Who are we?
1.1 The website zoltanhevesi.hu is owned and operated by Queen Code Kft as a legal entity.
Our Contact Information:
Queen Code Kft
1113 Budapest, Hamzsabégi út 60 D/4 Fszt. 148
Tax number: 32266041-2-43
Email: hello at zoltanhevesi.hu
Please contact us if you have any questions or feedback regarding this policy.
What is the purpose of this policy?
2.1 This policy explains how we handle your “personal data” (i.e., any information related to an identified or identifiable living person). Please read this to understand what personal data we collect, how we use and protect it, who we share it with, and how you can access and correct it.
2.2 Please do not use our site unless you are completely satisfied with this policy. If you use our site, we assume that you accept it.
Can this policy change?
3.1 Yes, it may change, so it is advisable to check it each time you visit our site. We assume that you accept the revised policy if you use the site after the effective date stated at the top of the policy.
What personal or other data do we collect?
4.1 We collect and store the information you provide through forms on our website—such as your name, address, email address, phone number, etc.—or when you communicate with us via email or other means.
4.2 Certain information may be automatically collected and stored when you interact with us. Examples include your computer’s IP address, connection details such as browser type and version, operating system and platform, device type, a unique reference number linked to system data, login details, full URL clickstream to, through, and from our website (including date and time), cookie number, and activity on our website, such as pages visited and searches conducted.
What about cookies?
5.1 We use cookies. A cookie is a small file of letters and numbers that we place on your computer. Our site’s functionality will be limited if you do not accept cookies.
5.2 Cookies are widely used to help websites function properly, operate more efficiently, and provide information to the website owner or others. Session cookies are temporary and remain in your browser’s cookie file until you leave the site. Persistent cookies stay in your browser’s cookie file for a longer period (depending on the cookie’s lifespan). For more information about cookies and how to block them, visit www.allaboutcookies.org.
5.3 We use cookies on this site for the following purposes:
a) Session Cookies: These enable the website to track your movement from page to page and remember your choices so you don’t have to re-enter the same information repeatedly.
b) Google Analytics (GA) Cookies: Google sets persistent cookies (up to two years) to recognize and count visitors and track details such as visit duration, navigation path, and referring websites. This helps us improve site functionality. Click here for more information on GA cookies. Click here to opt out of Google Analytics.
How do we use your personal data?
6.1 We use your personal data to provide our services, such as sending service messages, processing payments, and fulfilling orders.
6.2 We use your personal data to communicate with you effectively when you attempt to contact us via our website.
6.3 If you have given permission on our site, we may use your personal data to send emails (or other communications such as phone calls or SMS) about our or third-party products and services that may interest you, including special offers or promotions.
6.4 Personal data may be used to recognize you when you visit or return to our site, track anonymous traffic and usage patterns, prevent or detect fraud, and help improve our website. We may use cookies for these purposes (see above).
6.5 Personal data from closed accounts may be retained to comply with legal obligations, enforce our terms, prevent fraud, collect outstanding fees, resolve disputes, troubleshoot issues, assist investigations, and take other actions permitted by law.
6.6 We may process, remove, modify, store, or use any personal data if we reasonably believe it violates our terms or is necessary to protect us or others, comply with legal requirements, or assist authorities in criminal investigations.
How do we protect personal data?
7.1 Security is a priority. We take appropriate precautions to protect personal data.
7.2 Email and other electronic communications are not secure unless encrypted. Your communication may pass through multiple countries’ servers before reaching us. Therefore, we are not responsible for unauthorized access to or loss of personal data due to factors beyond our control. We are also not responsible for the actions or omissions of other users or third parties who misuse personal data collected from our website.
To whom do we disclose personal data?
8.1 Payment data, including credit card numbers, is handled directly by our payment partner, Stripe, Inc. We do not receive such information. To ensure that your data is not used without your consent, our payment partners may share your personal data with relevant third parties, including credit reference and fraud prevention agencies, which may retain this information.
8.2 We may allow third parties to access your personal data if they provide services to us. Examples include e-commerce platform providers, website operators, and businesses that assist us with communication or website monitoring.
8.3 We do not disclose your personal data to third parties for marketing purposes.
8.4 Very important: Any information you provide in an inquiry, including your name, email address, phone number, etc., may be shared with the restaurant or other organization to which the inquiry pertains.
8.5 We may disclose personal data to the extent reasonably necessary: a) if we have reason to believe that it violates our terms and conditions, or if such actions are necessary to protect ourselves or others, to prevent a crime, if a complaint has been filed about content you have posted, or if required by law or an appropriate authority; or b) in the event of an actual or proposed sale, merger, or business combination (including negotiations) that affects all or part of our business.
8.6 Personal data may be stored or transferred outside the European Economic Area (EEA) for the purposes specified in this policy. If so, we will, of course, comply with the relevant laws on data transfers outside the EEA.
8.7 Unless otherwise stated in this policy, this document only deals with the use and disclosure of information collected from you. If you disclose your data to a third party, whether they are other users of our site or other websites, different rules may apply to the use or disclosure of your data.
How can you access and correct personal data?
9.1 You can access and correct your personal data by contacting us in the manner indicated on our website.
What are the principles of data processing?
10.1 Personal data must be processed in accordance with the following principles:
a) Lawfulness, fairness, and transparency: Data must be processed lawfully, fairly, and transparently for the data subject.
b) Purpose limitation: Data may only be collected for specified, explicit, and legitimate purposes and may not be processed in a manner incompatible with those purposes.
c) Data minimization: Data must be adequate, relevant, and limited to what is necessary for the purposes of processing.
d) Accuracy: Data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that inaccurate personal data, in relation to the purposes of processing, are deleted or rectified without delay.
e) Storage limitation: Data must be stored in a form that allows identification of data subjects only for as long as necessary for the purposes of processing personal data.
f) Integrity and confidentiality: Data processing must be carried out in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, by applying appropriate technical or organizational measures.
g) Accountability: The data controller is responsible for compliance with the above and must be able to demonstrate such compliance.
Our company processes data in accordance with the provisions of this section.
What are the rights of data subjects?
11.1 Right of access – The data subject has the right to receive confirmation from the data controller as to whether their personal data is being processed, and if so, to access their personal data and the information listed in GDPR Articles 13-15 (such as the data controller’s details, the purpose and legal basis of processing, recipients or categories of recipients, and the duration or criteria for determining the storage period).
11.2 Right to rectification – The data subject has the right to request that the data controller rectify inaccurate personal data concerning them without undue delay. Taking into account the purpose of processing, the data subject also has the right to request the completion of incomplete personal data, including through a supplementary statement.
11.3 Right to erasure (‘right to be forgotten’) – The data subject has the right to request that the data controller erase their personal data without undue delay, and the data controller is obliged to erase the personal data without undue delay if any of the following reasons apply: a) The personal data is no longer necessary for the purposes for which it was collected or otherwise processed; b) The data subject withdraws their consent under GDPR Article 6(1)(a) or Article 9(2)(a), and there is no other legal basis for the processing; c) The data subject objects to the processing under GDPR Article 21(1), and there are no overriding legitimate grounds for the processing, or the data subject objects under Article 21(2); d) The personal data has been unlawfully processed; e) The personal data must be erased to comply with a legal obligation under EU or Member State law applicable to the data controller; f) The personal data has been collected in relation to the offer of information society services referred to in GDPR Article 8(1).
11.4 Right to be forgotten – If the data controller has made the personal data public and is obliged to erase it, they will take reasonable steps, including technical measures, to inform other controllers processing the data that the data subject has requested deletion of any links to, copies, or replications of the personal data, considering available technology and implementation costs.
11.5. Right to Restriction of Processing
The data subject has the right to obtain from the controller restriction of processing where one of the following applies:
· The data subject contests the accuracy of the personal data, in which case the restriction applies for a period enabling the controller to verify the accuracy of the personal data.
· The processing is unlawful, and the data subject opposes the erasure of the data and requests the restriction of its use instead.
· The controller no longer needs the personal data for processing purposes, but the data subject requires it for the establishment, exercise, or defense of legal claims.
· The data subject has objected to processing; in this case, the restriction applies while it is verified whether the legitimate grounds of the controller override those of the data subject.
11.6. Right to Data Portability
The data subject has the right to receive the personal data concerning them, which they have provided to the controller, in a structured, commonly used, and machine-readable format. The data subject also has the right to transmit those data to another controller without hindrance from the controller to which the personal data were provided.
11.7. Right to Object
In cases where processing is based on legitimate interest or the exercise of official authority, the data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data, including profiling based on those provisions.
11.8. Objection to Direct Marketing
If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling related to direct marketing. If the data subject objects to processing for direct marketing purposes, their personal data shall no longer be processed for this purpose.
11.9. Automated Decision-Making in Individual Cases, Including Profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
Legal Remedies
The data subject has the following legal remedies concerning our company’s data processing:
12.1. Request for Further Information
The data subject may request information about the processing of their personal data at any time. They may also request the correction of their personal data and, where processing is based on consent, request the deletion of their personal data or withdraw their consent.
Upon request, we provide information on the personal data processed by us or by our commissioned processor, including the purpose, legal basis, and duration of processing. We will delete personal data if its processing is unlawful, upon request, if the purpose of processing has ceased, if it is incomplete or incorrect and cannot be lawfully corrected—unless deletion is prohibited by law—or if the legally prescribed storage period has expired, or if a court or the data protection authority has ordered deletion.
12.2. Filing a Complaint with the National Authority for Data Protection and Freedom of Information (NAIH)
The data subject has the right to file a complaint with NAIH and request an investigation or administrative procedure concerning our company’s data processing.
NAIH Contact Information:
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Phone: +36-1-391-1400
Fax: +36-1-391-1410
Website: www.naih.hu
Email: ugyfelszolgalat@naih.hu
END