Ripassa Zrt. (Registered Office: 4002 Debrecen, Szekeres utca 15, hereinafter, service provider, data controller) as data controller, recognizes the content of this legal notice as binding upon itself. It undertakes that all data processing related to its activities complies with the requirements set out in this policy and in the current national legislation, as well as in the legal acts of the European Union.
The data protection guidelines arising in connection with the Data Controller's data processing activities are continuously available at https://ripassa.hu/en/privacy-statement.
The Data Controller reserves the right to change this information notice at any time. Naturally, it will notify its audience of any changes in due time.
If you have any questions related to this notice, please write to us, and our colleague will answer your question.
The Data Controller is committed to protecting the personal data of its clients and partners, and considers it of utmost importance to respect its clients' right to informational self-determination. The Data Controller treats personal data confidentially and takes all security, technical, and organizational measures that guarantee the security of the data.
The Data Controller describes its data processing practices below.
If you wish to contact our Company, you can contact the data controller at info@ripassa.hu.
The Data Controller deletes all emails received, along with the personal data they contain, no later than 6 years after the data was provided.
The Data Controller selects and operates the IT tools used for processing personal data during the provision of the service in such a way that the processed data:
The Data Controller protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and against accidental destruction.
The Data Controller ensures the security of data processing with technical, organizational, and structural measures that provide a level of protection appropriate to the risks associated with the data processing.
During data processing, the Data Controller preserves:
For the purpose of customized service, a small data packet, a so-called cookie, is placed on the user's computer and read back during a subsequent visit. If the browser returns a previously saved cookie, the service provider handling the cookie has the opportunity to link the user's current visit with previous ones, but only in relation to its own content.
The data storage period of the respective cookie, more information is available here:
The legal basis for data processing is your consent, pursuant to Article 6(1)(a) of the Regulation.
Strictly necessary cookies: These cookies are essential for the use of the website and allow the use of the website's basic functions. Without them, many features of the site will not be available to you. The lifespan of these types of cookies is limited exclusively to the duration of the session.
Cookies that improve the user experience: These cookies collect information about the user's website usage, for example, which pages they visit most often, or what error message they receive from the website. These cookies do not collect information that identifies the visitor, meaning they work with completely general, anonymous information. The data obtained from these is used to improve the performance of the website. The lifespan of these types of cookies is limited exclusively to the duration of the session.
Third-party cookies (analytics)
Google Adwords cookie: When someone visits our site, the visitor's cookie ID is added to the remarketing list. Google uses cookies – such as NID and SID cookies – to customize ads in Google products, such as Google Search. It uses such cookies, for example, to remember your most recent searches, your previous interactions with individual advertisers' ads or search results, and your visits to advertisers' websites. The AdWords conversion tracking feature uses cookies. To track sales and other conversions resulting from an ad, it saves cookies to the user's computer when that person clicks on an ad. Some common applications of cookies are: selecting ads based on what is relevant to a particular user, improving reports on campaign performance, and avoiding the display of ads that the user has already seen.
Google Analytics cookie: Google Analytics is Google's analytics tool that helps website and application owners get a more accurate picture of their visitors' activities. The service may use cookies to collect information and report on website usage statistics without individually identifying visitors to Google. The main cookie used by Google Analytics is the "__ga" cookie. In addition to reports generated from website usage statistics, Google Analytics – along with some of the advertising cookies described above – can also be used to show more relevant ads in Google products (like Google Search) and across the web.
Remarketing cookies: May appear to previous visitors or users when browsing other sites on the Google Display Network or searching for terms related to its products or services.
Session cookie: These cookies store the visitor's location, browser language, and payment currency. Their lifespan is until the browser is closed, or a maximum of 2 hours.
Mobile version, design cookie: Detects the device used by the visitor and switches to full view on mobile. Its lifespan is 365 days.
Cookie acceptance cookie: Upon arrival at the site, in the warning window, you accept the statement on the storage of cookies. Its lifespan is 365 days.
Facebook pixel (Facebook cookie): The Facebook pixel is a code with which reports on conversions can be created on the website, target audiences can be compiled, and the site owner receives detailed analytical data about the visitors' use of the website. With the help of the Facebook pixel, personalized offers and advertisements can be displayed to the website's visitors on the Facebook interface. You can study Facebook's data processing policy here: https://www.facebook.com/privacy/explanation
If you do not accept the use of cookies, certain functions will not be available to you. You can find more information about deleting cookies at the following links:
The Data Processor, based on its contract with the Data Controller, participates in sending out newsletters. In doing so, the Data Processor processes the data subject's name and email address to the extent necessary for sending the newsletter.
Subscription and unsubscription to the newsletter is available online on the www.ripassa.hu website, on the ripassa.hu Facebook page, and in the outgoing newsletters. Visitors to ripassa.hu can subscribe during their visit, and visitors to any event where ripassa.hu staff are present can also subscribe to the newsletter.
It is possible to unsubscribe at any time by clicking the unsubscribe button in the newsletter or by sending an email to the info@ripassa.hu email address.
The data processing activities of the Data Controller are based on voluntary consent or legal authorization. In the case of data processing based on voluntary consent, data subjects may withdraw this consent at any stage of the data processing.
In certain cases, the processing, storage, and transmission of a range of the provided data is made mandatory by law, of which we notify our clients separately.
We draw the attention of data providers to the Data Controller that if they do not provide their own personal data, it is the duty of the data provider to obtain the consent of the data subject.
Its data processing principles are in accordance with the current legislation on data protection, in particular with the following:
Your personal data (i.e., data that can be associated with your person) may come into our possession in the following ways: on the one hand, in connection with maintaining the internet connection, technical data related to the computer, browser program, internet address you use, and the pages visited are automatically generated in our computer system; on the other hand, you can also provide your name, contact details or other data if you wish to get in personal contact with us during the use of the website.
Data technically recorded during the operation of the system: the data of the data subject's login computer, which are generated during login, system use, and logout, and which are recorded by the Google, Facebook, and Mailerlite systems as an automatic result of technical processes. The automatically recorded data is automatically logged by the system upon entry or exit without any separate declaration or action from the data subject. This data cannot be linked with other personal user data, except in cases made mandatory by law. Only the Data Controller and the company operating the newsletter system, which is also the Data Processor, have access to the data.
The Data Processor, based on its contract with the Data Controller, participates in the registration of newsletter recipients. In doing so, the Data Processor processes the data subject's name and email address within the civil law statute of limitations.
Within the duration of the data processing, you are entitled to the following rights according to the provisions of the Regulation:
If you wish to exercise your rights, this will involve your identification, and the Data Controller will necessarily have to communicate with you. Therefore, for identification purposes, you will need to provide personal data (but identification can only be based on data that the Data Controller already processes about you), and your complaint regarding data processing will be available in the Data Controller's email account within the time period specified in this information notice for complaints.
The Data Controller will respond to complaints related to data processing within 30 days at the latest.
The Data Controller shall take appropriate measures to provide data subjects with all information referred to in Articles 13 and 14 of the GDPR and any communication under Articles 15 to 22 and 34 relating to processing in a concise, transparent, intelligible and easily accessible form, using clear and plain language.
You have the right to obtain confirmation from the Data Controller as to whether or not personal data concerning you are being processed, and, where that is the case, you have the right to:
The purpose of exercising the right may be to establish and verify the lawfulness of the data processing, therefore, in case of repeated requests for information, the Data Controller may charge a reasonable fee in exchange for providing the information.
Access to personal data is ensured by the Data Controller by sending the processed personal data and information to you via email after your identification. If you have a registration, we provide access in a way that you can view and check the personal data processed about you by logging into your user account.
Please indicate in your request whether you are requesting access to personal data or information related to data processing.
You have the right to have inaccurate personal data concerning you rectified by the Data Controller without undue delay upon your request.
The data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies:
Erasure of data cannot be initiated if the processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health, or for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims.
At the request of the data subject, the Data Controller restricts data processing if one of the following conditions is met:
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the data processing is carried out in an automated manner, or if the data processing is based on your voluntary consent, you have the right to request from the Data Controller to receive the data you have provided to the Data Controller, which the Data Controller will make available to you in XML, JSON, or CSV format, and if it is technically feasible, you can request that the Data Controller transfer the data in this form to another data controller.
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In case of an objection, the controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
The data subject has the right to withdraw his or her consent at any time.
In the event of a violation of his or her rights, the data subject may turn to a court against the data controller. The court shall act on the matter out of turn.
Complaints can be lodged with the National Authority for Data Protection and Freedom of Information:
We will provide information on data processing not listed in this information notice at the time the data is collected.
We inform our clients that a court, the prosecutor, the investigating authority, the offence authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies based on the authorization of law may contact the data controller to provide information, communicate or transfer data, or to make documents available.
The Data Controller shall only disclose personal data to the authorities – if the authority has specified the precise purpose and scope of the data – to the extent and in the amount that is indispensable for achieving the purpose of the request.
This document contains all relevant data processing information regarding the operation of the website and the newsletter system, based on the European Union's General Data Protection Regulation 2016/679 (hereinafter: Regulation. GDPR) and Act CXII of 2011 (hereinafter: Infotv.).