Scope and Principles
This Privacy Policy has been prepared by Viktor Óvári, sole proprietor (tax number: 90871827-1-41; registered seat: 1036 Budapest, Lajos utca 78., 6th floor) as the exclusive Organizer for the Your Art Mosaic World Program (hereinafter: the “Program”). This Privacy Policy (hereinafter: the “Policy”) sets out the data processing rules of the Program.
The Organizer is the data controller, and has initiated the registration of the present data processing with the National Authority for Data Protection and Freedom of Information of Hungary.
The scope of this Policy covers the data controller, its employees and contracted partners, as well as the participants of the Your Art Mosaic World Program.
Viktor Óvári, sole proprietor (tax number: 90871827-1-41; registered seat: 1036 Budapest, Lajos utca 78., 6th floor) is the actual controller of personal data related to the Program and processes your data fairly and lawfully in accordance with the applicable Hungarian legislation and the expectations of the European Union.
Contact details of the data controller (Viktor Óvári, sole proprietor):
Data processing performed at 1036 Budapest, Lajos utca 78., 6th floor is always based on the voluntary consent of the data subject under Act CXII of 2011 (the “Info Act”). Data will not be transferred to unauthorized persons and will not be disclosed to the public.
The participation rules are continuously available at: mozaik.yourart.hu
Any amendments to this Policy will be indicated on an ongoing basis.
Below, Viktor Óvári, sole proprietor, sets out his data processing principles, including the requirements he imposes on himself as controller and adheres to. These principles are consistent with the applicable data protection legislation, in particular:
Definitions
1.1. Data subject: any identified or—directly or indirectly—identifiable natural person based on personal data.
1.2. Personal data: any data relating to the data subject—especially the data subject’s name, identification mark, or one or more factors specific to their physical, physiological, mental, economic, cultural, or social identity—as well as any conclusions that can be drawn from the data regarding the data subject.
1.3. Consent: a voluntary and explicit declaration of the data subject’s wishes, based on adequate information, by which the data subject gives their unequivocal agreement to the processing of personal data relating to them, in whole or in part.
1.4. Objection: a statement by the data subject objecting to the processing of their personal data and requesting the termination of processing or the deletion of the processed data.
1.5. Controller: a natural or legal person, or an organization without legal personality,
which—alone or jointly with others—determines the purposes of data processing, makes and implements decisions regarding data processing (including the means used), or has them implemented by a processor.
1.6. Processing: any operation or set of operations performed on data, regardless of the method applied; in particular, collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, alignment or combination, blocking, deletion, destruction, and preventing further use of the data.
1.7. Data transfer: making data available to a specified third party.
1.8. Disclosure: making data available to anyone.
1.9. Data deletion: rendering data unrecognizable in a way that makes its restoration
impossible.
1.10. Data marking: attaching an identifier to data for the purpose of distinguishing it.
1.11. Data blocking: marking data with an identifier to restrict its further processing
definitively or for a specified period.
1.12. Data destruction: the complete physical destruction of the data carrier containing the data.
1.13. Data processing (technical): performing technical tasks related to processing
operations, irrespective of the method and means used and the place of application, provided the technical task is performed on the data.
1.14. Processor: a natural or legal person, or an organization without legal personality, which processes data on the basis of a contract with the controller (including contracts mandated by law).
1.15. Third party: a natural or legal person, or an organization without legal personality, other than the data subject, the controller, or the processor.
1.16. Third country: any state that is not an EEA state.
Fundamental Principles of Processing by Viktor Óvári (sole proprietor)
Personal data may be processed if
Personal data may also be processed where obtaining the data subject’s consent is impossible or would involve disproportionate costs, and processing is necessary to comply with a legal obligation applicable to the controller, or is necessary for the purposes of the legitimate interests pursued by the controller or a third party, provided that such interests are proportionate to the restriction of the right to the protection of personal data.
If personal data is collected with the data subject’s consent, and in the absence of any legal provision to the contrary, the controller may process the collected data without further specific consent and even after the withdrawal of consent:
Personal data may only be processed for a specified purpose, for the exercise of a right, or for the fulfillment of an obligation. Processing must comply with this purpose at all stages, and the collection and processing of data must be fair.
Only personal data that is essential for the realization of the purpose of processing and suitable for achieving that purpose may be processed, and only to the extent and for the duration necessary.
Personal data may be processed only on the basis of informed consent.
Before processing begins, the data subject must be informed whether processing is based on consent or is mandatory. The data subject must be clearly, intelligibly, and thoroughly informed of all facts relating to the processing of their data, including in particular the purpose and legal basis of processing, the person entitled to carry out processing and technical processing, the duration of processing, whether the controller processes personal data with the data subject’s consent and/or to comply with a legal obligation or to enforce a legitimate interest, and who may access the data. The information must also cover the data subject’s rights and remedies.
Data processing must ensure the accuracy, completeness, and up-to-dateness of data and that the data subject can be identified only for the time necessary for the purpose of processing.
Personal data may be transferred to a controller conducting processing or to a processor carrying out processing in a third country if the data subject has expressly consented, or if the above conditions for processing are otherwise met and an adequate level of protection of personal data is ensured during the processing and handling of the transferred data in the third country. Transfers to EEA states shall be treated as if the transfer took place within the territory of Hungary.
Categories of Personal Data, Purpose, Legal Basis, and Duration of Processing
Data processing activities of Viktor Óvári, sole proprietor, are based on voluntary consent. In certain cases, the processing, storage, and transfer of some of the provided data may be required by law; in such cases, we will provide separate notice.
Attention is drawn to the obligation of any person providing personal data to obtain the consent of the data subject if they are providing data other than their own.
Visitors to the mozaik.yourart.hu website
Purpose of processing: organizing the Your Art Mosaic World Program; participation in events through registration on mozaik.yourart.hu; administering gift promotions; sending newsletters and information; maintaining contact.
To achieve these purposes, the controller records the personal data of the website user (including but not limited to: name, email address, phone number), records the data of the user profile associated with the unique identifier, and records data collected during program attendance or other activities (e.g., voluntary completion of questionnaires).
Other Processing
Courts, prosecutors, investigating authorities, misdemeanor authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information, or other bodies authorized by law may request that the controller provide information, disclose or transfer data, or make documents available.
Viktor Óvári, sole proprietor, will provide personal data to the authorities only to the extent strictly necessary to achieve the purpose of the request, provided that the authority has specified the exact purpose and the scope of the requested data.
Data Security
Data are stored on the server of Viktor Óvári, sole proprietor (1036 Budapest, Lajos utca 78., 6th floor).
In selecting and operating the IT tools used to provide the service and process personal data, the controller ensures that the processed data:
Viktor Óvári protects data by appropriate measures, particularly against unauthorized access, alteration, transmission, disclosure, deletion or destruction, accidental destruction or damage, and against becoming inaccessible due to changes in the applied technology.
To protect electronically managed data sets in various registers, the controller applies
appropriate technical solutions to ensure that stored data—unless permitted by law—cannot be directly linked and assigned to the data subject.
Taking into account the state of the art, the controller implements technical, organizational, and organizational (administrative) measures to ensure a level of security appropriate to the risks associated with processing.
During processing, the controller preserves:
The IT systems and networks of Viktor Óvári and his partners are protected against
computer-assisted fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, hacking, and denial-of-service attacks. Security is ensured by server-level and application-level protective procedures.
Users are informed that electronic messages transmitted over the internet—regardless of protocol (email, web, ftp, etc.)—are vulnerable to network threats that may lead to unfair activity, contractual disputes, or the disclosure or modification of information. The service provider takes all reasonable precautions to protect against such threats. Systems are
monitored so that any security deviation can be recorded and evidence can be provided in the event of a security incident. System monitoring also allows verification of the effectiveness of the applied measures.
Data Transfer
I acknowledge that the personal data stored in the user database of mozaik.yourart.hu by Viktor Óvári, sole proprietor (tax number: 90871827-1-41;
registered seat: 1036 Budapest, Lajos utca 78., 6th floor), will be transferred to OTP Mobil Kft. as data processor.
Scope of data transferred: name, email address, phone number, billing address.
The nature and purpose of the data processing performed by the processor are set out in the SimplePay Privacy Notice, available at: http://simplepay.hu/vasarlo-aff
Remedies
Users may request information at any time regarding the processing of their personal data, and may request correction or—except for processing mandated by law—deletion. (email: mozaik@yourart.hu)
Viktor Óvári, sole proprietor, provides detailed information on the data processed, their source, the purpose, legal basis, and duration of processing, the name and address of the processor, and the processor’s activities related to the processing.
Upon the data subject’s request, the controller will provide information free of charge, as soon as possible but no later than 30 days, regarding the personal data processed and/or processed by a processor on its behalf, and regarding the issues addressed in the request. At the data subject’s request, the controller will correct, complete, or delete personal data within a maximum of 3 working days.
The data subject has the right to object to processing.
If the controller fails to comply with legal requirements or processes personal data unlawfully, the data subject may lodge a complaint directly with the National Authority for Data Protection and Freedom of Information (NAIH) (1125 Budapest, Szilágyi Erzsébet fasor 22/c; tel: +36 1 391 1400; fax: +36 1 391 1410; email: ugyfelszolgalat@naih.hu;
website: www.naih.hu, or bring the matter before the competent court.
2025. 02. 23.
