Updated: April 19, 2021
NAME OF DATA CONTROLLER
Representative of data controller: József Hódos
Accessibility of the representative of data controller in connection with data protection, data processing: If you have any questions or complaint in connection with data processing, you may pick up contact with us at the following email address: firstname.lastname@example.org
We will respond to the requests received from natural persons involved in data processing within the shortest time possible, but at the latest within one month after receiving the email.
List of data processing related legislations:
We implement the following activities during data processing:
MOST IMPORTANT DATA PROCESSING RELATED EXPRESSIONS
Personal data: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or on the basis of several factors.
Data Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Data Controller: means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller, or the specific criteria for the nomination of the controller may be provided for by Union or Member State law.
Data Processor: means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
DATA PROCESSING PURPOSE
The data processing purpose of the www.pontly.io website operated by the data controller and of the users and business platforms belonging to it are the following:
What is the carbon footprint?
The carbon footprint is one of the measures of the impact the activity of mankind has on the environment. According to the estimate of the Eurostat, the average carbon-dioxide emission per capita was 6.7 tonnes in year 2019 in the 27 member states of the European Union. According to estimates the average carbon footprint has to decrease below 2 tonnes by 2050 in order to prevent the critical increasing of the global temperature with 2 °C.
How do we wish to contribute to reducing the carbon footprint?
Decreasing the carbon dioxide emission is ensured by participation in the digital loyalty programs. The reduction of the carbon footprint is realised by Pachama Inc. (https://pachama.com) – after the redemption of the users collected loyalty points in the shops that participate in the digital loyalty program – by implementing forest protection activities in the different countries of the world, activities ensuring sustainable logging and tree plantation. The coverage of the costs of these mentioned activities is generated by the activities carried out in the program by the shops and their purchasers (users) participating in the program. The mentioned environment conscious activities and thus the neutralisation of the carbon footprint are realised after the redemption of the loyalty points, by transferring defined amounts of money to the Pachama, Inc..
It is possible to check the environment conscious activity of Pachama, Inc through the https://pachama.com/impact website.
The www.pontly.io website facilitates the realisation of the above purposes by sending marketing purpose offers and newsletters to the users consenting to direct marketing contacts. We use the personal data of the users for sending marketing materials to them, provided the given user previously expressly consented to it, or if the legislation allows us to pick up contact with them without any preliminary consent.
Data Controller analyses the conduct of the user joining the loyalty program with data collection that is based on clicking and voting. Data Controller collects the data from that part of the www.pontly.io website for the purpose of statistical analyses, which is visited by its users. This way it obtains a more accurate picture on which pages are more popular. The information collected concerning the visiting users with the aid of the www.pontly.io website provide more accurate knowledge, supplemented with the collected data. We use this information for the further development of our website and our services and for optimising our marketing activities. The data controller uses the navigation data of the users obtained from the www.pontly.io website for the purpose of continuously improving the operation of the website by modifying its text section, its image world, its messages, and the settings and contents of the marketing campaign that is connected to the website. Data Controller has information on the page from which the given user involved navigated to the www.pontly.iowebsite, provided the user arrives through a marketing campaign or a link that points to the page. Data Controller has no information on the pages to which the users involved navigated from the www.pontly.io website. The website usage data of the users are not sold by Data Controller to any third party, and it does not publish them in any manner either.
Data Controller reserves itself the right to forward the statistical data created during data analyses to its business partners. However, the statistics created during data analyses do not contain any personal data and they may not be traced back to the given user either.
The operation of the www.pontly.io website is based currently on the introduction of the service, on the assessment of the demands connected to the votes submitted by the users (assessment of the popularity of the cafes and the other shops in Hungary), and the communication of data that support the acquiring of businesses, obtained from the assessment of the demand.
The additional purpose of operating the www.pontly.io website is to allow Data Controller to send personalised offers to the users involved in data processing and to establish the possibility of picking up contact for the enterprises interested.
during the initiation of voting.
We try to achieve the following in respect of personal users
We encourage our personal users to declare with the aid of our voting system which places (cafes, bakeries, etc.) they would like to see as the first one in the Pontly program.
Using this information, we try to argue more effectively in the course of the sales discussions we conduct with our business partners.
We will communicate these data in a summarised, anonymous manner to the third parties (e.g.: 2340 persons voted for „Café A”).
We forward the email addresses collected this way through our own system to the MailerLite platform, and we will store and process them there (this means that we will not store them in our own system). The user will be introduced into the „marketing contact” group only if he/she also consents to being contacted for marketing purposes. We do not forward the email addresses of the persons involved to any other database processors.
We would like to encourage the users of the business page to book a meeting with us. We use for this purpose the Calendly (https://calendly.com) software, which we have integrated into the www.pontly.io website.
The users of the business page have to give their following data:
THE LEGAL BASIS OF DATA PROCESSING
The processing of the email addresses of the users is based on the interest assessment test that was carried out by us, during which we examined the methods with the aid of which we can ensure the exclusion of voting on more than one occasion. Since placing a cookie on the integrated unit of the device and the browser does not ensure that the user will vote only once on our site (since voting may be carried out again in another browser or on another device), we check on the basis of the email whether they have already submitted a vote from the given email address. For this we unconditionally need the consents of the users.
Data processing of the www.pontly.io website in the case of business users is also based on Section 6 (1) a) of the GDPR, that is, on the voluntary consent of the data subjects.
Withdrawing a consent does not involve the lawfulness of data processing that was carried out on the basis of the consent prior to its withdrawal.
THE DURATION OF DATA PROCESSING
The www.pontly.io website operated by data controller carries out the data processing on continuous basis for the purpose of implementing the targets described in the section titled THE PURPOSE OF DATA PROCESSING, and therefore the final duration of data processing cannot be defined. However, if a user is inactive in connection with the loyalty program or in connection with the marketing activities connected to it for a period that is longer than 1 year (does not participate in it), then the personal data referring to him/her will be erased after the passing of this time. In line with the principle of the restricted possibility of storage, data controller establishes the group of inactive users and it introduces the measures necessary for erasing the personal data that refer to them in month September each year. Data Controller informs the users about the fact of data erasure in a message sent to the email addresses that were used during registration. Moreover, we inform the data subjects that they may request any time that further newsletters should not be sent to them (newsletter unsubscribe).
Upon unsubscribing the newsletter, data controller will retain for 1 year after the day of unsubscribing the user consent that was given by the data subject. If user requests his/her data to be forgotten, Data Controller after forgetting the data will be unable to present the previously given user consent to the user, since all the data connected to the user will have been irrevocably erased by forgetting the data.
THE GROUP OF DATA PROCESSED
Data controller collects and processes the following data of the natural person users, and forwards them to its data processor.
Data controller collects and processes the following supplementary data in addition to the above listed ones in respect of the business partners:
DATA PROCESSING TECHNOLOGIES USED AND THE DATA PROCESSORS USING THEM
We engage different service providers in the interest of operating and optimizing our website, and in the interest of performing the contracts, in order to perform in our name certain tasks, as e.g., storage services, cookie processing, and processing the submitted votes. We forward the information collected for the specific purposes to these services providers, e.g., the email addresses.
These service providers use appropriate data security measures for ensuring the security of the data of the natural persons. By this, they minimize the risk that the processed data will be used in an unauthorised, law violating manner or in a manner that realises a criminal act.
Data processors engaged:
CookiePro by OneTrust
Heroku – Development platform
Heroku – Storage service
Marketing Prezident Kft
AC Business Connect Kft.
DATA PROCESSING, DATA FORWARDING
When forwarding your personal data, we always provide the highest-level security possible, therefore, we forward your data exclusively to service providers and partners that undertook contractual obligations (the data processors engaged are given under point titled DATA PROCESSING TECHNOLOGIES USED AND THE DATA PROCESSORS USING THEM), which had been selected carefully previously. We forward the data only to organisations that accepted the strict EU data protection legislation or concerning which organisations there are equivalent security rules in effect.
We do forward certain data to third parties located in the United States of America and to Ireland from the www.pontly.io website. We ensure the protection of these data through strict rules corresponding to the rules of the GDPR that were developed, and which are applied in respect of themselves by our partners operating in the above-mentioned countries. You may read details about this on the following pages.
The legal basis of forwarding data to our service providing partners processing the data is the consent of the data subject (Section 6 (1) a) of the GDPR).
DATA PROCESSING OF JUVENILE PERSONS
Consciously we do not collect information from children younger than 16 years
We consciously do not contact children younger than 16 years. If you have any reason to assume that a child younger than 16 years gave us his/her personal data, please contact us, and we will act in line with the stipulations of the relevant legislation.
DATA PROCESSING FOR ADVERTISING PURPOSES
The marketing purpose processing of your data is based on your consent. We process the following data in the interest of our own marketing purposes and the marketing purposes of third parties: e-mail address.
In addition to this we are entitled to store additional data referring to you beyond the mentioned ones, with observing the legislative provisions, in the interest of our own marketing purposes and the marketing purposes of third parties. Through all this we try to achieve that only the advertisements that are interesting for you should reach you, and you should not be bothered with needless ads. We do not hand over the data stored for this purpose to any third party. Moreover, www.pontly.io uses in a pseudonymised or anonymized way the data obtained about you when it uses these data for the purpose of its own marketing purposes and for the marketing purposes of third parties (ad distributors).
The data that are used anonymously or namelessly may be also used for forwarding to you personalised ads online, in such a manner that the direct sending of the ads is done by an ad service provider and/or agency that is a third party. The legal basis concerning the marketing purpose using of the personal data is Section 6 (1) a) of the GDPR, that is, the consent of the data subject.
You may subscribe to our newsletters on our website. Subsequently your email address will be included in the distribution list of our newsletter. The legal basis of this data processing is Section 6 (1) a) of the GDPR.
You may withdraw your consent in respect of the future at any time by sending a letter to the email@example.com e-mail address or by using the unsubscribe option that is at the bottom of the newsletters.
After banning, your data will be blocked in respect of marketing purpose data processing. In exceptional cases you may still temporarily receive advertising materials even after we receive your banning statement. The reason of this is the temporary period that is needed due to the technical reasons of data processing, and this does not mean that we have not enforce your banning statement.
Being assigned by the operator of the website, Google uses this information in the interest of analysing your use of the website, preparing reports on website activities, and providing additional services concerning the use of the website and the internet for the operator of the website. Google does not merge the IP address obtained from your browser in the framework of the Google Analytics service with its other data.
You may prevent the saving of the cookies at any time with the appropriate setting of your browser. However, if you do so, it may happen that you will not be able to fully use all the functions of the website. In addition to this, by downloading and installing the browser’s plug-in module available through the link given below, you may also prevent the recording and forwarding to Google the data that refer to the using of the website, and which are created by the cookies, and you may also prevent the processing of these data (including your IP-address) by Google: Link
Instead of using the plug-in module – especially in the browsers of the mobile end devices – by clicking on the following link you may also prevent Google Analytics recording the information mentioned. This method is built on the sending of such an opt-out cookie, which in the future will prevent the recording of your data when the given website is visited. The cookie saved on your equipment in this case will be valid only in your browser and only on our website. If you delete the cookies in this browser, you will have to again insert the opt-out cookie. You may find additional information in connection with the Google Analytics service on the following Google website: https://support.google.com.
The basis of applying the below introduced targeting method that is used by us as well is Section 6 (1) a) of the GDPR. We use the measures of targeting which allow on your end-equipment only ads that are certainly or assumably interesting for you, and they should not burden you with ads that are uninteresting for you.
We do also use the so-called retargeting methods of external service providers, thus for example, the Pixel procedure of the Irish Facebook Ireland Limited (4 GRAND CANAL SQUARE, GRAND CANAL HARBOUR, D2 Dublin, „Facebook”). With the aid of retargeting, we improve the performance of our marketing campaigns, and indirectly our services. For example, this way we are able to target on the websites of our partners with online ads those users, who have already shown interest towards our services previously. From different studies we know that the internet users are more interested in personalised and interest focused ads than the ads that are not personalized. You are able to ban data collection through the Facebook here: Link.
This method uses a cookie, with the aid of which it is possible to create data referring to the interest of the users mentioned with their pseudonym. Using this cookie, we are able to display in our offers ads that correspond to your interest on the websites of our partners. This method does not directly store any personal data, and it does not merge the usage profiles with your personal data.
You may switch off data collection used for personalised advertisements here. In this case the program sets a cookie that permanently prevents data collection, except, if you delete this cookie with the “delete all cookies” function in your browser intentionally. You may repeat banning at any time.
We use within the Google AdWords service the remarketing function. Through the remarketing function we are able to display for our website users at the other websites of the Google Display network (on the Google network itself, in the so-called “Google-ads” or other websites) ads that are customised to your interest. For this purpose, we analyse the operations of the users of our website, e.g., they are interested in which pages, and thus after they leave our website we are also able to display targeted ads on other websites. For this purpose, Google saves a number in the browser of those users who visit certain Google-services or websites within the Google Display network. This number called a “cookie” registers the visits of the users. This number is for the unambiguous identification of a browser of a certain computer, and it is not for the identification of a given person, since the program does not save any personal data. The legal basis of this data processing is Section 6 (1) a) of the GDPR.
It is possible to switch off the using of the cookies in the system of Google: click on the following link, then download and install the plug-in module that becomes available. Link.
You may find additional information in connection with the Google remarketing function and the Google data protection statement at the following address: Link.
THE RIGHTS OF NATURAL PERSONS INVOLVED IN DATA PROCESSING
Naturally, you have all those rights in connection with the collection of your data, which are outlined below. If you wish to exercise any of your rights presented below, send a message to the firstname.lastname@example.org email address.
In the interest of your own security, we reserve the right to ask further data for verifying your personal identity, whenever we respond to a request you submit. For the case, when identification is not possible, we reserve the right to refuse answering the request.
You may exercise your below listed rights through an email written to the Data Controller. Please send your message to the email@example.com email address.
Right to being informed
You are entitled to request information from the Data Controller about the personal data that are stored in connection with you.
Right to rectification
You are entitled to request the immediate rectification and/or supplementing of the personal data that are stored in connection with you.
Right to restricting data processing
You are entitled to request that we should restrict the processing of your personal data, if you question the accuracy of the data that are stored in connection with you, if the processing of the data is unlawful and we already do not need the data, but you do not want us to delete the data and you need them for the presentation, enforcement of legal demands, or for protection against legal demands or if you objected to the processing of the data.
Right to erasure
You are entitled to request the erasure of your personal data stored by us, except if retaining the data is needed for the free expression of opinions, for the freedom of becoming informed, for fulfilling legal obligations, for public interest, for the presentation of legal demands or for protection against legal demands or for exercising rights.
Right to being informed
If you enforced your right to rectification, erasure, or data processing, then we will notify each person receiving your personal data that we rectified, erased the data or about the fact that already a restriction is in force in respect of the processing of the data, except if this is impossible or it would mean a disproportional effort.
Right to data portability
You are entitled to request a copy of your data given to us, and to request us to send this to you or to a third person in an articulated form that is widely used, and which may be read by machine. If you request us to send the data directly to another data processor, we will carry out request only if it is technically possible.
Right to object
According to Section 21 (2) of the GDPR, the processing of the personal data of the user using and registering for the services of the www.pontly.io website is done also for the purpose of directly acquiring business. In view of this, the users have rights and possibilities to object against the processing of their personal data for this purpose. The related objection may be presented by the data subject with sending a brief message to the firstname.lastname@example.org email address. Objection against the processing of your personal data does not have to be justified by the data subject, it is sufficient to only express that you withdraw your consent in connection data processing concerning you.
Right to withdraw your consent
You are entitled to withdraw your consent concerning the collection of data in respect of the future. This will not refer to the data that will be collected until the withdrawal. We hope that you understand that some time is needed for the withdrawing the consent due to technical reasons, and during this period you may still receive messages from us.
Right to submitting complaints to the regulating authority
If collecting your personal data violates the data protection legislation, or if your data protection rights are violated in any other manner, please act as follows: Forward your complaints primarily to the Data Controller at the following email address: email@example.com
Complaining at the data controller: Please turn with your data processing related complaints primarily to the Data Controller: firstname.lastname@example.org
Right to turning to the court: In case the rights of the data subject are violated, he/she may turn to the court against the data controller. The court will act in respect of the case urgently.
Data protection authority procedure:
You may submit your complaint to the National Authority for Data Protection and Freedom of Information:
Nemzeti Adatvédelmi és Információszabadság Hatóság
1055 Budapest, Falk Miksa utca 9-11
Postal address: 1363 Budapest, Pf. 9.
Phone: +36 -1-391-1400
The security of your personal data is extremely important for us. For this reason, we do protect your data stored at us with technical and organisational measures in order to prevent their unlawful appropriation, manipulation by any third party. Those partners of ours, who process personal data are bound by mandatory data confidentiality. In the interest of protecting your personal data we use encoding technology that corresponds to the HTTPS, the SSL or the TLS protocol when forwarding your personal data.
The HTTPS is the implementation of the TLS encoding over the HTTP protocol. It is used by each website and some other web services as well. Therefore, each website that uses HTTPS also uses TLS-encoding.
The task that is carried out by the TLS protocol has three main components:
Introduction of the data security of the Calendly platform
The connections between the browser and the Calendly platform are encoded during forwarding with TLS SHA-256 RSA encoding. See details: Link
Introduction of the data security of the MailerLite platform
The MailerLite sustains in-house rules and procedures for the management of the encoding mechanisms and the cryptographic keys with the encoding system of MailerLite. MailerLite requests encoding in line with the standards of the sector, in static status and during transmission between public networks. See details: Link
In the interest of ensuring the long-term protection of your data we inspect our technical security measures regularly, and if needed we adjust them to the technological standard that is valid at the given place. These principles are also effective at the companies, with which we co-operate, and therefore which process and use data.
The Data Controller and its data processors implement technical and organisational measures that are appropriate in view of the current status of the technology, with taking into consideration the costs of implementation, the character, scope, circumstances and objectives of data processing and its risk concerning the rights and freedoms of natural persons, of varying probability and seriousness in order to guarantee a data security that is appropriate for the extent of the risk involved.
Data Controller selects and operates the IT devices applied during the provision of the services for processing the personal data in order to:
Data Controller protects with appropriate measures the data that are processed by it, with special regard to unauthorised access, changing, forwarding, publishing, erasure or destruction, and accidental destruction, damage, and their becoming inaccessible due to the changing of the applied technology.
Data Controller in the interest of protecting the data that are electronically managed in its different registers ensures with an appropriate technical solution that the data stored – except if the law allows it – cannot be directly connected to each other and they cannot be allocated to the data subject. This is especially true for the collection of votes cast, where we only add together and store the number of votes cast for the given shops. We do not record that the specific users voted for which shop or shops.
Data Controller, in view of the status of technology, ensures with technical, organising, and organisational measures the protection of the security of data processing, which provide a protection level that is appropriate for the risks that exist in connection with the processing of the data.
Data Controller retains in the course of data processing it implements:
Data Controller registers the possible data protection incidents, with indicating the facts that are connected to the given data protection incidents as well as the measures that were introduced for remedying them.
The objective of Data Controller is to provide clear information on the way the www.pontly.io website uses and stores its cookies. This information is available at the www.pontly.io/cookie-policy website.