This document provides information about the data processing practices of Zwack Unicum Nyrt. acting as data controller on the https://www.unicumhaz.hu/hu informational website.

 Please read the following information carefully.

1. Purpose of this document

Zwack Unicum Nyrt. controls the personal data of data subjects (hereinafter referred to as “Data Subject” or “User”) visiting the https://www.unicumhaz.hu/hu informational website (hereinafter referred to as the “Website”), in accordance with the Freedom of Information Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as “Privacy Act”), as well as with Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “Regulation” or “GDPR”).

The data controller hereby notifies the Data Subjects about the personal data controlled by them on the Website, the purpose of data controlling, the controlled data’s retention time, storage and transfer methods, the principles and practices followed in the course of data processing, as well as the means and methods for the data subjects to exercise their rights.

Zwack Unicum Nyrt. reserves the right to unilaterally modify this document at any time.

2. The Data Controller

Zwack Unicum Nyrt. (hereinafter referred to as “Zwack” or “Data Controller”) is the data controller for the data published on the Website.

Zwack’s registered office:	1095 Budapest, Soroksári út 26.
Court of Registration:	Metropolitan Registry Court (Registry Court of Budapest)
Company registry number:	01-10-042048
Tax number:	10795044244
E-mail address:	adatvedelem@zwackunicum.hu
Main telephone number:	+36 1 456-5200

3. Data processing activities on the informational website of the Company
   • Press registration

Zwack hereby notifies the User that based on the preliminary online registration and conformation carried out on the  https://www.unicumhaz.hu/hu/sajtoregisztracio  site, Zwack ensures entry to the House of Unicum and the Zwack Palinka Distillery in Kecskemét (hereinafter referred to as Museum) free of charge for the representatives of the press. After the data had been provided and the registration carried out, Zwack will confirm the registration through automatic e-mail message sent to the e-mail address provided by the data subject.

Purpose of the data processing: for the purpose of cooperation with the representatives of the press related to the museum visit, providing the opportunity of preliminary registration for the representatives of the press, in which case entry to the Museums is provided free of charge.

Legal basis of the data processing: the definitive informed consent of the data subject given voluntarily, which consent is granted by user by clicking on the “Send registration” button, based on the information included in the present document. (based on Point a) Subsection (1) Section 5 of the Privacy Act, as well as Article 6 (1) a) of the GDPR).

Scope of the data processed: name, e-mail address, telephone number, number of press card, date of visit.

Retention period of the data: Until the completion of the data transfer.

Place of data processing: at the registered seat of the data controller, and the information technology devices to be found at the data processor.

Data storage method: electronic.

Data transfer: data transfer is made to the PR agency of the company, to ACG Reklámügynökség Kft. (registered seat: H-1027 Budapest, Henger utca 2. B. ép., Company registration number: 01-09-728297, www.acg.hu), which will contact the data subject in order to verify the data provided in course of the registration, and then will send a confirmation e-mail to data subject on behalf of Zwack.

Legal basis of the data transfer: the consent of the data subject, which data subject grants in course of the registration, in awareness of the present notice.

Data processors: a data processor is employed as follows:

Name: Silicium Network Informatikai Kft. info@siliciumnetwork.hu

Registered seat: H-1146 Budapest, Cházár A. utca 2. A ép. 3.em. 7.

Tax number: 23474178-2-42

The data processing activity carried by the data processor: operation of the website.

Possible consequences of failing to provide the data: the entry authorization free of charge is not ensured without preliminary registration.

• Cookies

Zwack hereby informs Users that the web server automatically saves small data files known as cookies (“Cookie”) onto the User’s Device while certain parts of the Website are being downloaded, and will later retrieve and read said Cookies. In certain cases, these data files are considered personal data as defined by the Privacy Act or the GDPR, as when a previously saved cookie is retrieved by the browser, this will enable the service provider controlling the cookie to link the User’s current visit to the previous ones, but only in regards to their own content.

During browsing, the Website will save a cookie called PHPSESSID on the User’s device. This cookie is necessary for the Website’s operation, allowing it to identify the User’s session until they leave the Website, and thereby to protect the User’s data. If you choose not to allow any cookies in your browser, including PHPSESSID, you will be unable to access the website application. Thus, this cookie does not require the User’s consent.

Purpose of data processing: to identify and distinguish between Users, to identify user sessions and store the resulting data, to prevent data loss, to identify Users, to conduct web analytics, to properly operate the Website, and to enhance the user experience.

The legal basis for data processing: the consent given by the data subjects, with the User giving their consent by clicking the OK (Rendben) button in the cookie warning pop-up, after proper notification has been given as described in this Policy. (In accordance with Article 5 (1) (a) of the Privacy Act and Article 6 (1) (a) of the GDPR.) Scope of the processed data: identification number, date, time, and the previously visited page.

The purpose of the individual Cookies, and their retention time:

Type of Cookie	Purpose of the use of Cookie	Retention time of Cookie	Is consent from the data subject required?
Session ID (cookie named PHPSESSID)	Session ID cookies make it possible for the Website to identify the User, so the User will not have to repeatedly enter their previously submitted identifying information.	This information is stored until the end of the current session. A session means the duration of a single visit by the User to the Website. Once the session is over, the collected data will no longer be accessible.	No, saving the cookie does not require consent from the data subject.
Cookie for storing information about the User’s age.	As per the relevant legislation, minors can not be shown advertisements for alcoholic products. Therefore, it is necessary to identify the age of the visitors even on the informative website. The website will save a cookie containing information on the User’s age, so that the User will not have to re-enter that information repeatedly if visiting the website multiple times a day.	1 day after the first visit to the website.	Yes, the data subject consents to the cookie by clicking on the Enter (Belépés) button.
Cookie for storing information about the User’s age.	As per the relevant legislation, minors can not be shown advertisements for alcoholic products. Therefore, it is necessary to identify the age of the visitors even on the informative website. The website will save a cookie containing information on the User’s age, so that the User will not have to re-enter that information repeatedly if visiting the website multiple times a day.	1 month after the first visit to the website.	Yes, the data subject consents to the cookie by clicking on the “Remember Me” (Emlékezz rám) button.

 

The User can accept or reject individual Cookies, or can choose to disable all Cookies through the appropriate setting in his or her browser. The method for doing this, as well as more information on Cookies, can be found at https://www.youronlinechoices.eu/. If the User chooses to disable Cookies, he or she will only gain limited access to certain sections of the Website, and some functions or services provided by the Website may not fully function.

Location of data processing: Silicium Network Informatikai Kft., the operator of the data processor’s website (info@siliciumnetwork.hu).

Method of data storage: electronic.

Data transfer: no data transfer takes place.

Data processors: the following data processor with assist with data processing:

Name: Silicium Network Informatikai Kft.  info@siliciumnetwork.hu

registered office: 1146 Budapest, Cházár A. utca 2. A ép. 3.em. 7.

Reg. No.: 23474178-2-42

Data processing activity performed: operation of website.

Possible consequences if data is not provided: partial unavailability of website services, inaccuracy of analytics.

• Information regarding the use of the Website

We do not consider the data received by the Data Controller in the course of the data processing described in this section to be personal data. However, in the interest of full disclosure, we wish to note that the Data Controller uses system logging to collect and stores aggregate statistical information regarding user activities on the part of the Data Subject. This information cannot be used to personally identify the User. The logs include the IP address of the Data Subject’s computer, the time of access, user activities, and other information. The Data Controller shall not transfer this data to any third party, and may only use the logs for their own analytics, to improve the user experience, and for the technical development of their IT system.

• Age

We believe that the data collected by the Data Controller in the course of the data processing described in this section do not, in themselves, qualify as personal data, as they cannot be used to identify an individual. However, in the interest of full disclosure, we wish to note that in accordance with Section 4/A (1) of Act CVIII of 2001 on certain issues of electronic commerce activities and information society services (hereinafter referred to as “Act on E-Commerce”), access to the website is permitted only to Users who are at least 18 years of age. To verify that this condition is met, Users must provide their data of birth when visiting the website, in order to calculate their age. If the User chooses not to provide their date of birth, or the visitor is not yet 18 years old, according to the data provided, they are not granted any further access to the website. We wish to note, however, that this age-related information is not linked to any other data described in this policy, and can therefore not be used to identify any individual.

4. Links

We wish to call your attention to the fact that some links on the Website link to other sites. For any such external sites, the privacy policy and information provided by the site in question shall be applicable. Zwack has no control over the collection, storage, or processing of any personal data after the User clicks on an external link or the corresponding button.

5. Data security

Zwack fully respects all requirements for ensuring the security of personal data, and both Zwack and the authorized processor will take all applicable technical and organizational measures and establish all procedural rules necessary for meeting the privacy and data security regulations set out in the Privacy Act and the GDPR. Zwack takes appropriate measures to protect the data it processes against any unauthorized access, alteration, transfer, disclosure, deletion or destruction, or against any accidental destruction or damage.

During data processing, Zwack shall ensure

1. a) confidentiality: keeping information secure, so that only authorised persons may access it;
2. b) integrity: keeping both the information and the method of processing accurate and complete;
3. c) availability: ensuring that any authorised person will be able to access the required information when needed, and will have the necessary tools available to do so.

Zwack provides adequate protection for its IT systems and networks against computer fraud, espionage, fire and flood, as well as viruses and hacking attempts. The operator provides security through server- and application-level security procedures. Zwack monitors its systems, in order to keep a record of all security incidents and retain evidence of any security incident that may occur. In addition, its system monitoring also allows it to verify the effectiveness of the precautions used. Zwack enforces and verifies compliance with its information security measures, as per the provisions of the contracts with its data processors.

6. Rights of data subjects, exercising rights

All personal information provided by the Data Subjects to Zwack must be truthful, complete and accurate in all respects. Data subjects may request information regarding the processing of their personal data, may request rectification of their personal data, and may also exercise any of their following rights, except as regards data subject to mandatory data processing: erasure, withdrawal, portability, as well as the right to object. All such rights may be exercised in the ways described when the data is collected, or by contacting the data processor using the contact information provided above.

Rights of information:

Zwack takes appropriate measures to ensure that all information regarding their processing of data subjects’ personal data as referenced in Articles 13 and 14 of the GDPR, as well as all notifications and confirmations listed in Articles 15–22 and Article 34 are made available to said subjects in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

Data subjects may exercise their right to information using the contact information provided in Section 2 of this policy. At the data subject’s request, information may also be given verbally, after verification of their identity.

Right of access by the data subject:

The data subject shall have the right to obtain from the controller information as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; the envisaged period for which the personal data will be stored; the right to request rectification or erasure of personal data, or restriction of processing, or to object to such processing; the right to lodge a complaint with the supervisory authority; information regarding the source of the data; the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. If personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

Zwack shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. At the data subject’s request, Zwack shall provide the information in electronic form.

The data processor shall provide information within one month of the request’s submission.

Right to rectification:

The data subject may request the rectification of inaccurate personal data and the completion of incomplete personal data concerning him or her, if that data is processed by Zwack.

Right to erasure:

The data subject has the right to have Zwack erase the personal data concerning him or her without undue delay upon request where one of the following grounds applies:

• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
• the data subject objects to the processing, and there are no overriding legitimate grounds for the processing;
• the personal data have been unlawfully processed;
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• the personal data have been collected in relation to the offer of information society services.

The data in question may not be erased if its processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest, either in the area of public health or for archiving, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims.

Right to restriction of processing:

At the data subject’s request, Zwack shall restrict data processing where one of the following applies:

• the accuracy of the personal data is contested by the data subject, in which case the restriction shall apply for a period enabling Zwack to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
• the data subject has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.

If processing has been restricted, personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

Zwack shall inform data subjects before the restriction of processing is lifted.

Right to data portability:

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

 Right to object:

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or which is done for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. If an objection is made, the controller shall no longer process the personal data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If the data subject objects to processing for direct marketing purposes, their personal data shall no longer be processed for such purposes.

Automated individual decision-making, including profiling:

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This right shall not apply if the data processing:

• is necessary for entering into, or performance of, a contract between the data subject and a data controller;
• is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
• is based on the data subject’s explicit consent.

Right to withdrawal:

The data subject has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Rules of procedure:

The controller shall provide information on action taken on a request under Articles 15 to 22 of the GDPR to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Zwack shall provide the requested information and other communications free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

The controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in an electronic form.

Damages and compensation:

Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered. The data processor shall be liable for the damage caused by processing only where it has not complied with obligations of this Regulation specifically directed to processors or where it has acted outside or contrary to lawful instructions of the controller. Where more than one controller or processor, or both a controller and a processor, are involved in the same processing and where they are responsible for any damage caused by processing, each controller or processor shall be held liable for the entire damage in order to ensure effective compensation of the data subject. A controller or processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

 

Data processing authority proceedings:

The data subject is entitled to submit a complaint to the National Authority for Data Protection and Freedom of Information (NAIH) regarding the processing of his or her personal data.

Name: National Authority for Data Protection and Freedom of Information (NAIH)

Registered office: 1055 Budapest, Falk Miksa utca 9-11.

Mailing address: 1374 Budapest, Pf. 603.

Telephone: +36-1-391-1400

Fax: +36-1-391-1410

Email: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

Right to legal action:

In the event that the data subject’s rights are violated, they have the right to legal action against the data controller, independently of any submitted complaints. The court shall expedite any such cases.

7. Contact

If a User wishes to contact Zwack, they can do so using the data controller’s contact information, provided in Section 2 of the policy.