.jpg)
Legal Basis and Purpose of this Privacy Policy; Data Controllers
For the drafting of this policy, special consideration was given to the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.), the provisions of Act VI of 1998 regarding the promulgation of the “Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data” of 28 January 1981, enacted in Strasbourg, the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR), and the recommendations of the ‘ONLINE PRIVACY ALLIANCE’.
This Privacy Policy and all data protection issues therein shall be governed by …. law, and any legal disputes arising in any data protection context shall fall under the jurisdiction of ….. courts of law, stipulating the exclusive jurisdiction of ….. courts of law that have competence for the relevant area according to the postal code of the Data Controller’s or Controllers’ registered seat. The purpose of this Privacy Policy is to secure in the territory of each Party for every individual, whatever his nationality or residence, respect for his rights and fundamental freedoms, and in particular his right to privacy, with regard to the automatic processing of personal data relating to him (“data protection”) for the full range of our services.
Data Controllers:
Company
Registered seat:
Company registration number:
Contact information of the data protection officer:
Data Processors:
Company
Registered seat:
Company registration number:
.jpg)
Additional Safeguards for Data Subject
All persons shall have the right to
1. receive information on his/her data and on processing (right of access by the data subject),
2. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(d) the data subject has objected to processing pursuant to relevant legislation pending the verification of whether the legitimate grounds of the data controller override those of the data subject.
3. establish the existence of an automated personal data file, its main purposes, as well as the identity and habitual residence or principal place of business of the controller of the file;
4. obtain at reasonable intervals and without excessive delay or expense, confirmation of whether personal data relating to him are stored in the automated data file as well as communication to him of such data in an intelligible form;
5. have such data corrected or erased for reasonable cause without delay (‘right to be forgotten’); The Data Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The data controller shall inform the data subject about those recipients if the data subject requests it;
6. receive, in the case of automated processing in consent-based processing, the personal data concerning him or her, which he or she has provided to … in a structured, commonly used and machine-readable format and shall have the right to have … transmit those data to another data controller. This right shall not violate the right to be forgotten and shall not adversely affect the rights and freedoms of others.
7. object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1) of the GDPR, including profiling based on those provisions;
8. not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except in the cases under Article 22 of the GDPR (automated decision-making);
9. obtain a legal remedy if a request for confirmation or, as the case may be, communication, rectification or erasure as referred to by relevant legislation is not complied with. At the data subject’s request, the data controller shall provide information on the data managed by the data controller or processed by the data controller’s authorised data processor, on the purpose, legal grounds, time period of the data processing, on the data processor’s name, address (registered seat) and data processing activities, and on the identity of the person(s) receiving the data and on the purpose such data were received. The Data Controller shall provide the requested information in writing in intelligible form at the earliest possible time upon receipt of the data subject’s request but within no later than 30 days. In case of any violation of its rights, the data subject may lodge a formal complaint against the data controller in a court of law. The Data Controller is liable to pay compensation for any damage caused to another party by its unlawful handling of data subject data or by breaching technical data protection requirements. The Data Controller is also liable to pay compensation to the data subject for any damage caused by its data processor. The Data Controller is exempt from liability if it can prove that the damage resulted from unavoidable causes outside the scope of data processing. No compensation is payable if damage is caused by the injured party’s deliberate or grossly negligent conduct.
Automated Decision-Making
The Data Controller shall apply automated decision-making (profiling) in the following cases.
1. Development of discount subscription offers We offer discount packages on the basis of the time that has passed since registration or the expiration of the previous subscription and based on the user’s sex.
2. Development of partner recommendation system (gravity) Depending on the result of automated decision-making, the website prioritises certain users in its displays for other users.
a. Based on the user’s clicks and favourites, we recommend users whom the user might like.
b. similarity is determined with the use of the following logic: “The persons who liked the users you like also liked the following users”
c. the system only decides whether we will prioritise the display of certain users.
Data Protection Principles
Data Controller shall give its users clear, noticeable and unambiguous warning before capturing, recording or handling any of their data (privacy statement) to provide them with information on the method used for capturing their data, for what purposes and in accordance with what principles. Furthermore, the Data Controller shall call the user’s attention to the voluntary nature of data disclosure. Data Subject shall be informed about the purpose of data processing, as well as the identity of the person(s) who manage and process the data. The Data Controller’s entire staff and senior officers are entitled to the access data processed by the Data Controller. The requirement to provide information on data processing is also deemed fulfilled when applicable laws govern data to be captured by transfer from an already existing data processing pool or by linking existing databases. Whenever the Data Controller intends to use provided data for purposes other than determined when the data was originally captured, it shall inform the User of those purposes accordingly and obtain the User’s prior express consent; the Data Controller shall also ensure that User may opt to prohibit use of its data for such other purposes.
Data Controller shall, without fail, adhere to the restrictions stipulated under Basic Principles when capturing, recording, and processing data, and it shall keep the Data Subject informed of its activities via electronic correspondence, at the Data Subject’s request. The Data Controller shall refrain from imposing any sanctions against users who decline to provide requested non-mandatory information.
The Data Controller shall keep the data it processes secure and adopt technical and organisational measures and formulate procedural rules as may be necessary for ensuring that the data captured, stored, and processed is protected;
The Data Controller shall prevent destruction, unlawful use and unlawful alteration of the data it processes.
Data Controller shall notify any third party to whom it may transfer or disclose data, as the case may be, of their obligations to the above.
Whereas N …. does not offer any services designed for individuals aged under 18, it represents and warrants that it does not collect or handle personal data on individuals aged under 18.
As a general rule, users visiting our website are not obligated to disclose their identity and provide personal data of any kind. When providing their name and email address, users may, as a matter of course, opt not to enter their real name but provide an alias instead. Data and information suitable for personal identification shall be construed as personal data of natural persons that can be used to identify an individual, to communicate with them, or to identify their physical location, including but not limited to their name, residential address, postal address, phone number, fax number, and e-mail address.
Anonymous information collected by eliminating personal traceability does not constitute personal data as it cannot be linked to a natural person, nor does demographic data constitute personal data when it is collected without linking it to personal data of identifiable individuals, and therefore no connection can be made to natural persons. As a general principle, whenever we ask our visitors for personal information, they are free to decide whether they want to provide the requested information after having read and interpreted the necessary written information. However, it must be noted that, if an individual decides not to share their personal data, they may not be able to use a service that is conditional on the disclosure of personal data.
This Privacy Policy is in regard to protecting the personal data of visitors provided to the Data Controller, i.e. not in regard to their data intended for the public domain. Should an individual voluntarily decide to make all or some of his or her personal data public, then such information shall not be covered by the scope of this Privacy Policy. We always make it clear which information fields are ‘mandatory’ to complete during the registration process, for what purpose and under what terms and conditions such information will be used. The term ‘mandatory’ in this case refers not to the mandatory nature of providing the requested data but indicates that there are certain records without the completion of which registration will not be successful, in other words, leaving certain fields blank or not completing them properly may lead to rejected registration.
Without authorisation, under no circumstances shall we transfer to third parties any personal data provided by our users. If the service provider is requested by any competent authority to provide any personal data in line with applicable laws (e.g. in connection with a suspected crime, or under an official court resolution ordering the confiscation of data), the Data Controller will hand over the requested and available information in accordance with its statutory obligation.
Whenever our users make available their personal data to us, we shall take all necessary measures to keep those personal data safe both during the course of network communication (i.e. online data processing) and during the course of data storage and safekeeping (i.e. offline data processing). It is the Data Controller’s responsibility to ensure that visitors can access, correct and supplement their own personal data through the same communication channels and by using the same means through which they shared their personal data with us in the first place. This is meant to ensure that the personal data of our users are always up-to-date, accurate and current. Should any of our users ask us to remove their personal data from our systems, we shall promptly oblige (on the understanding that thenceforth that user will, in some cases, no longer be able to use the service to which the data was relevant, or not in the same way as before).
By registering and by using the service, users grant their consent for … to view the conversations carried out on the communication channels it provides (chat) and to know the conversations and statements made by users therein. In case of online payment, the Data Controller may, for the purpose of providing customer service assistance to users, confirming transactions, and to analyse cases of fraud, disclose the email address, name, and telephone number linked to the user profile to the payment service provider.
Within this framework, the Data Controller shall apply the following rules during the
the course of data collecting
Data suitable for contacting individual users. We shall use data suitable for contacting individual users (e.g. email addresses) strictly for purposes authorised by the user in advance and we shall, under no circumstances, disclose them to third parties without the user’s prior written consent, unless stipulated otherwise by applicable laws. Data are suitable for physically contacting individual users. We shall use data strictly for the purposes authorized by the user in advance and we shall, under no circumstances, disclose them to third parties, unless stipulated otherwise by applicable laws. Open communication options. Open communication channels that are part of our service (e.g. forums) may be used at each user’s own risk. Individual users are the copyright owners of their own posts but … is entitled to quote and circulate multiple copies of such posts without limitation. Third parties may print, download and disseminate postings strictly for their own personal use only, and may use them exclusively with … written consent. Users are reminded that comments posted on open communication channels are governed by separate laws regulating public communications. We are committed to handling data suitable for individually contacting users accessing communication services with utmost care and in the strictest of confidence; no unauthorised access to those data is possible, and such data will not be disclosed to third parties unless stipulated otherwise by applicable laws.
Links. Our services include a large number of links to the websites of other service providers. The Data Controller shall not accept liability for the data and information protection practices of such service providers.
Information & Legal Remedy
At the User’s request, Data Controller shall provide information on the data processed by Data Controller, on the purpose, legal grounds and time period of the data processing, on the data processor’s name, address (registered seat) and data processing activities, and on the identity of the person(s) receiving the data and on the purpose such data were received. Information may be requested at … or under the ‘…’ menu point.
Should our users have any reason to believe that we have breached their personal data … protection rights, they may file a formal complaint with a court of law, or may seek assistance at the … National Authority for …
Such legal cases are reviewed by courts of law in expeditious procedures. Rulings fall under the jurisdiction of tribunals. Legal cases may also be brought before the tribunal that has jurisdiction over the User’s (Data Subject’s) domicile or residence at the User’s (Data Subject’s) discretion.
Detailed statutory provisions pertaining to legal redress and the Data Controller’s obligations are stipulated by Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.
Data Security
Data Controller and, within its own scope of operations, Data Processor shall keep the data they process secure, and adopt technical and organisational measures and formulate procedural policies as may be necessary to enforce the provisions of the Data Protection Act as well as other data and confidentiality regulations. Data shall be protected especially against unlawful access, alteration, publication, or erasure, as well as against damage or destruction.
The Legal Basis, Purpose, Sphere, and Duration of Processing
1. The Legal Basis for Processing
Policies regarding data processing and protection of personal data of visitors apply only to natural persons having regard to the fact that personal data can be interpreted in relation only to natural persons (in accordance with Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information); therefore, this Data Protection Policy has a binding force strictly to the processing of personal data of natural persons registering on the website.
a) The legal basis for the processing referred to in point V.2. a) is the consent of the data subjects and the Data Controller’s rightful interest in performing the contract concluded between the data subject and the Data Controller (Article 6(1)(b) of the GDPR).
b) The legal basis for the processing referred to in points V.2. c), d), e), f), and g) (ii)-(iii) is the consent of the data subjects. Data subjects shall provide their consent during the registration process by checking separate checkboxes for each of the various processing purposes and subsequently providing their personal data (e.g. subsequently uploading photographs).
c) The basis of the processing referred to in point V.2. b) is, in particular, Sections 169 and 202 of Act CXXVII of 2017 on Value Added Tax, as well as Section 167 of Act C of 2000 on Accounting. The Website’s users accept the use of cookies by clicking on the “I understand” button on the Website. If the user accepts the use of cookies, information and consent shall extend to using cookies at later times when the user’s device is connected to the Website.
d) The legal basis for the processing referred to in point V.2. g) (i) is the Data Controller’s rightful interest in performing the contract concluded between the data subject and the Data Controller (Article 6(1)(b) of the GDPR).
2. The Purpose of Processing and the Sphere of Processed Data
Personal data can be processed strictly only for a specific purpose, to exercise a right and to meet an obligation. Data processing shall meet this objective in every step of the procedure. Personal data can be processed only insofar as it is essential for satisfying the purpose of data processing, it is adequately suited to satisfying that purpose, and its scope and duration is limited to achieving the objective.
a) Purpose: providing the dating service, exercising the connected copyright, and fulfilling the connected obligations. Data: name, home address, email address, sex, the sex of the sought partner, place and date of birth, place of residence.
b) Purpose: fulfilling the tax and accounting obligations required by law (bookkeeping, taxation). Data: the personal data defined by law, thus especially invoicing name, company name, tax number, invoicing address, email address and payment (transfer) details.
c) Purpose: preparation of usage statistics, providing the service in the highest possible quality and the most possible effective manner, and sending system messages in connection with operating the website and providing the services.
Data: the data under point V.2. a) above, and furthermore the data that can be entered under the tabs “Introduction”, “Photos”, “Data”, and “Who are you looking for?” The exact list of such data is attached as Annex 1 to this document. Sensitive personal data are marked with bold in the list of data.
d) Purpose: use for marketing and direct marketing purposes, and for sending newsletters (business offers).
Data: email address.
e) Purpose: informing other users
Data: name, home address, email address, and the data found on the Website’s “Introduction” and “Photos” tabs.
f) purpose: providing the flower delivery service, exercising the connected copyright, and fulfilling the connected obligations
Data: name, delivery address, phone number
g) Cookie: cookies contain information automatically logged by our servers. The Manager uses the following cookies:
(i) Session cookies
(ii) Functional cookies
(iii) Third-party cookies
The processing purposes, legal basis, duration, and other information pertaining to cookies can be found in a separate document (https://www.puncs.com/en/cookie).
3. The period of processing starts at the completion of registration and ends at the time when the data is erased. Unless provided for otherwise by law or requested by the data subject, the Data Controller shall erase the data on the day after the expiry of the following periods (as the end of the purpose of processing).
a) The Data Controller shall delete the data used for the processing under point V.2. a), c), d), e), and f) on the 730th day after the inactivity of the given user (which period will always be extended by the period of hibernation requested by the user), if the conditions required by law are met and the user’s membership will be terminated in line with the conditions of the contract concluded between the parties.
b) The Data Controller shall process the data under point V.2. b) for the time set out by law (the end of the 8th year following the termination of the contract concluded between the parties).
c) The Data Controller shall process the data under the processing referred to in point V.2. g) until the time set out in the separate document.
Definition of personal data-related terms
Personal data means any information relating to an identified or identifiable natural person (hereinafter: data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; sensitive data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation; data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; data transfer means making data accessible to a third party; publication means making data accessible to anyone; data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
erasure of data means rendering data unrecognisable by making it unrecoverable; automated data file means any set of data undergoing automatic processing; automatic processing includes the following operations if carried out in whole or in part by automated means: storage of data, carrying out of logical and/or arithmetical operations on those data, their alteration, erasure, retrieval or dissemination.
.jpg)
Basic Principles of Data Processing
In line with Article 5 of the GDPR, the Data Controller shall ensure that personal data are
a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency);
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
e) kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
EXPLORE
How It Works
Instagram
Privacy
CONTACT
Company
Email
Phone