Data management information. The purpose of this document is for Zoltán Gábor Erdei photo artist, the owner of bagatellography.com as the data controller (hereinafter referred to uniformly as the “Data Controller”), to outline the data protection rules, procedures, and security measures applied to personal data within the Data Controller’s organization. Furthermore, the Data Controller informs its clients, partners, and all individuals and legal entities that have any legally interpretable relationship with the Data Controller and whose personal data may be affected during its management, of the rules regarding the processing of personal data it handles, the security measures and procedures in place, and the methods of data processing. The Data Controller considers the rules, provisions, and obligations outlined in this Data Management Information to be legally binding upon itself and applies them in its operations. It also declares that the data protection rules and procedures described and implemented in this document comply with the applicable national and European Union data protection laws. The Data Controller further states that it regards the right to informational self-determination, particularly concerning personal data, as essential and undertakes all available organizational, operational, regulatory, and technological measures within its jurisdiction to ensure the adherence to and enforcement of these rights.

Data Controller Information

Name: Zoltan Gabor Erdei

Adress: Hungary, 9744 Vasasszonyfa, Széchenyi u. 69.

Email: gabenwoody@gmail.com

Contact Information of the Data Controller 

For privacy-related inquiries, the Data Controller can be contacted at the following:

Email: gabenwoody@gmail.com

The Data Controller retains personal data inquiries for a defined period related to this data processing. After this period, the data will be irrevocably deleted.

Data Controller’s Data Protection Officer  

Name: Zoltan Gabor Erdei

Email Address: gabenwoody@gmail.com

Processed Personal Data

Data Related to Online Administration

Data Processing Purpose: Contact

Possible Consequences of Not Providing Data: Inquiry or information may not be possible.

Data Processed in Data Management: 

– Name

– Email Address

– Phone Number

– Message

Data Retention Period for Processed Data:

The provided data will be stored indefinitely.

Third-Party Analytical Cookies – Analytics Cookies:  

The Data Controller’s website utilizes Google Analytics and Microsoft Clarity as third-party cookies. Using these statistical services, the Data Controller’s server collects information on website visitors. The data is utilized to develop the website and improve user experience. These cookies will be stored on the visitor’s computer or other device used for browsing until they expire.

Purpose, Method, and Legal Basis of Data Processing

General Data Management Guidelines:

The Data Controller processes personal data in the listed data management activities solely for the purpose specified in the data processing and based on the legal grounds provided therein, in accordance with the laws listed below.  The processing of personal data occurs with the voluntary consent of the Data Subject, which the Data Subject is entitled to withdraw at any time.  In certain cases and under specific exceptional circumstances, the Data Controller is required to manage, transfer, forward, or store certain personal data differently than described in the data management activities due to statutory obligations. In such cases, the Data Controller will ensure that the Data Subjects are notified, provided that the provisions of the relevant law permit this or do not explicitly prohibit it.

Laws Providing the Basis for Data Processing

The Data Controller processes personal data based on the following laws:
– GDPR: Regulation (EU) 2016/679 of the European Parliament and Council (April 27, 2016)
– Act V of 2013 on the Civil Code (Ptk.);

Physical Storage Locations of Data

The Data Controller stores personal data in its integrated IT system. The components of the system are located at the following geographical and physical sites:

Service provider: 1A Group Szolgáltató Kft.

Location: HU9700 Szombathely , Király utca. 21-23, HUNGARY.

Description: Web hosting service.

Method of IT Storage and Logical Security of Data

The Data Controller primarily manages personal data through a well-established and protected IT system. During the operation of the IT system, the Data Controller ensures that the information security fundamental attributes of the data stored, processed, and transmitted on the system are maintained at an appropriate level, including:
– Integrity: The authenticity and unchanged state of the data are ensured.
– Confidentiality: Access to the data is limited to authorized individuals, and only to the extent of their authorization.
– Availability: The data is accessible and available to authorized individuals within the expected availability timeframe. The necessary IT infrastructure is maintained in a ready state.

The Data Controller protects the processed data with a structured system of:

– Organizational and operational
– Physical security
– Information security protective measures.
The Data Controller develops and operates its protective measures, as well as the protective levels of individual measures, in proportion to the risks arising from threats to the data being protected. From a data protection perspective, these protective measures primarily aim to safeguard against accidental or intentional deletion, unauthorized access, willful and malicious disclosure, accidental disclosure, data loss, and data destruction.

Data Transfer, Data Processing, and the Circle of Individuals Who Have Access to the Data

The data is primarily accessible to the Data Controller and its internal staff in accordance with the rules of authorization, the authorization system, and other internal regulations. The Data Controller may engage third-party data processors to perform certain operations or tasks related to data. The Data Controller does not publish the data and does not transfer it to other third parties.

Rights of the Data Subject

The Data Subject has the right to exercise the rights described below concerning their personal data processed by the Data Controller.

Right of Access (GDPR Article 15)  

The Data Subject is entitled to receive feedback from the Data Controller as to whether their personal data is being processed, and if such data processing is taking place, they have the right to access their personal data and the following information:
– The purposes of the data processing;
– The categories of the Data Subject’s personal data;
– The recipients or categories of recipients to whom the personal data has been or will be disclosed, including particularly third-country recipients and international organizations;
– The planned duration of storage for the personal data;
– The Data Subject’s right to rectification, erasure, or restriction of processing, as well as the right to object to data processing;
– The right to lodge a complaint with a supervisory authority;
– If the data has not been collected from the Data Subject, any available information on its source;
– The existence of automated decision-making, including profiling, as well as meaningful information about the logic involved and the significance of such processing for the Data Subject, as well as the expected consequences.
The Data Controller will provide a copy of the personal data subject to processing in one copy to the Data Subject. For any additional copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs. If the request is submitted electronically, the Data Controller will provide the requested information in commonly used electronic format unless the Data Subject requests otherwise, within a maximum of 30 days from the submission.

Right to Rectification (GDPR Article 16)

The Data Subject has the right to request the Data Controller to rectify any inaccurate personal data concerning them without undue delay and has the right to request the completion of incomplete personal data, taking into account the purposes of the data processing.

Right to Erasure (GDPR Article 17)

The Data Subject has the right to request the Data Controller to delete their personal data without undue delay, and the Data Controller is obliged to erase the Data Subject’s personal data under specified conditions.

Right to Data Portability (Article 20)

The Data Subject has the right to receive personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format, and to transmit that data to another Data Controller.

Right to Object (Article 21)

The Data Subject has the right to object to the processing of their personal data at any time on grounds relating to their particular situation, including profiling based on those provisions. In this case, the Data Controller shall no longer process the personal data, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject, or which relate to the establishment, exercise, or defense of legal claims.

Automated Individual Decision-Making, Including Profiling (Article 22)

The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

Right of Withdrawal

The Data Subject has the right to withdraw their consent regarding the processing of their personal data at any time.

Remedies  

In the event of a violation of their rights, the Data Subject may request information, seek remedies, or file a complaint through the provided contact details or with the designated Data Protection Officer. If these measures prove ineffective, the Data Subject has the right to approach a court or contact the National Authority for Data Protection and Freedom of Information. Contact Information for the National Authority for Data Protection and Freedom of Information (NAIH):

Name: National Authority for Data Protection and Freedom of Information (NAIH)

Headquarters: 1125 Budapest, Szilágyi Erzsébet

Mailing Address: 1530 Budapest, P.O. Box 5

Phone: +36 (1) 391-1400

Fax: +36 (1) 391-1410
Email:** ugyfelszolgalat@naih.hu
Website:** http://www.naih.hu

Other Provisions
In the event of an official inquiry or a request from another organization based on legal obligations, the Data Controller may be required to release data. In such cases, the Data Controller will strive to provide only the minimum necessary personal data that is essential in terms of the obligation to disclose data.