Privacy Policy

Privacy policy
For visitors to the vamosandalucia.com website

Vamos Andalucia Kft. (seat: 1061 Budapest, Paulay Ede utca 26., registration number: 01-09-425848, tax number: 32470952-2-42, represented by Kaprinay Zoltán managing director) as data controller (‘Vamos Andalucia’ or ’Data Controller’) respects the personal rights of the data subjects (’Data subject’ or ‘User’), especially the data protection rights determined by the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (’GDPR’) and the Data Protection Act 1998 (’DPA’). Data controller undertakes to apply these laws and expresses to be bound by these provisions.

I. The basic principles for data processing

Personal data shall be:

  1. processed lawfully, fairly and, in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
  7. The controller shall be responsible for, and be able to demonstrate compliance with, the principles of data processing (‘accountability’).

II. Data Controller

Details of controller:


Name: Vamos Andalucia Kft.
Seat: 1061 Budapest, Paulay Ede utca 26.
Registration number: 01-09-425848
email: info@vamosandalucia.com/ vamosandaluciacom@gmail.com

III. The purpose and legal title of data processing

The Data Controller uses the personal data provided by the Data Subjects solely for the following purposes:

     a, To provide access to the services (‘Services’);
     b, Marketing of Services offered, increasing recognition, reputation; send newsletter
     c, Relationship management.

The Data Controller process the personal data of the Data subject on the basis of the consent of the Data subject (GDPR Article 6 (1) a)).

IV. Scope of personal data processed

The scope of personal data processed:

     (i) surname and first name,
     (ii) email address
     (iii) phone number

Data Controller receives the personal data directly from the Data subject.

V. Cookie Policy

When visiting the Data Controller’s website, the Data Subject’s browser may store a cookie. Some of the cookies used by us are indispensable for the proper operation of the site, while others collect information related to its use, allowing to upgrade the site to offer more convenient services. Temporary or “session cookies” are erased when the browser is closed while “permanent cookies” stay in your browser for a longer time.


Cookies used by the Data Controller:


Session cookies


“Session cookies” facilitate browsing our site and using its functions. Among others, they store the actions taken on the site related to a function or service. Without the use of “session cookies” the site’s operation cannot be guaranteed. Their term of authorisation is limited to the duration of the visit; “session cookies” expire whenever the Data Subject ends the session or closes the browser.


The website uses the following session cookies:

  • […….]: a “technical cookie” recording the session identifier

This cookie helps the content manager to treat the user’s site visits as an uninterrupted workflow to ensure that specific key functions, such as registration and log in, run smoothly. With the closing of the browser these cookies are erased from the computer.


Performance cookies


Performance cookies gather information about how the Data Subject uses the website in order to be able to improve the website, its functions and services to suit the needs of the visitors to offer them high quality, user-friendly experience.


The following cookies analyse anonymously the user activities of the website:

  • Google Analytics functions

One of its functions is to identify anonymously users who already visited our website. It is valid for 2 years from the visit.
Another function prevents the supply of too many data to the system collecting anonymous statistics in a short time. This function is valid for 1 minute from the visit.

For detailed information about the service follow this link:
https://www.google.com/analytics/terms/us.html

Certain performance cookies gather not only anonymous information during the analysis with the objective similar to that of the performance cookies although in order to prevent having access to personal data the Data Controller apply technical devices and measures (e.g., data masking) yet all obtained information is used for an anonymous analysis of the visitors’ behaviour.

  • [……]


Analyzes the information derived from the usage preferences of pointer devices (mouse) of the user.


Further information is available at:
[…..]

Advertising cookies


Advertising cookies are used to select advertisements that the visitors are interested in and enable the Data Controller to display such advertisements on the websites of third parties to them. They also help measure the performance of our campaigns based on the information gathered with them.


The website uses the following advertising cookies:

  • Google Adwords

For detailed information about the service follow this link:
https://www.google.com/intl/hu/policies/privacy

  • Facebook


For detailed information about the service follow this link:
(https://www.facebook.com/policies/cookies/)

  • TikTok


For detailed information about the service follow this link:
https://www.tiktok.com/legal/page/eea/privacy-policy/en

 

Follow the following links for detailed information about how to set ‘cookie’ preferences in various browsers:


Chrome
https://support.google.com/accounts/answer/61416?hl=en&co=GENIE.Platform%3DDesktop

Edge
https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

Safari
https://help.apple.com/safari/mac/8.0/en.lproj/sfri11471.html

VI. Duration of the data processing

Data controller will use and store the personal data until the purpose is satisfied. In certain, special cases, the Data Controller may control the personal data after the purpose has been satisfied.

VII. Data processors

Data controller uses the services as data processing, of the following companies:

  • ReSales Andalucia SL – Avenida Matias Saenz de Tejada, 3, Fuengirola Centro, Oficina 308, 29640 Fuengirola (Málaga) Spain

Further information is available at:
https://support.resales-online.com/en/articles/4878958-legal-notice-privacy-policy-resales-online-com-en

  • Server provider: […..]
  • [….]

VIII. Data transfer

Data controller may transfer the personal data of the Data subject to the competent authorities based on inquiries in accordance with the relevant statutes.

IX. Rights of the Data Subjects

  1. Transparent information, communication

The controller shall take appropriate measures to provide any information and any communication relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

     2. Information and access to personal data

The Data controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:

  • the identity and the contact details of the controller and, where applicable, of the controller’s representative;
  • the contact details of the data protection officer, where applicable;
  • the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
  • where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
  • the recipients or categories of recipients of the personal data, if any;
  • where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.

   

     3. Right of access by the data subject

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.

     4. Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

     5. Right to erasure, right to be forgotten

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • the personal data have been collected in relation to the offer of information society services.
  • The Data Controller may refuse to erasure the data if processing is necessary:
  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

   

     6. Right to restriction of processing

The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

 

     7. Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  • the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
  • the processing is carried out by automated means.
    In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

 

     8. Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

 

     9. Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

X. Restrictions

Union or Member State law to which the data controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, as well as Article 5 in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22, when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:
a, national security;
b, defense;
c, public security;
d, the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
e, other important objectives of general public interest of the Union or of a Member State, in particular an important economic or financial interest of the Union or of a Member State, including monetary, budgetary and taxation a matters, public health and social security;
f, the protection of judicial independence and judicial proceedings;
g, the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
h, a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a) to (e) and (g);
i, the protection of the data subject or the rights and freedoms of others;
j, the enforcement of civil law claims.

XI. Remedies

In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the National Authority for Data Protection and Freedom of Information (’NAIH’), unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

In case of a breach of data protection rights, Data Subject may lodge a complaint with the NAIH or take legal action in court. The Data Subject may also bring an action before the competent court in the place of residence or domicile of the Data Subject.

Contact of the NAIH:
National Authority for Data Protection and Freedom of Information
Address: 1055 Budapest, Falk Miksa utca 9-11.
Phone number: +36-1-391-1400;
E-mail: ugyfelszolgalat@naih.hu;
Website: www.naih.hu

In the event of the breach of the data protection rights the Participant may bring the matter before the court.

XII. Security of processing

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.


21 February, 2024

Vamos Andalucia Kft.

×