The purpose of this Privacy Policy (hereinafter referred to as the “Policy”) is to describe the data protection rules, procedures, and security measures applied by Milán Nagy e.v., as the Data Controller (hereinafter referred to as the “Controller”), during all data processing activities—particularly those carried out through the website operated by the Controller (coherencevisual.com, hereinafter referred to as the “Website”)—concerning all personal data acquired or managed within the Controller’s organization. In this Policy, the Controller also informs its clients, partners, and all natural or legal persons who are in any legally relevant relationship with the Controller and whose personal data are processed, about the rules governing personal data management, as well as the applied protective measures, procedures, and the manner of data processing.
1.2. Declaration
The Controller declares that it considers the provisions, regulations, and obligations set out in this Privacy Policy legally binding for itself and applies them in the course of its operations. Furthermore, the Controller declares that the data protection rules and procedures described and applied herein comply with the relevant national and European Union data protection legislation. The Controller also states that it considers the right to informational self-determination—especially regarding personal data—of paramount importance, and undertakes to take all possible organizational, operational, regulatory, and technological measures within its competence to ensure compliance with these rights.
1.3. Availability of the Privacy Policy
The most recent version of this Privacy Policy is always available at the following page: https://coherencevisual.com/privacy-policy/ The Controller may modify this Privacy Policy at any time, provided that the updated version is published and data subjects are duly informed. The Controller provides information regarding this Privacy Policy electronically. Any questions related to this Policy may be sent to the following email address: info@coherencevisual.com
2. Data of Service Providers
2.1. Data of the Data Controller
Company name: Milán Nagy e.v. Registered office: Hungary 7211 DALMAND, JÓKAI MÓR STREET 22 Mailing address: Hungary 7211 DALMAND, JÓKAI MÓR STREET 22 Tax number: 55362430-1-37 Phone number: +36 30 554 7337 Email address: info@coherencevisual.com The Controller stores data protection-related inquiries for one year.
2.2. Data of the Hosting Provider
Company name: Sybell Informatika Kft. Registered office: 1158 Budapest, Késmárk u. 7/b 2nd floor, Room 206 Tax number: 25859502-2-42 Phone number: +36 1 707 6726 Email address: info@sybell.hu Representative of the Controller: Ferenc Szilvágyi Data Protection Officer: Adrienn Gajdóczy
2.3. Data of the Newsletter Service Provider
Company name:Registered office:Email address:Website:
2.4. Data of the Billing Software Service Provider
Company name: NAV – National Tax and Customs Administration of Hungary Registered office: 1054 Budapest, Széchenyi u. 2. Representative name:Company registration number:Registering court: Metropolitan Court of Budapest Tax number:Phone number: +36 (1) 428-5100 Email: nav_kozpont@nav.gov.hu
3. Definitions
Data Processing: The performance of technical tasks related to data management operations, regardless of the method or means used for execution or the location of application, provided that the technical task is carried out on the data itself. Data Processor: Any natural or legal person, or an organization without legal personality, that processes data on the basis of a contract concluded with the Data Controller—including contracts concluded pursuant to legal provisions. Data Management / Data Processing Activity: Any operation or set of operations performed on data, regardless of the procedure applied, such as collection, recording, organization, storage, modification, use, retrieval, transmission, disclosure, alignment or combination, restriction, deletion, or destruction, as well as the prevention of further use of the data, and the recording of photo, sound, or video materials, and the registration of physical characteristics suitable for identifying a person (e.g., fingerprint, palm print, DNA sample, iris image). Data Controller: Any natural or legal person, or an organization without legal personality, which—alone or jointly with others—determines the purposes of data processing, makes and implements decisions regarding data processing (including the means used), or has them carried out by a data processor acting on its behalf. Data Transfer: Making data available to a specific third party. Data Deletion: Making data unrecognizable in such a way that its restoration is no longer possible. Data Restriction: Marking data with an identifier to restrict its further processing permanently or for a specified period. Cookie: When the Data Subject visits the Website, a small file called a cookie (hereinafter: cookie) is placed on their computer, serving various purposes. Some cookies are essential for the proper operation of the website (session cookies), while others collect information about website usage (statistics) to make the Website more convenient and useful. Some cookies are temporary and disappear when the browser is closed, while others are persistent and remain on the user’s computer for a longer period. For details, see: Annex No. 1 (Cookie Policy) Data Subject / User: Any identified or—directly or indirectly—identifiable natural person based on personal data. Third Party: Any natural or legal person, or organization without legal personality, that is not identical with the Data Subject, the Data Controller, or the Data Processor. Consent: A voluntary and explicit declaration of the Data Subject’s will, based on adequate information, by which the Data Subject gives their unambiguous agreement to the processing of their personal data—either in full or for specific operations. Special Category Data: Personal data revealing racial or ethnic origin, nationality, political opinions or party affiliation, religious or philosophical beliefs, membership in trade unions or representative organizations, sexual life, health status, pathological addiction, or criminal personal data. Visitor: A natural person who loads and views the coherencevisual.com website in their browser.
collect information about visitors and their devices;
remember individual settings of visitors that may be used, for example, when using online transactions, so that they do not need to re-enter them;
facilitate, simplify, make more convenient and smoother the use of the website;
eliminate the need to re-enter previously provided data;
generally improve the user experience.
By using cookies, the Data Controller performs data processing with the following main purposes:
user identification;
identification of individual sessions;
identification of devices used to access the Website;
storage of certain provided data;
storage and transmission of tracking and location information;
storage and transmission of data required for analytical measurements.
4.8.3. Cookies Used on the Website
A detailed description of cookies used on the Website is available at https://domain.hu/cookie-suti-tajekoztato/.
4.8.4. Options for Disabling Cookies and Setting Cookie Preferences
The Data Subject has the option to set rules regarding certain types of cookies, e.g., not using cookies, disabling cookies, etc., through the appropriate settings of their browser. Information on how to selectively or generally disable cookies can be found in the “Help” menu of the respective browser. Most browsers provide a “Help” function in their menu bar, which offers guidance on how to:
disable cookies entirely;
set how cookies are accepted (automatic acceptance, ask for each cookie, etc.);
disable cookies individually;
delete cookies individually or in bulk;
perform other cookie-related operations.
4.8.6. Further Information on Cookies
Additional information about cookies used on the Website can be found in the Cookie Policy: https://domain.hu/cookie-suti-tajekoztato
5. Data Management Policies and Applicable Laws
5.1. General Data Management Principles
The Data Controller handles personal data in the Data Management activities listed in Section 4 of this Privacy Policy exclusively for the purposes stated therein and based on the legal grounds specified, in accordance with the laws listed in Section 5.2. Personal data is processed based on legitimate interest, legal obligation, or the voluntary consent of the Data Subject. Consent can be withdrawn by the Data Subject at any time. In certain cases, due to legal obligations or extraordinary conditions, the Data Controller may be required to process, transfer, or store certain personal data differently than described in the Data Management activities. In such cases, the Data Controller ensures that Data Subjects are notified, insofar as the applicable law allows or does not explicitly prohibit such notification.
5.2. Laws Providing the Legal Basis for Data Processing
The Data Controller processes personal data based on the following laws:
Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016);
Act V of 2013 on the Civil Code;
Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: Infotv.);
Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services (particularly §13/A);
Act XLVII of 2008 on the Prohibition of Unfair Commercial Practices Against Consumers;
Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity (particularly §6);
Act XC of 2005 on Electronic Freedom of Information;
Act C of 2003 on Electronic Communications (particularly §155);
Opinion No. 16/2011 on Best Practices for Behavioral Online Advertising based on EASA/IAB recommendations;
6. Data Storage and Security
6.1. Method of IT Storage and Logical Security of Data
The Data Controller primarily processes personal data on a properly established and secured IT system. During the operation of the IT system, the Data Controller ensures an adequate level of information security for the stored, processed, and transmitted data, including:
Integrity: ensuring the authenticity and immutability of the data;
Confidentiality: access is limited to authorized persons, within their scope of authorization;
Availability: data is accessible and available to authorized persons for the expected duration, with the necessary IT infrastructure ready for use.
The Data Controller protects the data through a structured system of:
organizational and operational measures,
physical security measures,
information security measures.
The system and level of protection of individual measures are designed and operated proportionally to the risks posed to the data. The protective measures primarily aim to prevent accidental or intentional deletion, unauthorized access, intentional or malicious disclosure, accidental disclosure, data loss, and data destruction.
7. Data Transfer, Data Processing, and Authorized Parties
Data may primarily be accessed by the Data Controller and its internal staff in accordance with authorization rules, the authorization system, and other internal regulations. Certain tasks related to data may be performed by third-party Data Processors. The Data Controller does not publish data beyond the parties listed above and does not transfer it to other third parties.
Company Name
The Data Controller provides the Data Subject with one copy of the personal data subject to processing. The Data Controller may charge a reasonable fee based on administrative costs for any additional copies requested by the Data Subject. If the request was submitted electronically, the Data Controller provides the information in a widely used electronic format – unless the Data Subject requests otherwise – within a maximum of 30 days from the submission.
8.4. Right to Rectification (GDPR Article 16)
The Data Subject has the right to request that the Data Controller rectify inaccurate personal data concerning them without undue delay and has the right to request the completion of incomplete personal data, taking into account the purpose of processing.
8.5. Right to Erasure (GDPR Article 17)
The Data Subject has the right to request the Data Controller to delete personal data concerning them without undue delay. The Data Controller is obliged to erase the personal data concerning the Data Subject at the earliest possible time, but no later than 5 business days, if any of the following grounds apply:
The data were processed unlawfully (without legal authorization or personal consent);
The personal data are no longer necessary for the purpose for which they were collected or otherwise processed;
The Data Subject withdraws their consent that forms the basis of the processing, and there is no other legal ground for processing;
The Data Subject objects to the processing, and there is no overriding legitimate ground for the processing;
The personal data have been unlawfully processed;
The personal data must be erased to comply with a legal obligation under EU or Member State law applicable to the Data Controller;
The personal data were collected in connection with offering information society services to the Data Subject.
Data deletion may not be requested if further processing is necessary for:
compliance with a legal obligation under EU or Member State law applicable to the Data Controller;
exercising the right to freedom of expression and information;
public interest;
archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes;
performance of a task carried out in the exercise of official authority vested in the Data Controller;
reasons of public health;
establishing, exercising, or defending legal claims.
8.6. Right to Restriction of Processing (Article 18)
The Data Subject may request the Data Controller to restrict processing if any of the following apply:
The accuracy of the personal data is contested by the Data Subject, in which case the restriction applies for the period enabling the Data Controller to verify the accuracy of the data;
The processing is unlawful, and the Data Subject opposes erasure and requests restriction instead;
The Data Controller no longer needs the data for the purpose of processing, but the Data Subject requires their storage for the establishment, exercise, or defense of legal claims; or
The Data Subject has objected to processing, in which case the restriction applies until it is determined whether the Data Controller’s legitimate grounds override those of the Data Subject.
If the Data Controller imposes a restriction on any personal data, during the restriction period, the Data Controller may process the data only:
with the Data Subject’s consent;
for the establishment, exercise, or defense of legal claims;
for the protection of the rights of another natural or legal person;
for reasons of public interest;
for reasons of important public interest of the Union or a Member State.
8.7. Right to Data Portability (Article 20)
The Data Subject has the right to receive personal data concerning them, which they provided to the Data Controller, in a structured, commonly used, and machine-readable format, or to request that the Data Controller transmit those data to another data controller. The Data Controller shall fulfill the request without undue delay and at the latest within 30 days.
8.8. Right to Object (Article 21)
The Data Subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them, including profiling based on the provisions mentioned above. In such cases, the Data Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the Data Subject, or for the establishment, exercise, or defense of legal claims.
8.9. Rights Related to Automated Decision-Making and Profiling (Article 22)
The Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This right does not apply if:
the processing is necessary for the conclusion or performance of a contract between the Data Subject and the Data Controller;
the Data Subject has explicitly consented to such processing;
its application is authorized by law;
it is necessary for the establishment, exercise, or defense of legal claims.
8.10. Right to Lodge a Complaint
The Data Subject may lodge a complaint regarding any data processing activity of the Data Controller. If the Data Subject considers that their rights have been violated in the course of processing their personal data, they are entitled to contact the data protection authority of their country and may also turn to a court to file a complaint against the Data Controller’s data protection practices. The following options are available:
Contact the Data Controller directly via post or e-mail.
File a complaint with the supervisory authority, the Hungarian National Authority for Data Protection and Freedom of Information [NAIH]. Contact details: Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c, Phone: 06-1-391-1400, Email: ugyfelszolgalat@naih.hu
Turn to a court in case of unlawful processing of their data or violation of data security requirements. According to legislation, the Data Subject may be entitled to compensation and redress. Information about court jurisdiction and contacts is available at: www.birosagok.hu
Please feel free to contact us via the provided contact options before lodging a complaint with the relevant data protection authority.
8.11. Right to Withdraw Consent
The Data Subject has the right to withdraw, in writing, their consent to the processing of their personal data by the Data Controller at any time. In such cases, the Data Controller shall promptly and permanently delete all personal data processed concerning the Data Subject, unless further storage is required by law or necessary for the exercise or defense of legal claims. The lawfulness of processing carried out until the withdrawal of consent is not affected by the withdrawal.
9. Data Storage Methods and Security
The Data Controller stores the data it manages – in both paper and electronic forms – at its premises. An exception to the above is data stored by the Data Controller’s data processors, which are stored at the data processors’ premises. The Data Controller uses an IT system that ensures the data:
remain unchanged (data integrity);
are authentic (authenticity of data processing);
are accessible to authorized persons (availability);
are protected against unauthorized access (confidentiality).
The protection of data specifically covers:
unauthorized access;
modification;
transmission;
deletion;
disclosure;
accidental damage;
accidental destruction;
loss of accessibility due to changes in technology.
For electronically processed data, the Data Controller applies solutions providing adequate security according to the state of technology. Particular attention is paid to the level of risk arising during data processing at the Data Controller. IT protection ensures that stored data cannot be directly associated with or linked to data subjects (except where allowed by law). The Data Controller ensures that:
authorized persons can access data when needed;
only authorized persons can access information;
the accuracy and completeness of information and processing methods are protected.
The Data Controller, and any engaged data processors, ensure protection against fraud, espionage, viruses, intrusion, damage, and natural disasters. The Data Controller (or data processor) implements server-level and application-level security procedures. Messages transmitted to the Data Controller via the Internet are exposed to network threats that may lead to modification, unauthorized access, or other illegal activities. The Data Controller takes all reasonable technical measures to mitigate such threats. The systems are monitored to record security deviations, gather evidence of security events, and evaluate the effectiveness of precautions.
10. Procedural Rules
If the Data Controller receives a request under GDPR Articles 15–22, it shall respond in writing as soon as possible, but no later than 30 days, informing the Data Subject of the measures taken. If the complexity of the request or other objective circumstances justify it, the above period may be extended once, for a maximum of 60 days. The Data Controller shall notify the Data Subject in writing of the extension, providing justification. The information is provided free of charge, except if:
the Data Subject requests information/measures repeatedly without substantial change;
the request is clearly unfounded;
the request is excessive.
In the cases under point (3), the Data Controller may:
refuse the request;
make fulfillment of the request conditional upon reasonable payment of fees.
If the Data Subject requests data on paper or electronic media (CD or DVD), the Data Controller provides one copy free of charge (unless technically unfeasible). For any additional copies, an administrative fee of HUF 500 per page/CD/DVD applies. The Data Controller informs all persons previously provided with the Data Subject’s data about corrections, deletions, or restrictions, except when notification is impossible or requires disproportionate effort. Upon request, the Data Controller provides information about which persons the data have been transmitted to. Responses to requests are provided electronically, except if:
the Data Subject explicitly requests a different format, and it does not cause unreasonable additional costs;
the Data Controller does not know the Data Subject’s electronic contact.
11. Compensation
If any Data Subject suffers material or non-material damage due to violation of data protection laws, they are entitled to compensation from the Data Controller and/or Data Processor. If both the Data Controller and Data Processor(s) are involved in the violation, they are jointly liable. The Data Processor is liable only if it violated specific data protection obligations assigned to processors or if the damage resulted from ignoring the Data Controller’s instructions. The Data Controller and any data processors are liable only if they cannot prove that they were not responsible for the event or circumstances causing the damage.
12. Legal Remedies
12.1. Available Remedies
If the Data Subject has concerns or problems regarding the Data Controller’s data processing, they may request information, legal remedy, or lodge a complaint via the contact details provided in section 2.2. If unresolved, the Data Subject is entitled to go to court or contact the National Authority for Data Protection and Freedom of Information.
12.2. National Authority for Data Protection and Freedom of Information (NAIH) Contact
Name: National Authority for Data Protection and Freedom of Information (NAIH) Address: 1055 Budapest, Falk Miksa utca 9-11 Mailing Address: 1363 Budapest, Pf.: 9 Phone: +36 (1) 391-1400 Fax: +36 (1) 391-1410 Email: ugyfelszolgalat@naih.hu Website: http://www.naih.hu
13. Cooperation with Authorities
The Data Controller may be obliged to disclose data upon request by authorities or other organizations based on legal obligations. In such cases, the Data Controller strives to disclose only the minimum and necessary personal data required by the request.
14. Scope and Effectiveness of the Privacy Policy
This Privacy Policy has been in effect since July 29, 2019, by publication on www.coherencevisual.com, with amendments effective from March 18, 2022. The Privacy Policy may change following amendments to applicable laws. The Data Controller reserves the right to modify the Privacy Policy at any time within the limits of applicable legislation. Any changes are communicated to Data Subjects in accordance with GDPR transparency principles. The Data Controller publishes the current version of this Privacy Policy on its website.
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
