Effective from 22. March 2021.
The purpose of this Privacy Notice (the “Prospectus”) is to send a letter of intent sent by AnimalSoft Limited Liability Company, designated as Data Controller below, about its activities and products, future events and other promotions and information, and to provide information to the data subjects on the data management performed by the Data Controller in the course of its other direct marketing activities. Newsletters contain commercial advertising. The primary activity of AnimalSoft Limited Liability Company is to distribute Livestocker software to the public. The newsletter and other communications for the same purpose will only be sent electronically to the e-mail address provided.
In connection with the personal data of the subscribers, the data controller is subject to the data protection and advertising legislation in force at any time - in particular Act CXII of 2011 on the right to information self-determination and freedom of information, (hereinafter: “Information Act”); the protection of individuals with regard to the processing of personal data and the free movement of such data; and General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council repealing Regulation (EC) No 95/46 (hereinafter "GDPR"), electronic commerce services, and Act CVIII of 2001 on certain issues related to information society services, (hereinafter: the Eker Act), and Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity, (hereinafter: “Grt.”).
The data controller shall treat the personal data of the data subjects as confidential, ensures their protection, it shall also take the necessary technical and organizational measures and establish the rules of procedure necessary to enforce the GDPR and other data protection rules.
AnimalSoft Limited Liability Company (company registration number: 01-09-200958; registered office: 1013 Budapest, Pauler utca 6., phone: +36/30 326-0589, e-mail: email@example.com, hereinafter: “Data Controller”)
Scope of data processed, purpose and duration of data processing
The provision of the data of the person concerned is voluntary, however, in their absence, it is not possible to send a newsletter and send direct information about the Data Controller's offers. You are not obliged to provide your personal data, but in the absence of them we cannot inform you about our products and services on this channel.
Activity in connection with data management
Subscribing to newsletters, sending commercial advertising by direct inquiry
The Person Concerned
Individuals subscribing to the newsletter to be sent by the Data Controller
The data managed
The e-mail address of the person concerned
Purpose of data management
We process personal data for the purpose of further commercial advertising to the data subject (you),
send e-mails (e.g. newsletters and direct inquiry advertisements) concerning the Data Controller's products or services, containing a direct business acquisition or marketing request and other information concerning or related to the activities of the Data Controller, and that we are able to meet the related legal obligations.
Duration of data management
Until unsubscribing from the newsletter or otherwise withdrawing the data subject's consent, but at the most as long as the controller regularly sends newsletters or performs other direct inquiry advertising activities. Consent can be revoked at any time by sending an e-mail to the e-mail address specified above or by clicking on the link in the newsletter.
Legal basis for data management
Voluntary consent of the data subject, Article 6 (1) (a) of the GDPR, Eker Act. Section 13 / A. and Pursuant to Grt. Section 6 (1).
The data controller does not handle special data.
The Data Controller does not perform profiling.1
Persons having access to personal data
The data may be accessed by the employees of the Data Controller performing activities related to newsletters and specializing in marketing activities, as well as by other data processors named in this Prospectus, in order to perform their duties. Thus, for example, the data processors named in this Prospectus may get to know personal data for the provision of services, case management and data processing.
The data of the data subject will not be transferred to third parties, except for the transfer to the data processor defined below. In addition, the transfer of data to a third party or recipient will take place at most if we send advance notice of the potential recipient and thereafter the data subject consents in advance to the transfer or is otherwise required by law. In the course of its data management activities, the Data Controller does not transfer personal data to third countries or international organizations, except in the cases that may be indicated in this Prospectus.
In connection with the activities of the Data Controller according to this Prospectus, he/she is a user of the Mailchimp marketing platform. This data processor (Mailchimp) handles the management, organization and storage of subscriptions to the newsletter, and its services ensure that the newsletter is sent to a data subject only with the necessary consent. The Data Controller is affiliated with The Rocket Science Group LLC (which uses the name Mailchimp in the course of its business) (address: 675 Ponce de Leon Ave NE, Atlanta, GA 30308 USA; website: https://mailchimp.com/; contact: privacy @ mailchimp.com;) has a contractual relationship with it, which thus qualifies as a data processor.
This processor may store data in third countries (especially the United States of America). In order for the data to be transferred under the appropriate guarantees under the GDPR, the Data Controller and The Rocket Science Group LLC have entered into a data processing agreement which contains the general terms and conditions in accordance with European Commission Decision 2010/87 / EU. More information about the privacy compliance of this data processor can be found at https://mailchimp.com/gdpr/.
The Data Controller uses the Apptivo CRM system (i.e. the customer relationship management system,aimed at managing flows to the Data Controller's partners),
with Apptivo Inc., (39055 Hastings St, # 209 Fremont, CA 94538, USA; mailing address: 38750 Paseo Padre Pkwy, Suite # A2, Fremont, CA 94536, USA; e-mail: privacy @ apptivo .com; https://www.apptivo.com/privacy-policy/) is in a contractual relationship with it, who thus qualifies as a data processor.
This processor stores personal information in the United States. The data controller is also obliged to act in accordance with the provisions of the relevant legislation, in particular the GDPR.
Data security measures:
The Data Controller is obliged to ensure the security of the data,
it shall also take the technical and organizational measures and establish the rules of procedure which ensure that the data recorded, stored or processed are protected or prevent their destruction, unauthorized use and unauthorized alteration. It also draws the attention of third parties to whom the data of the data subject have been transmitted that they are obliged to comply with the data security requirement.
The Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorized persons. The Data Controller will do its utmost to ensure that the data is not damaged or destroyed. The above obligation is also ordered by the Data Controller for the employees participating in its data management activities and for the data processors acting on behalf of the Data Controller.
During the data management by the Data Controller, the personal data is stored on its own devices as well as in the data processing systems.
In order to prevent unauthorized access to the data, the Data Controller shall ensure the retention of personal data and prevent unauthorized access to its own assets as follows: Access to computers is password and firewall protected, computers run antivirus software. Data Manager has a Linux system running IPtables2. The Data Controller uses SSL encryption during communication.
Informing data subjects of a data protection incident2 if it occurs
2Privacy Incident: A security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal information that is transmitted, stored, or otherwise handled.
If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the Data Controller shall, without undue delay, inform the data subjects of the data protection incident in a clear and comprehensible manner.
The data subject need not be informed if any of the following conditions is met:
the data controller has implemented appropriate technical and organizational security measures, and these measures have been applied to the data affected by the data protection incident, in particular measures such as the use of encryption, which make the data incomprehensible to persons not authorized to access personal data;
the controller has taken further measures following the data protection incident to ensure that the high risk to the data subject's rights and freedoms is no longer likely to be realized;
information would require a disproportionate effort. In such cases, data subjects shall be informed through publicly available information, or a similar measure shall be taken which ensures similarly effective information to data subjects.
In addition to the rights set out above, data subjects may exercise the following rights in connection with the processing of data in accordance with this Prospectus. In case of exercising any rights of the data subject, please inform the Data Controller at one of the contact details provided in this Prospectus.
Right to information and access to personal data processed:
The data subject is entitled to receive feedback from the Data Controller on the issue, whether their personal data is being processed and, if such processing is in progress, they have the right to access their personal data and the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipient or categories of recipients to whom the personal data have been or will be communicated, including in particular third country consignees, and international organizations;
where applicable, the intended period for which the personal data will be stored, or, if that is not possible, the criteria for determining that period;
the right of the data subject to request the controller to rectify, erase or restrict the processing of personal data concerning him or her and to object to the processing of such personal data;
the right to lodge a complaint with a supervisory authority;
if the data were not collected from the data subject, all available information on their source;
the fact of automated decision-making, including profiling, and, at least in these cases, comprehensible information on the logic used and the significance of such data processing and the expected consequences for the data subject
If personal data are transferred to a third country or to an international organization, the data subject is entitled to be informed of the appropriate guarantees for the transfer.
The Data Controller shall provide the data subject with a copy of the personal data, subject to data processing. The Data Controller may charge a reasonable fee based on administrative costs. If the data subject has submitted the request electronically, the information shall be provided by the Data Controller in a widely used electronic format, unless the person concerned requests otherwise.
The right to request a copy referred to in the preceding paragraph shall not adversely affect the rights and freedoms of others.
At the request of the data subject, the Data Controller shall correct inaccurate personal data concerning the data subject (without undue delay). Taking into account the purpose of the data processing, the data subject has the right to request that his or her incomplete personal data be supplemented, inter alia, by means of a supplementary statement.
Right of cancellation ("forgetting"):
The data subject shall have the right to delete personal data concerning him / her at his / her request without undue delay if one of the following reasons exists:
personal data are no longer required for the purpose for which they were collected or otherwise processed;
the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing;
the data subject objects to the processing and there is no overriding legitimate reason for the processing or if the processing would be linked to a direct acquisition;
personal data have been processed unlawfully;
personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the controller;
personal data have been collected in connection with the provision of information society services.
The Data Controller shall not be obliged to delete personal data if they are necessary for one of the following purposes:
for the purpose of exercising the right to freedom of expression and information;
compliance with an obligation under Union or Member State law applicable to the controller to process personal data or in the public interest;
for preventive health or occupational health purposes, the assessment of the worker's ability to work, the making of a medical diagnosis, the provision of health or social care or treatment, and to manage health or social systems and services, under Union or Member State law or under contract to a healthcare professional and the processing of such data by or under the responsibility of a professional who is bound by professional secrecy as laid down in Union or Member State law or in rules laid down by the competent authorities of the Member States , or by another person who is also subject to an obligation of confidentiality laid down in Union or Member State law or in rules laid down by the competent authorities of the Member States;
in the public interest in the field of public health, such as protection against serious cross-border threats to health or the provision of high quality and safety of healthcare, medicines and medical devices, and under Union or Member State law which provides for appropriate and specific measures to guarantee the rights and freedoms of the data subject, and in particular professional secrecy;
in the public interest in the field of public health and the processing of such data by or under the responsibility of a professional; who is bound by professional secrecy as laid down in Union or Member State law or in rules laid down by the competent authorities of the Member States, and by another person who is also subject to an obligation of confidentiality laid down in Union or Member State law or in rules laid down by the competent authorities of the Member States;
for archiving in the public interest, for scientific and historical research purposes or for statistical purposes, where the right of erasure would be likely to make it impossible or seriously jeopardize such processing; 2; or
to submit, assert or defend legal claims.
Right to restrict data processing:
At the request of the data subject, the Data Controller shall restrict the data processing if one of the following conditions is met:
- the data subject contests the accuracy of the personal data, in which case the restriction shall apply for a period which allows the data subject to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the data and instead requests that their use be restricted;
- the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims; or
- the data subject has objected to the data processing in connection with the data processing of the Data Controller based on the public interest or a legitimate interest; in that case, the restriction shall apply for as long as it is established whether the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject.
If the processing is subject to a restriction on the basis of the above, such personal data, with the exception of storage, shall be subject to the consent of the data subject or to the submission, enforcement or protection of legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the European Union or of a Member State.
The Data Controller shall inform the data subject, at whose request the data processing has been restricted on the basis of the above, of the lifting of the data processing restriction in advance.
The data subject has the right to receive the personal data concerning him / her made available to the Data Controller in a structured, widely used, machine-readable format, it is also entitled to transfer this data to another data controller without being hindered by the Data Controller if the data processing is based on consent or a contract and the data processing is carried out in an automated manner.
In doing so, the data subject shall have the right, if technically feasible, to request the direct transfer of personal data between data controllers.
The exercise of the right to data portability shall not infringe the right of erasure ("forgetting"). That law does not apply where the processing is in the public interest or necessary for the performance of a task carried out in the exercise of its public powers conferred on the controller.
The right to data portability must not adversely affect the rights and freedoms of others.
The data subject has the right to object to the processing of his / her personal data by the Data Controller at any time (for reasons related to his / her own situation), if the legal basis of the data processing is the performance of a task performed in the public interest or in the exercise of a public authority conferred on the Data Controller, or the need to enforce the legitimate interests of the Data Controller or a third party, including profiling based on those claims. In this case, the Data Controller may no longer process the personal data, unless it can be demonstrated that the processing is justified by compelling legitimate reasons, which take precedence over the interests, rights and freedoms of the data subject, or relating to the filing, enforcement or defense of legal claims.
Where personal data are processed for the direct purpose of obtaining a business, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for that purpose, including profiling insofar as it relates to direct business acquisition. If the data subject objects to the processing of personal data for the direct acquisition of business, then personal data may no longer be processed for this purpose.
The data subject is entitled to the fact that if the data controller’s data management is based on his or her consent, it shall withdraw its consent at any time. Withdrawal of consent shall not affect the lawfulness of the consent-based at a processing prior to withdrawal.
Procedure in the event of an application by a data subject concerning the exercise of the above rights:
The Data Controller shall, without undue delay, but no later than within one month of receipt of the request, inform the data subject of the action taken on his or her request. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months.
The Data Controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request. If the data subject has submitted the request by electronic means, the information shall, as far as possible, be provided by electronic means, unless the data subject requests otherwise.
If the Data Controller does not take action on the basis of the data subject's request, it shall inform the data subject of the reasons for the non-action without delay, but no later than within one month from the receipt of the request,and that the person concerned may lodge a complaint with a supervisory authority and have the right to a judicial remedy.
The Data Controller shall provide the requested information and details free of charge, provided that, if the data subject's request is manifestly unfounded or, in particular due to its repetitive nature, excessive, the Data Controller may charge a reasonable fee or refuse to act on the request, taking into account the administrative costs of providing the requested information or action or taking the requested action.
The Data Controller shall inform all recipients to whom or with whom the personal data have been communicated of any rectification, erasure or restriction on data processing, unless this proves impossible or requires a disproportionate amount of effort. Upon request, the Data Controller shall inform the data subject of the identity of these recipients.
Personal information about children and third parties
Persons under the age of 16 may not provide personal information unless they have been asked for permission from a person exercising parental responsibility. By making the personal data available to the Data Controller, the parent, as a data subject, declares and guarantees that he / she will act in accordance with the above, its capacity to act in relation to the provision of information is not limited.
If you are not legally entitled to provide any personal data independently, you are obliged to obtain the consent of the third parties concerned (e.g. legal representative, guardian, other person, such as the consumer, on whose behalf acting), or provide another legal basis for making the data available. In this context, you must consider whether the consent of a third party is required in connection with the provision of the personal data in question. The Data Controller may not come into personal contact with you, so you are obliged to ensure compliance with this section and the Data Controller is not liable in this connection. Regardless of this, the Data Controller is always entitled to check whether the appropriate legal basis for the processing of any personal data is available. For example, if you are acting on behalf of a third party, such as a consumer, we are entitled to request your authorization and / or the data subject's appropriate consent to the processing of the data.
The Data Controller will make every effort to delete any personal data that have been made available to it without authorization. The Data Controller ensures that, if it becomes aware of this, this personal data will not be transferred to another person or used by the Data Controller.
Please let us know immediately at the contact details provided in the Contact Details section if you become aware that a third party has unauthorizedly provided personal data about you to the Data Controller.
Please send any questions or requests related to your personal data and data management stored in the system to the e-mail address firstname.lastname@example.org or in writing to our address at 613 Pauler utca 6, Budapest, or contact us by phone at +36/30 326 -0589. Please note that we are only able to provide information or take action on the processing of your personal data for your benefit if you have provided credible proof of identity.
If you have any questions, requests or comments regarding the processing of your personal data, please contact us at one of the contact details provided in this Prospectus.
You can initiate an investigation at the National Data Protection and Freedom of Information Authority [mailing address: 1530 Budapest, Pf.: 5., phone: +36 (1) 391-1400, email: email@example.com, website: www.naih.hu] on the grounds that the processing of your personal data has been infringed or is in imminent danger.
If the data subject’s rights, are violated he / she may also take legal action against the Data Controller. The court is acting out of turn in the case. The Data Controller is obliged to prove that the data processing complies with the provisions of the law. The trial falls within the jurisdiction of the tribunal. The action may, at the option of the person concerned, also be brought before the court of the place where the person concerned is domiciled or resident.
11Profiling is any form of automated processing of personal data in which personal data is used to evaluate or predict certain personal characteristics of the user (e.g., characteristics related to personal preferences, interests, health, behavior, location, or movement).
2The processing of personal data for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes shall be subject to appropriate safeguards to protect the rights and freedoms of the data subject. These guarantees must ensure that technical and organizational measures are in place to ensure, in particular, that the principle of data protection is observed. E These measures may include pseudonymisation, provided that such objectives can be achieved in this way. If these purposes can be achieved through further processing of the data in a way that does not or no longer allows the identification of data subjects, the purposes shall be achieved in this way.