature of the data protection incident must be clearly and comprehensibly described, and the name and contact information of the data protection officer or other contact person providing additional information must be provided; the likely consequences of the data protection incident must be described; the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.
The data subject does not need to be informed if any of the following conditions are met:

the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures - such as the use of encryption - that make the personal data unintelligible to persons not authorized to access the personal data data;
after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;
providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.

If the data controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed.

Reporting a data protection incident to the authority

The data controller shall report the data protection incident to the competent supervisory authority pursuant to Article 55 without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is likely to pose no risk to the rights of natural persons and freedoms. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached.

Possibility of filing a complaint

You can file a complaint with the National Data Protection and Freedom of Information Authority against a possible violation of the data controller:
National Data Protection and Information Freedom Authority
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, PO Box: 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

Final word

During the preparation of the information, we paid attention to the following legislation:

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL On the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) (April 2016) 27.)
CXII of 2011. Act - on the right to self-determination of information and freedom of information (hereinafter: Infotv.)
CVIII of 2001 Act - on certain issues of electronic commercial services and services related to the information society (mainly § 13/A)
XLVII of 2008 law - on the prohibition of unfair trade practices towards consumers;
XLVIII of 2008 Act - on the basic conditions and certain limitations of economic advertising (especially § 6.a)
XC of 2005. Act on Electronic Freedom of Information
Act C of 2003 on electronic communications (specifically § 155.a)
16/2011. s. Opinion on the EASA/IAB Recommendation on Best Practices for Behavioral Online Advertising
The recommendation of the National Data Protection and Freedom of Information Authority on the data protection requirements of prior information
Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Regulation 95/46/EC

2024. 07. 20.