Sparring Partner In Business Ltd. (Registered office: 1061 Budapest, Paulay Ede street 26. 2. flr. 8.; Company registration number: 01-09-407054; Tax number: 32108860-2-41; Represented by: Zoltán Kaprinay, Managing Director), as data controller (“Data Controller”), processes the personal data of visitors (“Data Subjects”) of the websites operated under the domains www.kaprinay.com and sparringpartner.business (collectively: “Website”) in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”) and Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (the “Infotv.”).
Contact details of the Data Controller:
Email: datacontroller@kaprinay.com
Phone: +36 70 430 1202
Postal address: 1061 Budapest, Paulay Ede street 26. 2. flr. 8.
1.1. The terms used in this privacy policy shall be understood as defined in the Infotv. and the GDPR.
1.2. Data of the Data Subjects that are publicly available in connection with their business activities (name, registered office, tax number, registration number, company registration number) are not considered personal data, thus the data processing activities described in this privacy policy do not apply to these data.
The Data Controller informs the Data Subject about the scope of data processed, the source of the data, the legal basis and duration of the data processing, as well as the recipients of the personal data, the data processors, and the details of the transfer of data to third countries and profiling for each data processing purpose as follows:
2.1. Data processing purpose: Contact through the Website
The Data Controller provides the visitors of the Website with the opportunity to contact the Data Controller using the contact form available on the Website. During the contact process, the Data Subject provides their name, email address, phone number, and other personal data as specified by the Data Subject. The purpose of the data processing is to enable the Data Controller to respond to the Data Subject’s inquiries, requests, and to establish contact with the Data Subject.
Scope of data processed | Source of data | Legal basis for processing | Duration of processing |
---|---|---|---|
Name, email address, phone number, and other personal data provided by the Data Subject | Data Subject | Consent of the data subject (GDPR Article 6 (1) a)) | Until the purpose is fulfilled or consent is withdrawn |
Transfer of data to third countries: does not occur
Profiling: does not occur
The Data Subject has the right to withdraw their consent for the processing of their data provided during contact at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
2.2. Data processing purpose: Newsletter subscription
The Data Controller provides visitors with the opportunity to subscribe to the newsletter. During the subscription process, the Data Subject provides their surname, first name, and email address. The purpose of the data processing is to inform the Data Subject about the services, news, and other relevant information of the Data Controller.
Scope of data processed | Source of data | Legal basis for processing | Duration of processing |
---|---|---|---|
Surname, first name, email address | Data Subject | Consent of the data subject (GDPR Article 6 (1) a)) | Until the purpose is fulfilled or consent is withdrawn |
Recipients and data processors: ConvertKit (www.convertkit.com)
Transfer of data to third countries: does not occur
Profiling: does not occur
The Data Subject has the right to withdraw their consent for the newsletter subscription at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
2.3. Data processing purpose: Appointment booking via Google Calendar
The Data Controller provides the Data Subjects with the opportunity to book appointments for consultations or other meetings via Google Calendar. During the booking process, the Data Subject provides their name, email address, phone number, and other information related to the booking. The purpose of the data processing is to enable the Data Controller to organize consultations and meetings and to communicate with the Data Subject regarding the appointments.
Scope of data processed | Source of data | Legal basis for processing | Duration of processing |
---|---|---|---|
Name, email address, phone number, other information related to the booking | Data Subject | Consent of the data subject (GDPR Article 6 (1) a)) | Until the purpose is fulfilled or consent is withdrawn |
Recipients and data processors: Google LLC (www.google.com)
Transfer of data to third countries: does not occur
Profiling: does not occur
The Data Subject has the right to withdraw their consent for the processing of their data provided during the booking process at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
2.4. Data processing purpose: Provision of web hosting services
The Data Controller uses web hosting services from DigitalOcean, LLC for the operation of the Website. During the provision of the web hosting service, the personal data of the Data Subject (e.g., IP addresses, log files) may be processed on the provider’s servers. The purpose of the data processing is to ensure the proper functioning of the Website and to protect the security of the Data Subjects.
Scope of data processed | Source of data | Legal basis for processing | Duration of processing |
---|---|---|---|
IP addresses, log files | Data Subject | Consent of the data subject (GDPR Article 6 (1) f)) | Until the purpose is fulfilled |
Recipients and data processors: DigitalOcean LLC (www.digitalocean.com)
Transfer of data to third countries: does not occur
Profiling: does not occur
The Data Controller ensures that the data protection measures of DigitalOcean, LLC comply with the GDPR requirements and guarantee the security of the Data Subject’s data.
The Service Provider may transfer data to third countries, including the United States. In such cases, the Service Provider certifies that Google LLC (and its wholly-owned U.S. subsidiaries) complies with the EU-U.S. Data Privacy Framework (DPF). These data privacy frameworks were established by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from EEA member states. Google remains responsible for any personal information it shares with third parties for external processing on their behalf under the Onward Transfer Principle, as described in their Privacy Policy’s „Sharing your information” section. For more information about the DPF, or to view Google’s certification, please visit the DPF website. https://policies.google.com/privacy?hl=en-US
When visiting the Data Controller’s website, cookies may be placed on the Data Subject’s computer. Some cookies are essential for the proper functioning of the Website, while others collect information about the use of the Website to enhance the user experience. Some cookies disappear when the browser is closed, while others remain on the computer for a longer period.
The Data Controller uses the following cookies on the Website:
4.1. Cookies necessary for session management:
Session cookies are necessary for browsing the website and using its functions, ensuring the proper functioning and security of the website.
The session cookies used by the Website are as follows:
Cookie: elementor
Duration: Never
Description: This cookie is used by the website’s WordPress theme. It allows the website owner to modify or upload content in real-time.
Cookie: cookieyes-consent
Duration: 1 year
Description: This cookie is used by CookieYes. It remembers the users’ consent preferences to respect them on subsequent visits. It does not collect or store any personal data about visitors.
4.2. Cookies for activity analysis:
Cookies that analyze user activity help the Data Controller gather information about the Data Subject’s website usage habits to improve the Website.
The Website uses the following cookies for anonymous activity analysis:
Cookie: Google Analytics functions
Duration: 2 years and 1 minute
Description: One function anonymously identifies users who have already visited our website. This cookie is valid for 2 years from the visit. Another function prevents too much data from being supplied to the anonymous statistics collecting system in a short time. This function is valid for 1 minute from the visit.
Cookie: pys_session_limit
Duration:Never
Description: This cookie is set by the PixelYourSite plugin to manage the analytical services.
Cookie: pys_start_session
Duration:Never
Description:This cookie is set by the PixelYourSite plugin to manage the analytical services.
4.3. Advertising cookies:
Advertising cookies are used to select advertisements that the visitors are interested in and enable the Data Controller to display such advertisements on third-party websites. They also help measure the performance of our campaigns based on the information gathered.
The website uses the following advertising cookies:
4.4 Other cookies
Cookie: pbid
Duration: 6 months
Description:Currently not available.
4.5. Detailed information on how to set cookie preferences in various browsers can be found at the following links:
Chrome Chrome Support
Edge Microsoft Edge Support
Safari Safari Support
Personal data shall be:
6.1. Right to transparent information and communication
The Data Controller shall take appropriate measures to provide any information and any communication relating to processing to the data subject in a concise, transparent, intelligible, and easily accessible form, using clear and plain language. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
6.2. Right to information and access to personal data
At the time when personal data are obtained, the Data Controller shall provide the data subject with all of the following information:
6.3. Right of access by the data subject
The data subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to the personal data and the following information.
6.4. Right to rectification
The data subject shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
6.5. Right to erasure, right to be forgotten
The data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
6.6. Right to restriction of processing
The data subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:
6.7. Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
In exercising his or her right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
6.8. Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
6.9. Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
7.1. In the event of an incident resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed (data protection incident), the Data Controller undertakes to report it without delay and, if possible, not later than 72 hours after becoming aware of the data protection incident, to the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11.; phone: +36-1-391-1400; email: ugyfelszolgalat@naih.hu; website: www.naih.hu) as the competent supervisory authority. The reporting obligation is exempted if the data protection incident is unlikely to result in a risk to the rights and freedoms of natural persons.
7.2. If the data protection incident is likely to result in a high risk to the rights and freedoms of natural persons, the Data Controller shall communicate the data protection incident to the data subject without undue delay, providing clear and understandable information about the nature of the data protection incident.
7.3. The Data Controller informs the Data Subject that in case of a violation of their data protection rights, they may file a complaint with the NAIH or seek legal remedy through a court. The Data Subject is also entitled to initiate proceedings before the competent court based on their place of residence or domicile.
7.4. If the Data Controller unlawfully processes the Data Subject’s data or breaches data security requirements, causing damage to another person, the Data Controller is liable to compensate for the damage. If such conduct violates the Data Subject’s personality rights, the Data Subject may claim damages. The Data Controller is exempt from liability for the damage and from the obligation to pay compensation if it proves that the damage or violation of the Data Subject’s personality rights was caused by an unavoidable external cause beyond the scope of data processing.
7.5. The Data Subject may seek legal remedy with the following authority: National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11.; phone: +36-1-391-1400; email: ugyfelszolgalat@naih.hu; website: www.naih.hu).
7.6. In case of a violation of the Data Subject’s rights, they are entitled to seek legal remedy through the courts.
8.1. The Data Controller undertakes to verify the accuracy of the data provided by the Data Subject during contact with the Data Controller to keep the data up-to-date, but not more frequently than once every 3 (three) years. In this context, the Data Controller may contact the Data Subjects for data reconciliation purposes. The Data Controller draws the Data Subject’s attention to the fact that the Data Subject is solely responsible for the accuracy, authenticity, and correctness of the personal data provided by them. If the Data Subject provides false or inaccurate data to the Data Controller, they are solely responsible for any damage resulting therefrom.
8.2. The Data Controller also excludes liability for personal data voluntarily provided by the Data Subject without request. Data Subjects must ensure that they have the consent of third parties and the authorization to process and transfer their personal data.
9.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
Budapest, 31 May 2024
Sparring Partner in Business Ltd.