1. The purpose of the data management information
nothing_happens hereinafter, service provider, data controller) as data controller, acknowledges the content of this legal notice as binding on itself. It undertakes to ensure that all data processing related to its activities meets the requirements set out in these regulations and in the applicable national legislation, as well as in the legal act of the European Union.
This data management information covers the following domains and their subdomains: www.nothinghappens.org
The data protection guidelines arising in relation to the data management of the data manager are continuously available at nothinghappens.org/privacy-policy. The data controller reserves the right to modify this information at any time. Those concerned will be informed about the changes in due time. If you have any questions related to this announcement, please write and we will answer your questions. The Data Controller is committed to protecting the personal data of its customers and partners, and considers it of utmost importance to respect the right of its customers to self-determination of information. The data controller treats personal data confidentially and takes all security, technical and organizational measures that guarantee the security of the data. The data controller describes its data management practices below.
2. Data of the data controller
If you would like to find us, you can contact the data manager at the email address szigetibalintbarabas@gmail.com
Email: szigetibalintbarabas@gmail.com
3. Scope of personal data handled
3.1. Technical data
The Data Controller selects and operates the IT tools used for the management of personal data during the provision of the service in such a way that the managed data:
• accessible to those authorized to do so (availability);
• its authenticity and authentication are ensured (authenticity of data management);
• its immutability can be verified (data integrity);
• be protected against unauthorized access (data confidentiality).
The data manager uses appropriate measures to protect the data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction.
The data controller ensures the protection of the security of data management with technical and organizational measures that provide a level of protection corresponding to the risks associated with data management.
The data controller preserves confidentiality during data management: it protects the information so that only those who are authorized to do so can access it; integrity: protects the accuracy and completeness of the information and the method of processing; availability: it ensures that when the authorized user needs it, he can access the desired information and that the related tools are available.
3.2 Cookies
Cookies collect information about visitors and their devices; they note the individual settings of the visitors, which will be used, e.g. when using online transactions, so you don’t have to type them in again; facilitate the use of the website; they provide a quality user experience and also participate in the collection of some visitor statistical information.
In order to provide customized service, a small data package (so-called “cookie”) is placed and read back during the next visit. If the browser returns a previously saved cookie, the cookie management service provider has the opportunity to connect the user’s current visit with previous ones, but only with regard to its own content.
Some of the cookies do not contain personal information suitable for identifying the individual user, some of them contain a secret, randomly generated number sequence, which is stored by the user’s device and ensures the user’s identification.
The purpose of session cookies is to allow visitors to fully and smoothly browse the nothinghappens.org website, use its functions and the services available there. The validity period of this type of cookie lasts until the end of the session (browsing), when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.
The website of nothinghappens.org and its subdomains also uses cookies from Google Analytics as a third party. By using the statistical service Google Analytics, the nothinghappens.org website and its subdomains collect information about how visitors use the website. The data is used for the purpose of developing the website and improving the user experience. These cookies also remain on the visitor’s computer or other device used for browsing, in their browser, until they expire, or until the visitor deletes them.
The legal basis for cookie management is the consent of the website visitor, based on point a) of Article 6 (1) of the relevant Regulation. If you do not accept the use of cookies, then 3.2.3. certain functions of the websites listed in point 1 will not be available when using the websites, or certain features may function incorrectly.
You can find more information about deleting cookies for the most common browsers at the following links:
Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Chrome: https://support.google.com/accounts/answer/32050?co=GENIE.Platform%3DDesktop&hl=en
Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
4. General data management guidelines, name of data management, use, legal basis and retention period
The data management of the data controller’s activities is based on voluntary consent and legal authorization. In the case of data management based on voluntary consent, the data subjects may withdraw their consent at any stage of the data management.
In some cases, the management, storage, and transmission of a range of the provided data is made mandatory by law, of which we notify our customers separately. We draw the attention of informants to the Data Controller that if they do not provide their own personal data, the informant must obtain the consent of the data subject. Its basic data management principles are in line with the current legislation on data protection.
The data manager prepared data maps, based on which the scope of the managed data, their use, legal basis and retention period were determined.
4.1 Data related to online administration
Personal data requested during contact:
Name (required field)
Email address (required field)
The purpose of the data management, the intended use of the managed data: The data will be used to contact and fulfill the order.
The legal basis for data management is voluntary consent. Retention period: duration of business relationship or cancellation request.
4.2 Data related to telephone administration
Personal data requested during contact:
Name (required field)
Phone number (optional field, can be filled in optionally, to initiate a call back)
Planned use of the processed data: The data will be used for contacting. The purpose of the data management, the intended use of the managed data: The data will be used for contacting purpose.
The legal basis for data management is voluntary consent.
Retention period: duration of business relationship or cancellation request.
4.3 Newsletter / eDM-related data
Personal data requested when subscribing to the newsletter:
Name (required field)
Email address (required field)
The newsletter is available after reading and accepting the data management policy.
Acceptance of the data management regulations is done by accepting a mandatory check box that is not filled in beforehand.
After signing up, the subscriber will receive information about the subscription in an email message, which he must confirm, and his subscription will then take effect.
During all related processes, the customer still has the option to unsubscribe, every letter contains the option to unsubscribe in the form of a link, which is easily accessible with one click.
Since the newsletter contains the name of the organization and the availability of its website, it is classified as advertising and eDM.
The purpose of the data management, the intended use of the processed data: The data will be used to send out a newsletter containing advertising. The newsletter contains the address of the website, so it is considered advertising.
The legal basis for data management is voluntary consent.
Retention period: until unsubscribed.
4.4 Customer contact data
The following personal data and contact information of customers will be stored:
Name
E-mail address
Phone number
The purpose of the data management, the intended use of the managed data: The data are used for the purpose of contacting and maintaining contact. The legal basis for data management is legitimate interest.
Retention period: duration of business relationship or deletion request.
4.5 Handling consumer protection complaints
If you file a consumer protection complaint, data management and the provision of data are essential for administration.
Name Email
title
Phone number
Complaint
Purpose of data management, planned use of managed data: consumer protection complaint administration. The legal basis for data management is voluntary consent.
Retention period: subject year + 5 years based on the Act on Consumer Protection
5. Physical storage locations of the data
Your personal data (that is, data that can be associated with you) may be processed by us in the following ways:
• on the one hand, in connection with maintaining the Internet connection, technical data related to the computer, browser program, Internet address, and visited pages are automatically generated in our computer system,
• on the other hand, you can provide your name, contact information or other data
In case you make personal contact with us using the website. Technically recorded data during the operation of the system: the data of the relevant user’s computer, which the nothinghappens.org systems record as an automatic result of the technical processes.
The data that is recorded automatically is automatically logged by the system upon entry or exit without a separate statement or action by the person concerned.
This data cannot be combined with other personal user data, except in cases made mandatory by law. Only nothinghappens.org and its subdomains have access to the data.
6. Data transmission, data processing, the circle of those familiar with the data
As part of its business activity, the data controller uses the following data processors:
Hosting service:
WP Engine
Irongate House, 22-30 Duke’s Place
London, EC3A 7LP United Kingdom
Headquarters: Irongate House, 22-30 Duke’s Place, London, EC3A 7LP United Kingdom
Mailing address, complaint handling: Irongate House, 22-30 Duke’s Place, London, EC3A 7LP United Kingdom
Web: https://wpengine.com/
Scope of known data: content of websites located on the nothinghappens.org domain and subdomains, emails sent to email addresses based on these domains.
Google Analytics:
Google Inc., Mountain View, California, USA
Scope of known data: IP address of visitors to the website nothinghappens.org – anonymized, not linked to a person.
Facebook page:
Facebook Inc. Menlo Park, California, USA Data
management information:
https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
Range of known data: username, comments.
Instagram page:
Instagram LLC, Willow Road, Menlo Park, California, USA
Data management information: https://help.instagram.com/155833707900388
Range of known data: username, comments.
7. Affected rights and legal enforcement options
The data subject can request information about the processing of his personal data, and can request the correction of his personal data, or – with the exception of mandatory data processing – deletion or withdrawal, he can exercise his right to data portability and protest in the manner indicated when the data was collected, or at the above contact details of the data controller.
7.1 Right to information
The Data Controller shall take appropriate measures to ensure that all information related to the processing of personal data referred to in Articles of the GDPR are provided to the data subjects. and provide each piece of information in a concise, transparent, comprehensible and easily accessible form, clearly and comprehensively worded.
7.2 The data subject’s right to access
The data subject is entitled to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to receive access to the personal data and the following information:
• the purposes of data management;
• categories of personal data
concerned;
• the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations;
• planned duration of storage of personal data;
• the right to rectification, deletion or restriction of data processing and the right to object;
• the right to submit a complaint addressed to the supervisory authority;
• information about data sources;
• the fact of automated decision-making, including profiling, as well as comprehensible information about the applied logic and the significance of such data management and the expected consequences for the data subject.
The data controller shall provide the information within a maximum of one month from the date of submission of the request.
7.3 Right to rectification
The data subject may request the correction of inaccurate personal data concerning him or her managed by the Data Controller and the addition of incomplete data.
7.4 Right to erasure
If one of the following reasons exists, the data subject has the right to request that the Data Controller delete his/her personal data without undue delay: personal data are no longer needed for the purpose for which they were collected or otherwise processed; the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management; the data subject objects to data processing and there is no overriding legal reason for data processing; personal data has been processed unlawfully; the personal data must be deleted in order to fulfill the legal obligation prescribed by the EU or Member State law applicable to the data controller; personal data was collected in connection with the recommendation of information society-related services.
Data deletion cannot be initiated if data management is necessary: for the purpose of exercising the right to freedom of expression and information; for the purpose of fulfilling the obligation under the EU or Member State law applicable to the data controller requiring the processing of personal data, or for the execution of a task performed in the public interest or in the context of the exercise of public authority conferred on the data controller; affecting the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, based on public interest; or to submit, assert or defend legal claims.
7.5 The right to limit data processing
At the request of the data subject, the Data Controller limits data processing if one of the following conditions is met: the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period that allows the accuracy of the personal data to be checked; the data processing is illegal and the data subject opposes the deletion of the data and instead requests the restriction of its use; the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims; or the data subject objected to data processing; in this case the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject. If data management is subject to restrictions, personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.
7.6 Right to data portability
The data subject has the right to receive the personal data concerning him/her provided to the data controller in a segmented, widely used, machine-readable format, and to transmit this data to another data controller.
7.7 Right to object
The data subject has the right to object at any time for reasons related to his own situation against the processing of his personal data necessary for the performance of tasks carried out in the public interest or within the framework of the exercise of public authority granted to the data controller, or for the enforcement of the legitimate interests of the data controller or a third party, including the aforementioned also profiling based on provisions. In the event of a protest, the data controller may no longer process the personal data, unless it is justified by compelling legitimate reasons that take precedence over the interests, rights and freedom of the data subject, or that are related to the submission, enforcement or defense of legal claims.
7.8 Automated decision-making in individual cases, including profiling
The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on him or similarly significantly affect him.
7.9 Right of withdrawal
The data subject has the right to withdraw his consent at any time.