Skip to content Skip to footer
OUR PAST IN TRACK, PROTECTING OUR HERITAGE
8291 NAGYVÁZSONY, 19 VARGA ST.
OUR PAST IN TRACK, PROTECTING OUR HERITAGE
8291 NAGYVÁZSONY, 19 VARGA ST.

Privacy Policy

1. Introduction

1.1. Purpose of the Data Protection Notice
The purpose of this Data Protection Notice (hereinafter referred to as the “Notice”) is to present in a transparent and detailed manner how we process personal data during the activities of the Iratmentő Foundation (hereinafter referred to as the “Data Controller”), and to provide information on the rights of data subjects and how to exercise them.
1.2. Legal compliance (GDPR, Act CXII of 2011)
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR): sets out uniform EU rules on the protection of personal data.
  • Act CXII of 2011 Act (Infotv.): the law that forms the basis of Hungarian data protection regulation, which deals with the right to informational self-determination and freedom of information.
This Information seeks to comply with the requirements set out in the above legislation.

2. Data Controller Details

2.1. Name and Contact Details of the Data Controller
  • Name: Iratmentő Foundation
  • Headquarters: 8291 Nagyvázsony, Varga Street 19. 1st floor/1st door
  • Registration Number: 19-01-0001947
  • Representative: György Rácz, Chairman of the Board of Trustees
  • E-mail: iratmentoalapitvany@gmail.com
2.2. Availability of the Data Management Information
  • This Information is available in electronic form at www.iratmentoalapitvany.hu, and in printed form upon request at our customer service office.

3. Definitions

3.1. Basic Concepts of the GDPR
  • Personal Data: any information relating to an identified or identifiable natural person (“data subject”).
  • Data Controller: the natural or legal person that determines the purposes and means of the processing of personal data.
  • Data Processor: the natural or legal person that processes personal data on behalf of the Data Controller.
  • Consent: a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they agree to the processing of their personal data.
  • Data Subject: any identified or identifiable natural person to whom the personal data relates.
3.2. Definition of a Data Protection Incident
A data protection incident is any event that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

4. Principles of Data Processing

4.1. Legal Bases and Core Principles
  • Lawfulness, Fairness, and Transparency: Data is processed only for specific and lawful purposes.
  • Purpose Limitation: Data is processed only for pre-defined purposes and only to the extent necessary to achieve those purposes.
  • Data Minimization: Only personal data strictly necessary for achieving the purpose is collected and processed.
  • Accuracy: We ensure that personal data is accurate and, where necessary, kept up to date.
  • Storage Limitation: Personal data is retained only for as long as necessary to achieve the intended purpose.
  • Integrity and Confidentiality: Appropriate technical and organizational measures are implemented to protect personal data.
4.2. Accuracy and Security of Data
  • Both the Data Controller and the data subject are responsible for ensuring that personal data is regularly updated; the data subject must report any changes in their personal data.
  • The Data Controller takes all necessary steps to ensure that recorded data is accurate and protected against unauthorized access through appropriate security measures.

5. Purposes and Legal Bases of Data Processing

5.1. Registration on the Website
  • Purpose: Creating a user account and providing related services.
  • Legal Basis:
    • Consent (Article 6(1)(a) GDPR), if registration is voluntary and requested by the data subject.
    • Performance of a contract (Article 6(1)(b) GDPR), if registration is a prerequisite for service provision.
  • Scope of Data Processed: Name, email address, password (encrypted), registration date, IP address.
5.2. Order Management
  • Purpose: Processing orders, fulfilling contracts, invoicing, and delivery.
  • Legal Basis: Performance of a contract (Article 6(1)(b) GDPR).
  • Scope of Data Processed: Name, shipping and billing address, contact details (phone number, email), order details.
5.3. Issuing Invoices
  • Purpose: Compliance with applicable accounting laws (e.g. Act C of 2000 on Accounting).
  • Legal Basis: Fulfillment of a legal obligation (Article 6(1)(c) GDPR).
  • Scope of Data Processed: Name/company name, address, tax number (in case of legal entities), other data necessary for invoicing.
5.4. Sending Newsletters
  • Purpose: Marketing communication, information about new products and promotions.
  • Legal Basis: Consent (Article 6(1)(a) GDPR).
  • Scope of Data Processed: Name, email address.
  • Note: You may unsubscribe from the newsletter at any time by clicking the link at the bottom of the email, or by notifying the Data Controller directly.
5.5. Use of Cookies
  • Purpose: Ensuring proper functionality of the website, improving user experience, analyzing traffic data, marketing purposes.
  • Legal Basis:
    • Consent (Article 6(1)(a) GDPR) – for all cookies that are not essential for website functionality.
    • Legitimate interest or performance of a contract (Article 6(1)(f) or (b) GDPR) – for technically essential cookies required for basic operation.
  • Further Details: See Section 11 “Use of Cookies” of this Privacy Notice.
5.6. Data Processing on Social Media Platforms
  • Purpose: Communication and information sharing (e.g., Facebook, Instagram).
  • Legal Basis: Voluntary decision, consent (Article 6(1)(a) GDPR).
  • Note: The data processing practices of social media platforms are detailed in the respective platform’s privacy policy.

6. Scope of Data Processed

6.1. Types of Personal Data
  • Identification Data: name, username, password (encrypted).
  • Contact Data: email address, phone number, address.
  • Technical Data: IP address, browser type, cookies, login timestamp.
  • Billing Data: billing name, address, tax number (for companies).
6.2. Method and Duration of Data Storage
  • In electronic form on protected servers, secured with passwords and other security measures.
  • On paper (if applicable) at the headquarters or branch office, in a locked location.
  • Storage duration: until the fulfillment of legal obligations and the purpose of data processing, or until the withdrawal of consent. After this, the data will be deleted or anonymized.

7. Data Subjects’ Rights

7.1. Right to Information
The data subject has the right to request information about the purpose, legal basis, source, and duration of the processing of their personal data, as well as who may access it.
7.2. Right to Rectification
If the data subject believes that their personal data is inaccurate or incomplete, they may request its correction or completion.
7.3. Right to Erasure (“Right to be Forgotten”)
The data subject may request the deletion of their personal data if it is no longer needed for the original purpose or if the data subject withdraws consent and there is no other legal basis for processing.
7.4. Right to Data Portability
The data subject has the right to receive the data they have provided in a commonly used, machine-readable format, and may request that it be transmitted to another data controller.
7.5. Right to Object
  • The data subject may object at any time to the processing of their personal data if the legal basis for processing is the legitimate interest of the data controller.
  • The data subject has the specific right to object to the processing of their personal data for direct marketing purposes.

8. Data Security

8.1. Protection of Electronic Data
  • Multi-level authorization system.
  • Regular security backups.
  • Use of antivirus and firewalls.
8.2. Technical and Organizational Measures
  • Closed office network and secure Wi-Fi usage.
  • Storage of paper documents in locked cabinets.
  • Regular data protection training for employees and data processors.

9. Handling of Data Protection Incidents

9.1. Incident Reporting to Authorities (72-hour rule)
In the event of a data protection incident, the Data Controller shall notify the National Authority for Data Protection and Freedom of Information (NAIH) without undue delay, and if possible, no later than within 72 hours, except when it is unlikely to result in a risk to the rights and freedoms of the data subjects.
9.2. Notification of Data Subjects in Case of High Risk
If the incident is likely to result in a high risk to the rights and freedoms of data subjects, the Data Controller shall inform the data subjects without undue delay, describing the nature of the incident and the measures taken.

10. Data Processors and Third Parties

10.1. Hosting Provider
  • Name: Starcode Services Limited Liability Company
  • Headquarters: 1095 Budapest, Soroksári út 48. Building 1, 1st floor, 18.
  • Contact: mail@starcode.hu
  • Data Processing Activities: operation of the web server, technical maintenance. Processes personal data only based on the instructions of the Data Controller.

The Data Controller always enters into written contracts with these partners (data processors) in accordance with GDPR requirements. The contracts specify that the partners may only process the data based on the instructions of the Data Controller, for the specified purpose, and for the necessary duration.

11. Use of Cookies

11.1. Purpose and Types of Cookies
  • Session Cookies: essential for the operation of the website, deleted when the browser is closed.
  • Functional Cookies: enhance user convenience, for example, by remembering login details or selected language.
  • Analytical Cookies (e.g., Google Analytics): serve statistical purposes, help understand user behavior, and improve the website’s performance.
  • Marketing Cookies: support displaying relevant advertisements and measuring their effectiveness.
11.2. Managing User Preferences
  • Users can control cookie management through their browser settings, including disabling or deleting cookies.
  • Modifying cookie settings may cause some website functions to not work properly.
  • On the first visit to the website, users have the option to allow or reject non-essential (e.g., marketing) cookies via a pop-up window.

12. Data Protection Officer

The Iratmentő Foundation, as the data controller, is not required to appoint a Data Protection Officer pursuant to Article 37 of the GDPR.

13. Rights Enforcement Options for Data Subjects

13.1. Filing a Complaint with the National Authority for Data Protection and Freedom of Information (NAIH)
If the data subject believes that the processing of their personal data violates applicable laws, they may file a complaint with the National Authority for Data Protection and Freedom of Information:
  • Address: 1055 Budapest, Falk Miksa Street 9-11.
  • Phone: +36 (1) 391-1400
  • Email: ugyfelszolgalat@naih.hu
13.2. Possibility of Judicial Remedy
In case of violation of their rights, the data subject may seek judicial remedy. The lawsuit can be initiated either at the court of their place of residence or place of stay, at the data subject’s choice.

Foundation Data

REGISTRATION NUMBER: 19-01-0001947

TAX NUMBER:
19393948-1-19

IBAN:
10300002-13820027-00014901

Documents

Contact

info@iratmentoalapitvany.hu
Varga utca 19, 1st floor, door 1, 8291 Nagyvázsony
© 2025. IRATMENTŐ FOUNDATION