Aviso de privacidad | River Ride
1. Purpose of the data processing policy
A RiverRide Kft. (registered seat: 1012 Budapest, Logodi u. 34. B. ép., hereinafter referred as service provider and/or controller) as controller, expresses its consent to be bound by the present Privacy Policy as legal declaration. RiverRider Kft. undertakes to guarantee that its data management related to its service corresponds to the expectations defined in this guide and current legislation (including EU regulations as well). RiverRide Kft.’s current Privacy Policy is always available at www.riverride.com/privacypolicy. RiverRide Kft may need to update or amend the present Privacy Policy from time to time to its discretion. The latest version of the Privacy Notice is always available on our website. We will communicate any material changes to the Privacy Notice. If you have any questions or concerns regarding the present Privacy Policy please contact RiverRide Kft.
Data privacy is of high importance for RiverRide Kft and we want to be open and transparent with our processing of your personal data. RiverRide Kft. treats its customers’ personal data in confidence and takes all security, technical and organizational measures that guarantee the security of your data. Therefore Riverride Kft. has the following policy setting out how the personal data will be processed and protected.
2. The Controller
Name of the controller: RiverRide Kft.
Registered seat: 1012 Budapest, Logodi u. 34. b. ép.
Registered by: Company Registry Court of the Metropolitan Court of Budapest (Fővárosi Törvényszék Cégbírósága)
Registration number: 01-09-912676
national tax number 14630583-2-41
Phone number: +3613322555
E-mail: [email protected]
You can contact the Controller on any of the abovementioned contact details. RiverRide Kft. deletes all incoming e-mails within a period of no longer than 5 year from the date of receipt of the e-mail.
3. Definitions
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
GDPR: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
’supervisor authority’ or NAIH: Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság);
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
’special categories of personal data’: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation;
‘customer’ means natural or legal person whom may interested in the products and services of the Riverride Kft. in person, via website, phone or any other way; also who concludes contract with Riverride Kft. in this context.
4. Principles relating to processing of personal data
Riverride shall take appropriate measures to ensure that any personal data regarding the clients shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
5. Scope of the processed personal data
5.1 Scope of the personal data supplied by the Customer
We are processing the following personal data
- Purchasing the ticket via internet requires the following personal data
- customer’s name
- e-mail address
- phone number
- Questionnaire passengers’ satisfaction requires the following personal data
- Online administration requires the following personal data
- customer’s name
- e-mail address
5.2 Technical data
Riverride Kft. chooses and operates the informatics devices such a way that the during the service the personal data:
a) should be accessible for eligible person (availability);
b) authenticity and validation should be ensured (authenticity of data management);
c) steadiness should be justified (data integrity);
d) protected against illegal access (confidentiality of the data).
RiverRide Kft. protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction and accidental destruction. RiverRide Kft. ensures the protection of your data with such technical and organizational measures, which provides a proper protection against the risks associated with data management.
The Riverride Kft. maintain during the data management:
a) confidentiality: protects the information, only the eligible person can get an access;
b) integrity: protects the accuracy and integrity of the information and the processing method;
c) availability: ensures for the eligible person the access to the desired information and the availability of the required devices.
5.3 Cookies
5.3.1 The function of cookies
- collect information about visitors and their assets;
- note the visitors' custom settings that may be used (e.g. when using online transactions, so the visitor does not have to type the data again;
- facilitate the use of the website;
- provide a quality user experience.
Cookies are small pieces of data stored by this web site in the user’s computer's web browser and later on read from there. If your browser returns a previously saved cookie, the cookie operator can link the user's current visit with the past, but the cookies can be read by no other web sites than the one that placed them.
5.3.2 Essentially, session cookies
The purpose of these cookies is to enable visitors to browse the RiverRide Kft.'s website completely and smoothly, to use its features and the services available there. The validation of this type of cookie expires when the session (browsing) ends, and by closing the browser, this type of cookies is automatically deleted from the computer or other device used for browsing.
5.3.3 Third party cookies (analytics)
RiverRide Kft uses Google Analytics to help us to understand how you make use of our content and work out how we can make things better. These cookies follow your progress through our website, collecting anonymous data on where you have come from, which pages you visit, and how long you spend on the site. This data is then stored by Google in order to create reports. These cookies do not store your personal data.
6. Intended use and retention period of the processed data
type of processinguse of personal datalegal baseretention periodPurchasing the ticket via internetticket sales,
checking the eligibility of use of the tickets,
contacting (for example due to the change of departure),
complaint handling,
customer identificationfreely given consent of the customer or entering into a contract5 years
7. The purpose, method and legal bases of processing
7.1 General processing principles
The controller’s processing is based on voluntary consent or legal authorization. In the case of processing based on voluntary contributions, the customer may withdraw their consent at any time during the processing of data.
In some cases processing, storage and transmission of data is mandatory by law, in this case customers shall be notified.
We would like to inform those whom may provide information for RiverRide Kft. that if they do not provide their personal data, the data supplier is obliged to obtain the consent of the person concerned.
Legislation underlying the processing of personal data:
- Act CXII of 2011 on Informational Self-determination and Freedom of Information,
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC General Data Protection Regulation)
- Act V. of 2013 on the Civil Code of the Republic of Hungary
- Act C of 2000 on Accounting
- Act LIII of 2017 on the Prevention of Money Laundering and Terrorist Financing
8. Physical storage location of the data
Personal data can be treated in the following way: on the one hand, technical data on your computer, browser, web address, visited pages, on the other hand, you can also give us your name and contact information if you intend to contact us personally using our website.
9. Data transmission, processing, those who can access the customer’s personal data
Controller only share personal data in the following cases:
- fulfilling its accounting requirements (the accounting firm Tamási Gábor egyéni vállalkozó., registered seat 1047 Budapest, 10. Liszt Ferenc street; will be a processor in this relation)
- in order to settle legal claims (the authorized lawyer will be a processor in this relation).
At RiverRide Kft. the personal data can only be known by the colleagues who
- takes the order;
- gives ticket to the customer when ticket is purchased on the spot
- does the invoicing
- controls the validity of the tickets at the boarding
The abovementioned business partners and colleagues have obligation of confidentiality regarding the personal data.
10. Customer’s rights and remedies
Customer is entitled to ask for information regarding the processing of his or her personal data; also entitled to ask for rectification, and – with the exception of mandatory processing – erasure and restriction regarding the processed data. Customer also has the right to data portability and to object.
10.1 Right of information
RiverRide Kft. shall take appropriate measures to provide any information referred to in GDPR ‘s Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
10.2 Right of access by the customer
The customer shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the customer. The processor shall provide the information at the latest within one month of receipt of the request.
10.3 Right to rectification
The customer shall have the right to obtain from the Riverride Kft. without undue delay the rectification of inaccurate personal data concerning him or her. The customer shall have the right to have incomplete personal data completed.
10.4 Right to erasure
The customer shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the customer withdraws consent on which the processing is based, and there is no other legal ground for the processing;
- the customer objects to the processing, and there are no overriding legitimate grounds for the processing;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services.
Erasure cannot be obtained to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; for the establishment, exercise or defence of legal claims.
10.5 Right to restriction of processing
The customer shall have the right to obtain from the controller restriction of processing where one of the following applies:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
10.6 Right to data portability
The customer shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
10.7 Right to object
The customer shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
10.8 Automated individual decision-making, including profiling
The customer shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
10.9 Right of revocation
The customer shall have the right to withdraw his or her consent at any time.
10.10 Right to apply to the courts
Any infringements of the present privacy policy may be subject to the right to apply to the courts. This case should be dealt with priority.
10.11 Right to lodge a complaint with a supervisory authority
Complaint shall be lodge with NAIH.
Name: Hungarian National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság)
Registered seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, Pf.: 5.
Phone number: +3613911400
Fax: +3613911410
E-mail: [email protected]
Website: http://www.naih.hu
11. Other provisions
RiverRide Kft. may disclose personal data if we are required to do so by law, legal process, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request; in response to law enforcement authority or other government official requests; when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss; in connection with an investigation of suspected or actual illegal activity.
23rd May 2018
Deja una respuesta