Privacy policy
1.
DEFINITIONS
1.1. Service: Cloud based online scheduling system capable of being embedded in the booked4.us service (hereinafter
“Service”) website.
1.2. Service Provider: The Service is provided by booked4.us Bt. (hereinafter “Service Provider”)
Data: Name: booked4.us Bt.
Seat: H-2600 Vác, Zichy H. utca 12.
Company representative: Balogh Péter
Company registration number: 13-06-068633
VAT number: HU25149463
Financial institution holding account: Veresegyház és Vidéke Takarékszövetkezet
Bank account number: 66000169-11097435-00000000
E-mail: [email protected]
Phone: +36-20-343-3554
1.3. User: Any person using the Service following her or his registration, identified or (directly or indirectly) identifiable
based on personal data. References to the data subject shall be interpreted to mean references to the User.
1.4. Data Controller: the Service Provider which alone or jointly with others determines the purposes and means of the
processing of data; makes and executes decisions concerning data processing (including the means used) or have it
executed by a data processor.
1.5. Data Processing: any operation or the totality of operations performed on the data, irrespective of the procedure
applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring,
disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further
use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal
identification (such as fingerprints or palm prints, DNA samples, iris scans).
1.6. Data transfer: ensuring access to the data for a third party.
1.7. Disclosure: ensuring open access to the data.
1.8. Data deletion: making data unrecognisable in a way that it can never again be restored.
1.9. Data identification: marking data with a special ID tag to differentiate it.
1.10. Data blocking: marking data with a special ID tag to indefinitely or definitely restrict its further processing.
1.11. Data process: performing technical tasks in connection with data processing operations, irrespective of the
method and means used for executing the operations, as well as the place of execution, provided that the technical task
is performed on the data.
1.12. Data processor: any natural or legal person or organisation without legal personality processing the data on the
grounds of a contract, including contracts concluded pursuant to legislative provisions.
1.13. Personal data: data relating to the data subject, in particular by reference to the name and identification number
of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social
identity as well as conclusions drawn from the data in regard to the data subject.
1.14. Special data: personal data revealing racial origin or nationality, political opinions and any affiliation with political
parties, religious or philosophical beliefs or trade-union membership, and personal data concerning sex life, personal
data concerning health, pathological addictions, or criminal record.
1.15. Consent: any freely and expressly given specific and informed indication of the will of the data subject by which
he signifies his agreement to personal data relating to him being processed fully or to the extent of specific operations.
1.16. Objection: a declaration made by the data subject objecting to the processing of their personal data and
requesting the termination of data processing, as well as the deletion of the data processed.
1.17. Business advertising: communication, information or other visualisation, which is aimed at promoting the sale or
other use of disposable movables (including money, securities, financial instruments and natural resources qualifying
as properties) (hereinafter ’product’), services, immovables, rights qualifying as intangible assets, or, in connection with
such a purpose, aimed at the identification and advertisement of the company or its activities and a the increase of the
reputation of a brand, product or trademark (hereinafter ’advert’).
2. STATMENT OF THE DATA CONTROLLER
2.1. The booked4.us Service Provider, as Data Controller, acknowledges the binding nature of this Privacy Policy on
itself.
2.2. The Data Controller undertakes to ensure that its data processing in connection with the Service or the operation
of the Service always complies with the requirements laid down in the present Privacy Policy and the applicable legal
provisions.
2.3. The Data Controller ensures that the present Privacy Policy is constantly available on the www.booked4.us website
(hereinafter ’Website’). Modifications to the present Privacy Policy enter into force with their publication on the
Website.
3. APPLICABLE LEGAL INSTRUMENTS
3.1. The following Hungarian legal instruments apply to Data processing and the Data Controller acts accordingly:

Act CXII of 2011 on the right to informational self-determination and freedom of information
(hereinafter ’Act on Information’)

Act CVIII of 2001 on certain questions concerning the electronic commercial services and services
related to information society (in particular Section 13/A)

Act XLVII of 2008 on the prohibition of unfair commercial practices against consumers

Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial advertising (in
particular Section 6)

Act XV of 2005 on the freedom of electronic information

Act C of 2003 on electronic communications (in particular Section 155)
4. PRINCIPLES
4.1. Personal data can be processed only for a given purpose, as an exercise of right and compliance with an obligation.
Data processing has to comply with the purpose of data processing at all stages, recording and processing of data has
to be fair and legal.
4.2. Only such personal data can be processed, that is indispensable to realise the purpose of data processing and that
is suitable to reach such purposes. Personal data can be processed only to the extent and for the time necessary to
realise its purpose.
4.3. Personal data can be processed only if the person gives her or his consent or it is required by an act or (based on
the mandate provided in an act and to the extent permitted by the act) the regulation of the municipality on the basis
of a public purpose. If the data subject is unable to give his consent on account of lacking legal capacity or for any other
reason beyond his control, the processing of his personal data is allowed to the extent necessary and for the length of
time such reasons persist, to protect the vital interests of the data subject or of another person, or in order to prevent
or avert an imminent danger posing a threat to the lives, physical integrity or property of persons.
4.4. Where processing under consent is necessary for the performance of a contract with the controller in writing, the
contract shall contain all information that is to be made available to the data subject under this Act in connection with
the processing of personal data, such as the description of the data involved, the duration of the proposed processing
operation, the purpose of processing, the transmission of data, the recipients and the use of a data processor. The
contract must clearly indicate the data subject’s signature and explicit consent for having his data processed as
stipulated in the contract.
4.5. The consent of the data subject shall be considered granted in connection with any personal data he has conveyed
to the public or has supplied for dissemination when making a public appearance.
4.6. If there is any doubt, it is to be presumed that the data subject failed to provide his consent.
4.7. For the sake of convenient use, the system remains logged in even if the User closes the browser, until the User
logs out or restarts her or his computer. The Service Provider has no responsibility in case the User does not log out and,
as a result, unathorised parties have access to her or his data stored in the system or they modify such data. The use of
the data and information falls within the responsibility of the User.
5. Functional data processing
5.1. The legal basis of data processing on the website is the Consent of the User given by the registration, and Section 5
(1) of the Act on Information, and Section 13/a (3) of the Act CVIII of 2001 on certain questions concerning the electronic
commercial services and services related to information society.
5.2. The scope of processed data: password, first name and surname, email address, phone number, name of User,
address of User, date of registration, further data deemed important by User to provide and provided to the Service
Provider voluntarily.
5.3. The User has the right to modify the following data: password, first name and surname, email address, phone
number, address of data subject, name of data subject.
5.4. If the User deletes himself from the system or he is deleted lawfully by the Service Provider, the Data Processor has
delete immediately all data in connection with the User. Accounting statements (if exist) are kept on the basis of Act C
of 2000 on Accounting ((Section 169 (2)), for 8 years. The User can indicate via one of the addresses of the Service
Provider (Data Processor) provided in Section 1 in writing if the modification or deletion of his personal data is
requested. The Service Provider has to comply with the request within 8 days.
5.5. Courts, prosecutors, investigating authorities, administrative authorities, National Authority for Data Protection
and Freedom of Information or other authorities (on the basis of their legal mandate) may approach the Service Provider
to ask for information or communication of data. The Service Provider discloses personal data to such authorities only
to the extent (assuming that the authority defined the exact purpose and the scope of the requested data) it is
indispensable to realise the purpose of the request and to the extent it is available at the time of the request.
5.6. The Service Provider has to process the data provided by the User to perform the Service in accordance with Act
CVII of 2011 on the right to informational self-determination and freedom of information and with the Strasburg
Convention on the Protection of Individuals with regard to the Automatic Processing of Data, signed on 28 January 1928.
The Service Provider uses the personal data only in a form that cannot be used to identify the person. The employees
and other contractual partners, agents, subcontractors – in accordance with legal requirements and with the present
privacy policy – have access to the personal data of the Users to the extent necessary to fulfill their duties and to provide
the Service.
5.7. The Service Provider processes the personal data of the Users in order to provide the Service (use of website, eg,
registration, booking, newsletters, community functions), to the extent and for the time necessary to provide the
Service. The Service Provider processes also personal data indispensable for performing the technical tasks in providing
the Service. The data processing is in accordance with this purpose at all stages.
5.8. If the personal data is recorded with the consent of the User, the Service Provider, unless otherwise stated by an
act, may process the personal data in order to comply with legal obligations or to give effect to the rightful interests of
the Service Provider or third parties, in as much as giving effect to such interests is proportionate with the restriction
on the right to the protection of personal data, without further consent and following the withdrawal of the consent.
5.9. The Service Provider shall not abuse in any form the personal data processed by it.
5.10. The Service Provider stores the processed data on virtual servers provided by third parties (VPS), which may be
physically abroad. The Service Provider keeps safe copies on its own server.
6. Processing of cookies
6.1. The Service Provider uses cookies (tracking codes) to analyse the conventions in using the Service, which collect
certain User data (such as IP address, beginning and end of visiting the website, type of browser), which the Service
Provider stores in order to prepare visit statistics and to identify possible hostile IT actions.
6.2. The User does not have to consent to the use of these cookies, if the sole purpose of using the cookies is
communication transfer through electronic communication network or if the Service Provider necessarily has to do so
to provide the Service related to information society and requested by the subscriber or the User.
6.3. The scope of data processed within the framework of this Section in particular: individual identification number,
dates, hours, types and features of platform, number of touches and clicks on a given site, mouse cursor movement,
scrolling.
6.4. The data processing in case of session cookies lasts until the end of the visit to the website.
6.5. The purpose of data processing is the identification of the User, the operation of certain functions and tracking of
visitors.
6.6. The Websites may include links to outside servers (not handled by the Service Provider), websites available via such
links may place their own cookies or other files on the computer, collect data or request personal data. The Service
Provider excludes its responsibility for any of these.
6.7. The website records visit data by using the Google Analytics service. The website includes codes connected to the
Google Analytics service, which may transfer statistical data to the external server of the Service Provider in connection
with website visits. The transferred data are not such that they could be used to identify the data subject.
6.8. Storing the data happens on the IT tool of the data subject. The data subject can delete the cookies in the
Settings/Tools section under the Data Protection subsection of the browsers.
6.9. By using the Service, the User gives her or his consent that the Service Provider can collect and process her or his
personal data in accordance with the present Privacy Policy, in order to provide the full Service.
7. System messages
7.1. By registering in the system, the User gives her or his consent that the Service Provider or the system sends email
messages, information and evaluation sheets used to develop the Service.
8. Newsletter, direct marketing activities
8.1. In accordance with Section 6 of Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial
advertising, the User expressly gives his consent in advance that the Service Provider may approach him with
commercial information, marketing offers or other messages via the addresses provided during registration (eg, email
address, phone number). The User also consents to the processing of personal data necessary for sending the
commercial offers, in accordance with the present privacy policy.
8.2. The Service Provider does not send unrequested marketing messages and the User can unsubscribe from receiving
the offers, without restriction and justification. In such a case, the Service Provider deletes all personal data necessary
for sending marketing messages from its system and does not approach the User with any more marketing offers.
Unsubscribing happens either by clicking on the appropriate link in the message or by replying to the message, in which
case the User expresses his will to unsubscribe in definite terms.
8.3. Accordingly, the legal basis of data processing is the consent of the data subject, Section 5 (1) of the Act on
Information and Section 6(5) of Act XLVIII of 2008 on the basic conditions and certain restrictions of commercial
advertising.
8.4. The Service Provider has to delete the data within 8 days following unsubscribing.
8.5. The purpose of data processing is the sending of electronic messages containing advertisement to the data subject,
provision of information about current offers, actions, new functions, etc.
9. Data transfer
9.1. The Service Provider shall not transfer the data of the User to third parties.
10. Data security
10.1. The Service Provider takes all necessary measures (organizational and technical) to ensure the highest level of
security for the protection of personal data or the prevention of unauthorized alteration, deletion or use of such data.
10.2. The Service Provider takes all necessary measures to ensure data integrity, i.e., the accuracy and completeness of
the data handled or processed by it and in order to ensure that it can be verified whether they are changed and in order
to ensure that they are up to date.
10.3. The Service Provider protects the data with appropriate measures in particular against unauthorized access,
alteration, transfer, disclosure, deletion or erasing or accidental destruction, injuries or inaccessibility resulting from the
change of applied technology.
10.4. The Service Provider takes all necessary steps to ensure the credibility and confidentiality of the processed data
and in order to ensure that data subjects and those entitled can always access the data.
10.5. The Service Provider, in order to comply with the foregoing obligations, reserves its rights to provide information
to its clients and partners concerning security leaks detected on the side of clients or partners and, simultaneously,
restrict their access to the system and services of the Service provider or certain functions of the Service until the
security leak is eliminated.
11. Information on data processing
11.1. The User – via the addresses of the Service Provider indicated in Section 1, in writing – can request that the Service
Provider provides information about the processing of her or his personal data and request the correction of personal
data and the deletion of personal data (except in as much as data processing is required by law in public interest).
11.2. Upon the request of the User, the Service Provider gives information about the data processed, their source, the
purpose of data processing, the legal basis of data processing, the timeframe of data processing, the address and name
of a possible data processor and about its activity concerning data processing, and – in the case of transferring personal
data – the legal basis of data transfer and the addressees of such transfer. The Service Provider has to provide the
information in writing, in accessible and comprehensible form, as soon as possible, but in any event within 30 days.
Providing information is free of charge.
11.3. The Service Provider corrects the personal data is if it not correct and if the real data is available for the Service
Provider.
11.4. The Service Provider deletes the personal data without delay, if its use is unlawful, if the User requests so, if the
data processed is incomplete or incorrect and it cannot be legally corrected or completed, assuming that legal
requirements do not exclude such deletion, the purpose of the data processing is cancelled, the deadline defined by law
to process data is expired, or it is ordered by court or the National Data Protection and Freedom of Information
Authority. The Service Provider has no responsibility for data it deleted, which remained stored through archives as a
result of the operation of internet search engines. Such data can be erased by the operator of search engines and they
should be requested by the data subject to delete them.
11.5. The Service Provider provides information about corrections, identifications and deletions to the data subject and
others previously receiving transferred data in accordance with the purpose of data processing. This can be omitted if
such omission does not harm the rightful interest of the data subject in light of the purpose of data processing. The
Service Provider (Data Controller) has 30 days to correct or delete the data. If the Service Provider fails to comply with
the request of the User to correct, block or delete data, it has to state its reasons within 30 days in writing.
12. Legal remedies
12.1. The Service Provider can object against the processing of his or her personal data, if the data processing or transfer
is necessary only for the fulfillment of legal duties of the Service Provider or to give effect to the rightful interest of the
Service Provider, data recipient or third parties, except if such data processing is required under an Act; the use or
transfer of the personal data happens directly for business purposes, public polls or academic research; and further
cases determined by acts.
12.2. The Service Provide assesses the objection as soon as possible, but the latest within 15 days following the
submission of the request, it decides on its merits and provides information about the decision in writing to the person
submitting the request. If the Service Provider founds that the request is justified, it cancels data processing (including
further recording or transfer of data), blocks the data and provides information concerning the objection and the
measures adopted to everybody previously receiving the data in question, and who are in turn required to give effect
to the right to object.
12.3. If the User disagrees with the decision of the Service Provider, he can recourse to court within 30 days following
the communication of the decision. The court acts in an extraordinary proceeding.
12.4. The User can turn to the following authority in case of a perceived violation of his rights:
Nemzeti Adatvédelmi és Információszabadság Hatóság (National Data Protection and Freedom of Information
Authority)
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Levelezési cím: 1530 Budapest, Postafiók: 5.
Telefon: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: [email protected]
We draw the attention of the Users to the fact that using the internet entails a number of dangers threatening the
private sphere. Therefore we recommend to act carefully in providing data to service providers and disclosing personal
data.
We draw the attention of the Users to the fact that electronic messages forwarded through internet might be accessed
by unauthorised persons, the content of the message may be lost or modified.
Budapest, 23 September 2015