I Purpose
1 The timi.hu website and the TiMi mobile application are both operated by Miskolc Holding Zrt. (address: H-3530 Miskolc, Petőfi u. 1-3.; tax identification number: 13778749-2-05, company registration number: 05-10-000406) hereinafter referred to as Data Manager or Company) requires preliminary registration for the use of the free services. Registration for this service requires personal data.
2 The purpose of this Policy is to lay down the data protection and data handling principles, which the Company recognises as obligatory to itself and are applicable for the handling of personal data provided on the timi.hu website and in the TiMi mobile application.
3 This Policy is based on the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as Privacy Act) and Act V of 2013 on the Civil Code (hereinafter referred to as Civil Code).
II Principles of Data Handling
1 Data Manager manages all data getting into its possession in compliance with the Hungarian and EU legislation on the handling of personal data, as in force from time to time, confidentially and solely for the purposes of providing the services in question.
2 In the course of its data handling, the Data Manager arranges for a fair and lawful data handling, proportionally to the purpose of the data handling.
3 Data Manager makes the necessary security measures to protect personal data from accidental or unlawful destruction, accidental loss or unauthorised access, modification or dissemination.
III Scope of Personal Data handled
1. In the course of its data handling and according to the decision of the User, the Data Manager handles the following data of registered Users:
- full-style name
- email address
2. Data Manager does not verify personal data received. The person providing data is solely responsible for the adequacy of the data provided.
3. Any User providing an e-mail address also assumes the responsibility for his/her exclusive use of the services from that email address. Regarding this responsibility, any responsibility linked to any login using a given email address rests with the User who has registered the email address in question.
IV Legal Basis for Data Handling
1 Pursuant to Section 5(1)(a) of the Privacy Act, Data Handling takes place on the grounds of the voluntary statement of the Users based on the appropriate information herein, and that statement includes the expressed consent of the Users to the processing of their data provided during the use of the timi.hu website, the TiMi mobile application, and the data generated about them. The User provides his/her consent to data handling concurrently with the registration, by accepting this Privacy Policy.
2 Registration is voluntarily and takes place in light of the present data handling conditions. An automatic confirmation is sent about the registration to the email address provided.
3 Registration may be terminated at any time, by sending a cancellation message from the registered email address to the info@timi.hu email address.
4 Data provided during registration may be modified, specified by sending a modificatory message from the email address provided at registration to the info@timi.hu email address.
V Purpose and way of data handling
1 The Data Manager uses data provided at registration for the following purposes:
user identification
generation of user notification status reports for the user.
2 The Data Manager may not use personal data provided for purposes other than those specified herein. Unless otherwise compulsorily provided for by the law, personal data may be disclosed to third persons or the authorities solely on the basis of an official decision or the preliminary expressed consent of the User.
3 The Data Manager shall not make data handled in any form accessible to third persons (save for mandatory data reporting to any authority, court authorised by the law), and makes all reasonable measures to maintain the confidentiality of the data.
4 The Data Manager allows access to the data managed only to persons whose activity pursued under an employment contract or any other legal relationship is directly necessary to implement the purposes of data handling.
5 Processing of statistically aggregated data not including the name of the User concerned or any other data capable of his/her identification in any form is an exception from the provision in this Point and does thus not constitute Data Handling or Data Forwarding.
6 In any case where the Company wants to use data provided for any purpose other than that of the original data recording, then it is to notify the User thereof and obtain his/her relevant expressed consent thereto, and ensure him/her the possibility to prohibit such use.
7 The Company as Data Manager shall observe restrictions specified by the law during its data collection, recording and handling.
8 The Company assumes the obligation and arranges for the security of data, and makes the technical and organisational measures and establishes the procedural rules that ensure protection for the data recorded, stored and handled, and prevents their destruction, unauthorised use and unauthorised modification. It further assumes the obligation to call any third party whom it may forward or convey data to fulfil these obligations.
9 Data Manager blocks Personal Data if the person concerned requests that or if information available makes it presumable that any deletion would infringe the lawful interests of the person concerned. The so blocked Personal Data may be handled until the purpose of data handling that excluded the deletion of such Personal Data applies.
10 The User concerned and every other party whom the data was previously forwarded for Data Handling must be notified of the correction, blockage or deletion of the Personal Data handled. Notification may be omitted if this does not infringe the legitimate interests of the person concerned regarding the purposes of Data Handling.
VI Duration of the Data Handling
1 Personal Data provided by the User remain handled until the User unsubscribes from the services with his/her username. Unsubscription also ends the authorisation of the Data Manager to handle personal data and withdraw the consent of the User to data handling. Data Manager deletes personal data within 10 working days as from the date of unsubscription.
2 When the registration ends, data provided at registration are deleted from the active database. In order to fulfil its statutory obligation to prove the legal basis for data handling, the Data Manager keeps the following data after registration cancellation:
email address provided at registration
date and time of registration
date and time of registration cancellation
3 In case of unlawful, deceptive Personal Data or a crime committed by the User or any attack against the system, the Data Manager is entitled to immediately delete the data of the User concurrently with the cancellation of his/her registration, but, at the suspicion of a crime or civil liability, it is entitled to keep data for the duration of the relevant procedure.
4 Data recorded automatically and technically during the functioning of the system are kept by the system for the period justified to ensure the functioning of the system. The Company ensures that such automatically recorded data cannot be linked with any other personal data of the Users, save for cases made obligatory by the law. If the User withdraws his/her consent to the handling of his/her Personal Data with his/her unsubscription to the services, then his/her person will not be identifiable from the technical data, save for investigation authorities and specialists.
VII Disposition over personal data
1 After fulfilling a request to delete or modify Personal data, previous (deleted) data may not be restored.
2 The Users may request information on the handling of their Personal Data from the Company, as Data Manager, anytime in writing, by sending a registered letter or a registered letter with return receipt or an email to the info@timi.hu email address. The Company considers the request for information sent in a letter as authentic if the User is clearly identifiable by the request sent. The Data Manager considers any request for information sent in an email as authentic only if it is send from the registered email address of the User. The request for information may concern User data handled by the Data Manager, the source of such data, the purpose, legal basis, duration of Data Handling, the names and addresses of any Data Processers, any activities related to Data Handling and the recipients of the data of the User and their purpose in case of forwarding of Personal Data.
3 The Data Manager shall answer any questions concerning the Data Handling within 25 days as from the receipt of such question. If the request is sent by email, the date of receipt is the first working day following the sending of the email. If a request concerning the same topic is repeated within a year, then the Data Manager is entitled to the reimbursement of its costs.
VIII Data Forwarding
1 The Company, as Data Manager, is entitled and obliged to forward any Personal Data available to and duly stored by it to the appropriate authorities if any law or non-appealable authoritative obligation obliges it to forward such data. The Data Manager may not be held responsible for such Data Forwarding and its consequences.
2 If the Company hands over either the entire or a part of the operation or utilisation of the services available at the timi.hu website to a third person, then it may hand over all the data handled by it to this third person for further handling without requesting any separate consent. This Data Forwarding may not put the User into a situation more disadvantageous than that created by the data handling rules specified in the text of this Policy, as in force from time to time.
3 For the purposes of verifying the lawfulness of Data Forwarding and informing the person concerned, the Company shall keep data forwarding records.
IX External Providers
The timi.hu webpage uses Google Analytics, which is a web service of Google, Inc. in Delaware (registered office: 1600 Amphitheatre Parkway, Mountain View (California), CA 94043, USA (hereinafter referred to as “Google”). Google Analytics uses cookies, which are text files installed on the computers of the Users and helping control the user of the website. Cookies generate information about the use of the website by the Users (including their IP addresses as well), and this information is directly forwarded to and stored at the Google servers in the USA. Google uses this information to monitor the use of the website and makes reports on that and offers other services related to the use of the website and the internet. The User may reject the processing of data and information if he/she uses the appropriate configuration to block the cookies in his/her internet browser, this might however impact the functioning of the entire website. Using the website, the User consents to the processing of User information according to and for the purposes of the foregoing. The activities of Google are governed by Google’s own terms of use and privacy policy.
X Amendment of this Privacy Policy
1 The Company reserves the right to amend this Privacy Policy by its unilateral decision.
2 At the next login, the User may accept the provisions of the Privacy Policy as in force from time to time, and requesting the consent of the individual users is not further necessary.
XI Right of Objection, Enforcement of Rights
1 The person concerned may object the handling of his/her personal data, save for any data handling ordered by any law. The Data Manager is to review the objection within maximum 15 days and inform the petitioner about the decision.
If the objection is well-founded, then the Data Manager stops the data handling, including any further data recording and data forwarding, and blocks the data and informs every party whom it previously forwarded the personal data concerned by the objection of the objection.
2 Pursuant to the Privacy Act and Act V of 2013 (Civil Code) The User may enforce his/her rights at court, and may seek the assistance of the National Authority for Data Protection and Freedom of Information (1125 Budapest Szilágyi Erzsébet fasor 22/C; postacím: 1530 Budapest, Pf. 5.) in any issues related to Personal Data.
3 The colleagues of the Data Manager may be contacted with any issues and remarks related to data handling at the info@timi.hu email address.
XII Definitions:
1 Concerned Person
Any natural person either specified or identified by personal data or, directly or indirectly, identifiable, whose data are handled by the Company due to registration.
2 Personal Data
Any data that may be associated with the person concerned and any conclusion drawable from the data and concerning the Concerned Person.
3 Consent
Voluntary and defined expression of the concerned person, based on appropriate information, and by which he/she gives his/her unmistakable consent to the, complete or operation-specific, handling of any personal data concerning him/her.
4 Objection
Declaration of the Concerned Person by which he/she objects the handling of his/her personal data and requests the termination of data handling and the deletion of data handled.
5 Data Manager
Any natural or legal entity or organisation without legal personality, which defines the purpose of data handling either individually or together with others, makes and executes data handling decisions (including the means to be used), or has them executed by the data processer. As regards data handling covered hereby, the Company is the Data Manager.
6 Data Handling
Regardless of the procedure applied, the totality of any operation or operations executed on the data, thus particularly the collection, recording, systematisation, storage, modification, utilisation, querying, forwarding, disclosure, harmonisation or linking, blocking, deletion and destruction, and prevention of any further use of data, making of photographic, audio or video records, and the recording of physical characteristic capable of identifying any person (e.g. fingerprint, palmprint, DNS-sample, iris image).
7 Data Forwarding
Making data available to any specified third person.
8 Disclosure
Making data available to anybody.
9 Data Deletion
Making data unrecognisable in a way making restoration impossible any more.
10 Data Destruction
Complete physical destruction of any data carrier containing the data.
11 Data Processing
Execution of technical tasks related to data handling operations, regardless of the methods and means applied to execute such operations and the place of application, as long as the technical task is executed on the data.
12 Data Processer
The natural or legal entity or organisation without legal personality which handles data under their contract, including any contracting under any legislative provision.
13 Dataset
The totality of data handled within the same records.
14 Third Person
The natural or legal entity or organisation without legal personality, which is different from the person concerned, the data manager or the data processer.
