Privacy policy

Updated: April 19, 2021

 

 

NAME OF DATA CONTROLLER

 

The operator of the www.pontly.io website and therefore the exerciser of the Data Controller rights: József Hódos sole entrepreneur (registered seat: 1138 Budapest, Sólyatér utca 11. 2. emelet 3. ajtó, tax number: 52446520-1-41, email: privacy@pontly.io, as data controller (hereinafter referred to as: „Data Controller”) accepts the contents of this Privacy policy as binding for him. He undertakes the obligation that each data processing connected to its activity will fulfil the provisions defined in this Privacy Policy and in the effective national and EU legislations.

 

 

Representative of data controller: József Hódos

 

Accessibility of the representative of data controller in connection with data protection, data processing: If you have any questions or complaint in connection with data processing, you may pick up contact with us at the following email address: privacy@pontly.io

 

We will respond to the requests received from natural persons involved in data processing within the shortest time possible, but at the latest within one month after receiving the email.

 

When preparing this Privacy Policy, we tried to provide simplified, brief, and transparent information for the data subjects.

 

This Privacy Policy refers to both those natural person users and business partners, who participate in the digital loyalty program.

 

This Privacy Policy may be modified by the Data Controller at any time with the condition that Data Controller will inform the natural persons involved in data processing, providing for them by this a possibility to report their objection to the processing of their personal data that refer to them.

 

List of data processing related legislations:

  • (EU) 2016/679 REGULATION OF THE EUROPEAN PARLIAMENT AND COUNCIL
  • Act LXIII of year 1992 on the protection of personal data and the publicity of data of public interest
  • Act CXIX of year 1995 on the processing of the name and address data for research and direct marketing purpose administration
  • Act VI of year 1998 on the protection of individuals with regard to automatic processing of personal data
  • Act CVIII of year 2001 on Electronic Commerce and on Information Society Services
  • Act C of year 2003 on electronic communications
  • Act CXII of year 2011 on the Right of Informational Self-Determination and on Freedom of Information.

 

 

We implement the following activities during data processing:

  • The lawful and fair processing of the personal data. Accordingly, the collection and processing of the personal data is exclusively done for the purpose that is defined in this Privacy Policy.
  • We collect only data that are needed for achieving the target that is defined by the Data Controller.
  • We ensure that the data processed are accurate and up to date.
  • The processing and storing the data are done for the period that is needed for achieving the purpose of data processing. This period may not be defined exactly due to the character of the purposes of the www.pontly.iowebsite, therefore, data processing is done on continuous basis, however, during data processing we pay attention to the principle of the possibility of restricted storage.
  • We make efforts to ensure the maximum security of the personal data, which efforts we described in detail in the Data Security Section of the Privacy Policy.

 

 

 

MOST IMPORTANT DATA PROCESSING RELATED EXPRESSIONS

 

Personal data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or on the basis of several factors.

 

Data Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

 

Data Controller: means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller, or the specific criteria for the nomination of the controller may be provided for by Union or Member State law.

 

Data Processor: means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

 

 

 

DATA PROCESSING PURPOSE

 

The data processing purpose of the www.pontly.io website operated by the data controller and of the users and business platforms belonging to it are the following:

  • To allow the introduction and use of a digital loyalty program for the shops and through this for their visitors.
  • To make the relationship closer between the shops and their purchasers participating in the program.
  • Thanks to the closer relationship, to increase the loyalty of the purchasers (users) towards the given shops.
  • To ensure valuable statistics-based statements (not containing any personal data) for the shops participating in the program (For the shops participating in the program in the interest of the better understanding of and increasing the performance of their business activities.
  • Moreover, to connect the everyday purchases with environment continuous activities (with the assistance of its business partners) in order to reduce the carbon footprint of the users joining the program through carbon-neutralisation.

 

 

What is the carbon footprint?

 

The carbon footprint is one of the measures of the impact the activity of mankind has on the environment. According to the estimate of the Eurostat, the average carbon-dioxide emission per capita was 6.7 tonnes in year 2019 in the 27 member states of the European Union. According to estimates the average carbon footprint has to decrease below 2 tonnes by 2050 in order to prevent the critical increasing of the global temperature with 2 °C.

 

 

How do we wish to contribute to reducing the carbon footprint?

 

Decreasing the carbon dioxide emission is ensured by participation in the digital loyalty programs. The reduction of the carbon footprint is realised by Pachama Inc. (https://pachama.com) – after the redemption of the users collected loyalty points in the shops that participate in the digital loyalty program – by implementing forest protection activities in the different countries of the world, activities ensuring sustainable logging and tree plantation. The coverage of the costs of these mentioned activities is generated by the activities carried out in the program by the shops and their purchasers (users) participating in the program. The mentioned environment conscious activities and thus the neutralisation of the carbon footprint are realised after the redemption of the loyalty points, by transferring defined amounts of money to the Pachama, Inc..

 

It is possible to check the environment conscious activity of Pachama, Inc through the https://pachama.com/impact website.

 

The www.pontly.io website facilitates the realisation of the above purposes by sending marketing purpose offers and newsletters to the users consenting to direct marketing contacts. We use the personal data of the users for sending marketing materials to them, provided the given user previously expressly consented to it, or if the legislation allows us to pick up contact with them without any preliminary consent.

 

Data Controller analyses the conduct of the user joining the loyalty program with data collection that is based on clicking and voting. Data Controller collects the data from that part of the www.pontly.io website for the purpose of statistical analyses, which is visited by its users. This way it obtains a more accurate picture on which pages are more popular. The information collected concerning the visiting users with the aid of the www.pontly.io website provide more accurate knowledge, supplemented with the collected data. We use this information for the further development of our website and our services and for optimising our marketing activities. The data controller uses the navigation data of the users obtained from the www.pontly.io website for the purpose of continuously improving the operation of the website by modifying its text section, its image world, its messages, and the settings and contents of the marketing campaign that is connected to the website. Data Controller has information on the page from which the given user involved navigated to the www.pontly.iowebsite, provided the user arrives through a marketing campaign or a link that points to the page. Data Controller has no information on the pages to which the users involved navigated from the www.pontly.io website. The website usage data of the users are not sold by Data Controller to any third party, and it does not publish them in any manner either.

 

Data Controller reserves itself the right to forward the statistical data created during data analyses to its business partners. However, the statistics created during data analyses do not contain any personal data and they may not be traced back to the given user either.

 

The operation of the www.pontly.io website is based currently on the introduction of the service, on the assessment of the demands connected to the votes submitted by the users (assessment of the popularity of the cafes and the other shops in Hungary), and the communication of data that support the acquiring of businesses, obtained from the assessment of the demand.

 

The additional purpose of operating the www.pontly.io website is to allow Data Controller to send personalised offers to the users involved in data processing and to establish the possibility of picking up contact for the enterprises interested.

 

The users using the services of the www.pontly.io website give their consent to data processing during the voting procedure. This Privacy Policy may be also viewed

during the initiation of voting.

 

 

We try to achieve the following in respect of personal users

 

We encourage our personal users to declare with the aid of our voting system which places (cafes, bakeries, etc.) they would like to see as the first one in the Pontly program.

 

Using this information, we try to argue more effectively in the course of the sales discussions we conduct with our business partners.

 

We will communicate these data in a summarised, anonymous manner to the third parties (e.g.: 2340 persons voted for „Café A”).

 

The user has to give his/her email address for submitting his/her vote. User has to consent to the contents of this Privacy Policy for submitting his/her vote.

 

We forward the email addresses collected this way through our own system to the MailerLite platform, and we will store and process them there (this means that we will not store them in our own system). The user will be introduced into the „marketing contact” group only if he/she also consents to being contacted for marketing purposes. We do not forward the email addresses of the persons involved to any other database processors.

 

 

Business users

 

We would like to encourage the users of the business page to book a meeting with us. We use for this purpose the Calendly (https://calendly.com) software, which we have integrated into the www.pontly.io website.

 

The users of the business page have to give their following data:

  • Forename,
  • Surname,
  • Email address.

 

The above data will be forwarded to Calendly, provided the person booking a meeting consents to the contents of this Privacy Policy.

 

 

 

THE LEGAL BASIS OF DATA PROCESSING

 

The data processing of the www.pontly.io website is based on Section 6 (1) a) of the GDPR, that is, on the voluntary consent of the data subjects. This means that the natural person (user) and the business partners participating in the digital loyalty program give their active consent when accepting this Privacy Policy for Data Controller to process their defined personal data in the interest of realising the above purposes.

 

The processing of the email addresses of the users is based on the interest assessment test that was carried out by us, during which we examined the methods with the aid of which we can ensure the exclusion of voting on more than one occasion. Since placing a cookie on the integrated unit of the device and the browser does not ensure that the user will vote only once on our site (since voting may be carried out again in another browser or on another device), we check on the basis of the email whether they have already submitted a vote from the given email address. For this we unconditionally need the consents of the users.

 

Data processing of the www.pontly.io website in the case of business users is also based on Section 6 (1) a) of the GDPR, that is, on the voluntary consent of the data subjects.

 

Withdrawing a consent does not involve the lawfulness of data processing that was carried out on the basis of the consent prior to its withdrawal.

 

 

 

THE DURATION OF DATA PROCESSING

 

The www.pontly.io website operated by data controller carries out the data processing on continuous basis for the purpose of implementing the targets described in the section titled THE PURPOSE OF DATA PROCESSING, and therefore the final duration of data processing cannot be defined. However, if a user is inactive in connection with the loyalty program or in connection with the marketing activities connected to it for a period that is longer than 1 year (does not participate in it), then the personal data referring to him/her will be erased after the passing of this time. In line with the principle of the restricted possibility of storage, data controller establishes the group of inactive users and it introduces the measures necessary for erasing the personal data that refer to them in month September each year. Data Controller informs the users about the fact of data erasure in a message sent to the email addresses that were used during registration. Moreover, we inform the data subjects that they may request any time that further newsletters should not be sent to them (newsletter unsubscribe).

 

Upon unsubscribing the newsletter, data controller will retain for 1 year after the day of unsubscribing the user consent that was given by the data subject. If user requests his/her data to be forgotten, Data Controller after forgetting the data will be unable to present the previously given user consent to the user, since all the data connected to the user will have been irrevocably erased by forgetting the data.

 

 

 

THE GROUP OF DATA PROCESSED

 

Data controller collects and processes the following data of the natural person users, and forwards them to its data processor.

 

  • Email address,
  • Movement of the mouse of the computer,
  • The clicks and scrolling that are carried out with the mouse of the computer,
  • His/her computer’s IP address that is forwarded due to technical reasons (which is automatically anonymized, and which does not allow the drawing of any conclusions concerning the individual user),
  • The navigation of the user within the www.pontly.io website,
  • Anonymized data collected by the Google Analytics software (which cannot be connected to the email address of the given user). This aspect we also summarised in more detail in the GOOGLE ANALYTICSsection of this Privacy Policy (Link),

 

Data controller collects and processes the following supplementary data in addition to the above listed ones in respect of the business partners:

  • Name of contact person
  • Email address of contact person

 

 

 

DATA PROCESSING TECHNOLOGIES USED AND THE DATA PROCESSORS USING THEM

 

We engage different service providers in the interest of operating and optimizing our website, and in the interest of performing the contracts, in order to perform in our name certain tasks, as e.g., storage services, cookie processing, and processing the submitted votes. We forward the information collected for the specific purposes to these services providers, e.g., the email addresses.

 

These service providers use appropriate data security measures for ensuring the security of the data of the natural persons. By this, they minimize the risk that the processed data will be used in an unauthorised, law violating manner or in a manner that realises a criminal act.

 

Data processors engaged:

 

mHosting

  • A storage service provider for our website.
  • Name of data processor: Magyar Hosting Kft.
  • Registered seat: H-1132 Budapest, Victor Hugo u. 18-22.
  • Accessibility: info@mhosting.hu
  • Data protection policy: Link

 

WordPress Elementor

  • Our website was prepared with this website preparing platform.
  • Name of data processor: Elementor Ltd.
  • Registered seat: Tel Aviv, Tel Aviv, Israel
  • Accessibility: legal@elementor.com
  • Data protection policy: Link

 

CookiePro by OneTrust

  • This platform ensures the displaying of the cookie warning on our website, as well as the authorisation or banning of cookies.
  • Name of data processor: OneTrust, LLC
  • Registered seat: Atlanta, GA, USA, 1200 Abernathy Rd NE, Building 600, Atlanta, GA 30328, United States
  • Accessibility: DPO@onetrust.com
  • Data protection policy: Link

 

Cloudflare

  • We use this technology indirectly through the CookiePro platform. The CookiePro platform identifies in which country the user is staying at the time when he/she uses the website, in order to display the cookie warning window that is appropriate for the given country (e.g.: in the EU, the GDPR, in California the CCPA warning).
  • Name of data processor: Cloudflare, Inc.
  • Registered seat: 101 Townsend St, San Francisco, CA 94107, USA
  • Accessibility: privacyquestions@cloudflare.com
  • Data protection policy: Link

 

Heroku – Development platform

  • The voting function available on our website is provided through this platform.
  • Name of data processor: Salesforce
  • Registered seat: 415 Mission St, 3rd Floor, San Francisco, CA 94105, USA
  • Accessibility: Link
  • Data protection policy: Link, Link2

 

Heroku – Storage service

  • We use them as a storage service provider for storing the votes of the voting function that is available on our website, (although we do not store email addresses, nevertheless “they pass through our hands” when we hand them over to the MailerLite platform).
  • Name of data processor: Amazon Web Services
  • Registered seat: Burlington Plaza, 1 Burlington Rd, Dublin 4, D04 RH96, Ireland
  • Accessibility: Link
  • Data protection policy: Link, Link2, Link3

 

MailerLite

  • The email marketing platform we use, where we store and manage the collected email addresses – indicating those separately, from which we got consent to marketing contact.
  • Name of data processor: UAB “MailerLite”
  • Registered seat: Basanavičiaus 15, LT-03108 Vilnius, Lithuania
  • Accessibility: info@mailerlite.com
  • Data protection policy: Link

 

Calendly

  • We are able to book times for meetings with our business partners with the aid of this platform.
  • Name of data processor: Calendly LLC
  • Registered seat: 271 17th St NW, Atlanta, GA 30363, USA
  • Accessibility: support@calendly.com
  • Data protection policy: Link

 

Google

  • We use the Google Tag Manager, Google Analytics, Google Ads, and similar technologies for measuring and optimising our website and our marketing activity.
  • Name of data processor: Google LLC
  • Registered seat: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • Accessibility: Link
  • Data protection policy: Link

 

Facebook

  • We use this technology for our marketing activity. We also use this technology for measuring the efficiency of our marketing activity.
  • Name of data processor: Facebook Ireland Ltd.
  • Registered seat: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland
  • Accessibility: Link
  • Data protection policy: Link

 

Marketing Prezident Kft

  • Our partner that provides marketing services and which manages our online ads.
  • Name of data processor: Marketing PrezidentKft.
  • Registered seat: 1068 Budapest, Király u. 80 fszt11..
  • Accessibility: info@marketingprezident.hu
  • Data protection policy: Link

 

BITheory Kft.

  • It is the IT support providing partner of our Marketing PrezidentKft. partner
  • Name of data processing: BITheoryKft.
  • Registered seat: 1196 – Budapest, Kossuth Lajos u. 118.
  • Accessibility: info@bitheory.hu
  • Data protection policy: Link

 

AC Business Connect Kft.

  • Bookkeeping service provider partner of our Marketing PrezidentKft. partner
  • Name of data processing: AC Business Connect Kft.
  • Registered seat: 1157 Budapest, Nyírpalotaút 83. 7. em. 44.
  • Accessibility: 1157 Budapest, Nyírpalotaút 83. 7. em. 44.

 

 

 

DATA PROCESSING, DATA FORWARDING

 

When forwarding your personal data, we always provide the highest-level security possible, therefore, we forward your data exclusively to service providers and partners that undertook contractual obligations (the data processors engaged are given under point titled DATA PROCESSING TECHNOLOGIES USED AND THE DATA PROCESSORS USING THEM), which had been selected carefully previously. We forward the data only to organisations that accepted the strict EU data protection legislation or concerning which organisations there are equivalent security rules in effect.

 

We do forward certain data to third parties located in the United States of America and to Ireland from the www.pontly.io website. We ensure the protection of these data through strict rules corresponding to the rules of the GDPR that were developed, and which are applied in respect of themselves by our partners operating in the above-mentioned countries. You may read details about this on the following pages.

 

The legal basis of forwarding data to our service providing partners processing the data is the consent of the data subject (Section 6 (1) a) of the GDPR).

 

 

 

DATA PROCESSING OF JUVENILE PERSONS

 

Consciously we do not collect information from children younger than 16 years

 

We consciously do not contact children younger than 16 years. If you have any reason to assume that a child younger than 16 years gave us his/her personal data, please contact us, and we will act in line with the stipulations of the relevant legislation.

 

 

 

DATA PROCESSING FOR ADVERTISING PURPOSES

 

The marketing purpose processing of your data is based on your consent. We process the following data in the interest of our own marketing purposes and the marketing purposes of third parties: e-mail address.

 

In addition to this we are entitled to store additional data referring to you beyond the mentioned ones, with observing the legislative provisions, in the interest of our own marketing purposes and the marketing purposes of third parties. Through all this we try to achieve that only the advertisements that are interesting for you should reach you, and you should not be bothered with needless ads. We do not hand over the data stored for this purpose to any third party. Moreover, www.pontly.io uses in a pseudonymised or anonymized way the data obtained about you when it uses these data for the purpose of its own marketing purposes and for the marketing purposes of third parties (ad distributors).

 

The data that are used anonymously or namelessly may be also used for forwarding to you personalised ads online, in such a manner that the direct sending of the ads is done by an ad service provider and/or agency that is a third party. The legal basis concerning the marketing purpose using of the personal data is Section 6 (1) a) of the GDPR, that is, the consent of the data subject.

 

You may subscribe to our newsletters on our website. Subsequently your email address will be included in the distribution list of our newsletter. The legal basis of this data processing is Section 6 (1) a) of the GDPR.

 

You may withdraw your consent in respect of the future at any time by sending a letter to the privacy@pontly.io e-mail address or by using the unsubscribe option that is at the bottom of the newsletters.

 

After banning, your data will be blocked in respect of marketing purpose data processing. In exceptional cases you may still temporarily receive advertising materials even after we receive your banning statement. The reason of this is the temporary period that is needed due to the technical reasons of data processing, and this does not mean that we have not enforce your banning statement.

 

 

 

GOOGLE ANALYTICS

 

In order to develop our websites in line with the demands and in the interest of their continuous improvement we use the Google Analytics service, the web analysing program of the Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, „Google“) based on Section 6 (1) a) of the GDPR. Google Analytics uses the text files – the so-called cookies – that are introduced to the computer of the user for analysing the use of the website by the users. In connection with this the system prepares pseudonymous user profiles and uses cookies. With the aid of the cookies, it is possible to obtain the following information about the habits of the users concerning the using of the website:

  • Type, version of the browser,
  • Operation system used,
  • Referer-URL (previously visited website),
  • Computer name of the accessing computer (IP-address),
  • Time of server request.

 

Being assigned by the operator of the website, Google uses this information in the interest of analysing your use of the website, preparing reports on website activities, and  providing additional services concerning the use of the website and the internet for the operator of the website. Google does not merge the IP address obtained from your browser in the framework of the Google Analytics service with its other data.

 

You may prevent the saving of the cookies at any time with the appropriate setting of your browser. However, if you do so, it may happen that you will not be able to fully use all the functions of the website. In addition to this, by downloading and installing the browser’s plug-in module available through the link given below, you may also prevent the recording and forwarding to Google the data that refer to the using of the website, and which are created by the cookies, and you may also prevent the processing of these data  (including your IP-address) by Google: Link

 

Instead of using the plug-in module – especially in the browsers of the mobile end devices – by clicking on the following link you may also prevent Google Analytics recording the information mentioned. This method is built on the sending of such an opt-out cookie, which in the future will prevent the recording of your data when the given website is visited. The cookie saved on your equipment in this case will be valid only in your browser and only on our website. If you delete the cookies in this browser, you will have to again insert the opt-out cookie. You may find additional information in connection with the Google Analytics service on the following Google website: https://support.google.com.

 

 

 

TARGETING

 

Targeting

The basis of applying the below introduced targeting method that is used by us as well is Section 6 (1) a) of the GDPR. We use the measures of targeting which allow on your end-equipment only ads that are certainly or assumably interesting for you, and they should not burden you with ads that are uninteresting for you.

 

Retargeting

We do also use the so-called retargeting methods of external service providers, thus for example, the Pixel procedure of the Irish Facebook Ireland Limited (4 GRAND CANAL SQUARE, GRAND CANAL HARBOUR, D2 Dublin, „Facebook”). With the aid of retargeting, we improve the performance of our marketing campaigns, and indirectly our services. For example, this way we are able to target on the websites of our partners with online ads those users, who have already shown interest towards our services previously. From different studies we know that the internet users are more interested in personalised and interest focused ads than the ads that are not personalized. You are able to ban data collection through the Facebook here: Link.

 

This method uses a cookie, with the aid of which it is possible to create data referring to the interest of the users mentioned with their pseudonym. Using this cookie, we are able to display in our offers ads that correspond to your interest on the websites of our partners. This method does not directly store any personal data, and it does not merge the usage profiles with your personal data.

 

You may switch off data collection used for personalised advertisements here. In this case the program sets a cookie that permanently prevents data collection, except, if you delete this cookie with the “delete all cookies” function in your browser intentionally. You may repeat banning at any time.

 

Google Adwords

We use within the Google AdWords service the remarketing function. Through the remarketing function we are able to display for our website users at the other websites of the Google Display network (on the Google network itself, in the so-called “Google-ads” or other websites) ads that are customised to your interest. For this purpose, we analyse the operations of the users of our website, e.g., they are interested in which pages, and thus after they leave our website we are also able to display targeted ads on other websites. For this purpose, Google saves a number in the browser of those users who visit certain Google-services or websites within the Google Display network. This number called a “cookie” registers the visits of the users. This number is for the unambiguous identification of a browser of a certain computer, and it is not for the identification of a given person, since the program does not save any personal data. The legal basis of this data processing is Section 6 (1) a) of the GDPR.

 

It is possible to switch off the using of the cookies in the system of Google: click on the following link, then download and install the plug-in module that becomes available. Link.

 

You may find additional information in connection with the Google remarketing function and the Google data protection statement at the following address: Link.

 

 

 

THE RIGHTS OF NATURAL PERSONS INVOLVED IN DATA PROCESSING

 

Naturally, you have all those rights in connection with the collection of your data, which are outlined below. If you wish to exercise any of your rights presented below, send a message to the privacy@pontly.io email address.

 

In the interest of your own security, we reserve the right to ask further data for verifying your personal identity, whenever we respond to a request you submit. For the case, when identification is not possible, we reserve the right to refuse answering the request.

 

You may exercise your below listed rights through an email written to the Data Controller. Please send your message to the privacy@pontly.io email address.

 

Right to being informed

You are entitled to request information from the Data Controller about the personal data that are stored in connection with you.

 

Right to rectification

You are entitled to request the immediate rectification and/or supplementing of the personal data that are stored in connection with you.

 

Right to restricting data processing

You are entitled to request that we should restrict the processing of your personal data, if you question the accuracy of the data that are stored in connection with you, if the processing of the data is unlawful and we already do not need the data, but you do not want us to delete the data and you need them for the presentation, enforcement of legal demands, or for protection against legal demands or if you objected to the processing of the data.

 

Right to erasure

You are entitled to request the erasure of your personal data stored by us, except if retaining the data is needed for the free expression of opinions, for the freedom of becoming informed, for fulfilling legal obligations, for public interest, for the presentation of legal demands or for protection against legal demands or for exercising rights.

 

Right to being informed

If you enforced your right to rectification, erasure, or data processing, then we will notify each person receiving your personal data that we rectified, erased the data or about the fact that already a restriction is in force in respect of the processing of the data, except if this is impossible or it would mean a disproportional effort.

 

Right to data portability

You are entitled to request a copy of your data given to us, and to request us to send this to you or to a third person in an articulated form that is widely used, and which may be read by machine. If you request us to send the data directly to another data processor, we will carry out request only if it is technically possible.

 

Right to object

According to Section 21 (2) of the GDPR, the processing of the personal data of the user using and registering for the services of the www.pontly.io website is done also for the purpose of directly acquiring business. In view of this, the users have rights and possibilities to object against the processing of their personal data for this purpose. The related objection may be presented by the data subject with sending a brief message to the privacy@pontly.io email address. Objection against the processing of your personal data does not have to be justified by the data subject, it is sufficient to only express that you withdraw your consent in connection data processing concerning you.

 

Right to withdraw your consent

You are entitled to withdraw your consent concerning the collection of data in respect of the future. This will not refer to the data that will be collected until the withdrawal. We hope that you understand that some time is needed for the withdrawing the consent due to technical reasons, and during this period you may still receive messages from us.

 

Right to submitting complaints to the regulating authority

If collecting your personal data violates the data protection legislation, or if your data protection rights are violated in any other manner, please act as follows: Forward your complaints primarily to the Data Controller at the following email address: privacy@pontly.io

 

Complaining at the data controller: Please turn with your data processing related complaints primarily to the Data Controller: privacy@pontly.io

 

Right to turning to the court: In case the rights of the data subject are violated, he/she may turn to the court against the data controller. The court will act in respect of the case urgently.

 

Data protection authority procedure:

You may submit your complaint to the National Authority for Data Protection and Freedom of Information:

Nemzeti Adatvédelmi és Információszabadság Hatóság

1055 Budapest, Falk Miksa utca 9-11

Postal address: 1363 Budapest, Pf. 9.

Phone: +36 -1-391-1400

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

 

 

 

DATA SECURITY

 

The security of your personal data is extremely important for us. For this reason, we do protect your data stored at us with technical and organisational measures in order to prevent their unlawful appropriation, manipulation by any third party. Those partners of ours, who process personal data are bound by mandatory data confidentiality. In the interest of protecting your personal data we use encoding technology that corresponds to the HTTPS, the SSL or the TLS protocol when forwarding your personal data.

 

The HTTPS is the implementation of the TLS encoding over the HTTP protocol. It is used by each website and some other web services as well. Therefore, each website that uses HTTPS also uses TLS-encoding.

 

The task that is carried out by the TLS protocol has three main components:

  • Encoding: hides the data forwarded from third persons.
  • Authentication: ensures that the parties exchanging the information are the persons that they state about themselves to be.
  • Integrity: checks that the data were not falsified or manipulated.

 

Introduction of the data security of the Calendly platform

The connections between the browser and the Calendly platform are encoded during forwarding with TLS SHA-256 RSA encoding. See details: Link

 

Introduction of the data security of the MailerLite platform

The MailerLite sustains in-house rules and procedures for the management of the encoding mechanisms and the cryptographic keys with the encoding system of MailerLite. MailerLite requests encoding in line with the standards of the sector, in static status and during transmission between public networks. See details: Link

 

In the interest of ensuring the long-term protection of your data we inspect our technical security measures regularly, and if needed we adjust them to the technological standard that is valid at the given place. These principles are also effective at the companies, with which we co-operate, and therefore which process and use data.

 

The Data Controller and its data processors implement technical and organisational measures that are appropriate in view of the current status of the technology, with taking into consideration the costs of implementation, the character, scope, circumstances and objectives of data processing and its risk concerning the rights and freedoms of natural persons, of varying probability and seriousness in order to guarantee a data security that is appropriate for the extent of the risk involved.

 

Data Controller selects and operates the IT devices applied during the provision of the services for processing the personal data in order to:

  • Make the personal data accessible to the persons entitled to access them (availability),
  • Ensure their authenticity and authentication (authenticity of data processing),
  • Make the certification of their unchanged status possible (data integrity),
  • Ensure their protection against unauthorised access (data confidentiality).

 

Data Controller protects with appropriate measures the data that are processed by it, with special regard to unauthorised access, changing, forwarding, publishing, erasure or destruction, and accidental destruction, damage, and their becoming inaccessible due to the changing of the applied technology.

 

Data Controller in the interest of protecting the data that are electronically managed in its different registers ensures with an appropriate technical solution that the data stored – except if the law allows it – cannot be directly connected to each other and they cannot be allocated to the data subject. This is especially true for the collection of votes cast, where we only add together and store the number of votes cast for the given shops. We do not record that the specific users voted for which shop or shops.

 

Data Controller, in view of the status of technology, ensures with technical, organising, and organisational measures the protection of the security of data processing, which provide a protection level that is appropriate for the risks that exist in connection with the processing of the data.

 

Data Controller retains in the course of data processing it implements:

  • The confidentiality of the data: In order to achieve this, it ensures that only authorised persons may have access to the data it collects.
  • Integrity: It ensures that the data may not be modified during processing and analysis.
  • The actual accessibility of the desired information to the data subject, and the availability of the devices involved.

 

Data Controller registers the possible data protection incidents, with indicating the facts that are connected to the given data protection incidents as well as the measures that were introduced for remedying them.

 

 

 

COOKIE POLICY

 

The objective of Data Controller is to provide clear information on the way the www.pontly.io website uses and stores its cookies. This information is available at the www.pontly.io/cookie-policy website.