Dancepass
Kipróbálom! 

Data Protection Policy
DancePass Data Protection Policy MailPass Data Protection Policy

DancePass Data Protection Policy

1. Purpose, Scope and Applicable Legislation

The purpose of this policy is to set out the data protection and data management principles applied by Földvári Ádám sole trader (hereinafter referred to as Data Controller or DancePass), as well as the organisation's data protection and data management policy, which the organisation, as data controller, recognises as binding upon itself.

When drafting the provisions of this Notice, the organization took into particular consideration Regulation 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation" or "GDPR"), Act CXII of 2011 on the right to self-determination in relation to information and freedom of information (" Infotörvény”), Act V of 2013 on the Civil Code (“Ptk.”), and Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activities (“Grtv.”).

The scope of this Data Processing Notice extends to data processing related to the website available at https://dancepass.app (hereinafter: “Website”). The Data Processing Notice is valid until revoked.

The purpose of the Data Processing Notice is to harmonize the provisions of the organization's other internal regulations regarding data processing activities in order to protect the fundamental rights and freedoms of natural persons and to ensure the proper processing of personal data.

Another important purpose of publishing the Privacy Policy is to enable the organization to process the data of natural persons lawfully by familiarizing itself with and complying with the Policy.

1.1. Newsletter Subscription

Through the Dancepass system, it is possible to subscribe to dance school newsletters. The Dancepass system provides technical support for newsletters through the Mailpass (Cakemail) service. In this case, data processing is carried out by the dance school sending the newsletter, while Dancepass acts as a technical data processor.

Detailed data processing rules relating to newsletter subscriptions are set out in a separate document (see below).

2. The Data Controller

Name: Ádám Földvári, sole trader

The data controller's registered office: 1115 Budapest, Hídvég utca 2/a

Telephone number: +36706254624

Email address: dancepassapp@gmail.com

Registered office: 

Tax number: 12372845-2-43

The data controller is an organization registered in Hungary.

The data controller operates the website, which presents website references and web services created by the data controller.

3. Key Terms and Definitions

  • GDPR(General Data Protection Regulation) is the European Union's new Data Protection Regulation.

  • data controller:the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

  • data processing:any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • data processor:a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

  • personal data:any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

  • third party:a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.data subject consent: the freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  • restriction of processing:the marking of stored personal data with the aim of limiting their processing in the future.

  • erasure:the destruction of data in such a way that their recovery is no longer possible.

  • personal data breach:a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

4. Data Processing Principles

Personal data shall be:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject ("lawfulness, fairness and transparency")

  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the original purposes ("purpose limitation")

  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("data minimisation")

  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ("accuracy")

  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject ("storage limitation")

  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ("integrity and confidentiality")

The controller shall be responsible for, and be able to demonstrate compliance with, the above ("accountability").5.

6. Purpose of Data Processing

The Data Controller processes personal data exclusively for specified purposes. The collection and processing of data is done fairly and lawfully. The Data Controller strives to ensure that only such personal data processing occurs that is essential for the realization of the data processing purpose and suitable for achieving the goal. Personal data may only be processed to the extent and for the time necessary for the realization of the purpose.

6. The Scope of the Processed Data

DATA PROCESSING RELATED TO WEBSITE OPERATION


Purpose of data processing: By storing the data provided during registration, the Data Controller can provide more convenient service (e.g., the data subject's data does not need to be re-entered for new purchases)

Legal basis for data processing: Data subject's consent, Article 6(1)(a), Section 5(1) of the Info Act, and Section 13/A(3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (hereinafter: Elker Act):

Scope of processed data:

Personal Data and the Purpose of Data Processing

Username Identification: enabling registration.

Password: Serves secure login to the user account.

First and Last Name:  Required for contact, purchase and proper invoice issuance.

Contact Person Name: Contact

E-mail Address: Contact

Phone Number: Contact, more efficient coordination of billing or delivery related questions.

Purchase/Registration: Execution of technical operation.

Scope of data subjects: All data subjects registered on the webshop website

Duration of data processing, deadline for data deletion: Within 30 calendar days following the deletion of registration. Except for accounting documents, since according to Section 169(2) of Act C of 2000 on Accounting, these data must be kept for 8 years.

(The accounting document supporting the bookkeeping directly and indirectly, including the general ledger accounts, analytical and detailed records, must be kept in readable form for at least 8 years, retrievable based on the bookkeeping entries.)

Persons who may have access to the data, possible data controllers, recipients of personal data: Personal data may be processed by the data controller's employees, respecting the above principles.

Information on data subjects' rights related to data processing:

  • The data subject may request from the data controller access to personal data concerning him or her, their rectification, erasure or restriction of processing, and

  • may object to the processing of such personal data, and

  • the data subject has the right to data portability and to withdraw consent at any time.

Personal data deletion or modification can be initiated in the following ways:

The following data can be modified on the websites: password, first and last name, e-mail address, phone number, billing address, shipping address, contact person name. The data subject can initiate the deletion or modification of personal data in the following ways:

  • by mail: 1115. Budapest, Hídvég utca 2/a

  • by e-mail at dancepassapp@gmail.com.

Contact

Purpose of data processing: contact, communication, information sharing, information request.

Legal basis for data processing: data subject's voluntary consent, GDPR Article 6(1)(a).

Scope of processed data: name, e-mail address, phone number, and any personal data provided in free text fields.

Deadline for data deletion: 1 year from the last contact or withdrawal of consent

DANCE CLASS REGISTRATION

Purpose of data processing: attending dance classes, registering for dance classes.

Legal basis for data processing: data subject's voluntary consent, GDPR Article 6(1)(a).

Scope of processed data: name, e-mail address, phone number, age, residence, previous dance experience, interest in dance type, dance class day and time, dance class venue, any personal data provided in remarks.

Deadline for data deletion: 1 year from the last contact or withdrawal of consent.

7. Method of Data Processing

The Data Controller stores the data subjects' data on its own servers and temporarily on the Data Controller's computers. Only the Data Controller has access to process the personal data of the data subjects.

Data provision is always voluntary, meaning the data subject can freely decide whether to provide the requested personal data. If the data subject consents, the Data Controller processes the data in accordance with applicable laws and within the limits of the data subjects' consent.

To prevent unauthorized use of processed personal data and related abuses, the Data Controller applies extensive technical and operational security measures. We regularly review our security procedures and develop them in line with technological advances.

8. Technical Data and Cookie Management

Since natural persons can be associated with the online identifiers provided by the devices, applications, tools and protocols they use, such as IP addresses and cookie identifiers, these data, when combined with other information, are suitable and can be used to create profiles of natural persons and identify the given person.

Cookies are also suitable for remembering settings, so users don't have to re-enter them when navigating to a new page, they remember previously entered data, so they don't need to be typed again, they analyze website usage to ensure that the website operates according to user expectations as a result of developments carried out using the information thus obtained, users can easily find the information they are looking for, and they monitor the effectiveness of our advertisements.

If the Data Controller displays various content on the Website with the help of external web services, it may result in the storage of some cookies that are not supervised by the Data Controller, so it has no influence on what data these websites or external domains collect. Information about these cookies is provided by the policies applicable to the given service. The user can set their web browser to accept all cookies, reject all, or notify the user when a cookie arrives on their machine. The setting options are usually found in the browser's "Options" or "Settings" menu. The detailed information available on the English-language www.aboutcookies.org website also helps with settings in different browsers.

Main characteristics of cookies used by the website:

Cookies essential for Website operation: These cookies are essential for using the website and enable the use of the website's basic functions. The lifetime of this type of cookie is limited exclusively to the session time.

9. Data Transfer

The Data Controller only transfers personal data to third parties if the data subject has clearly consented to it – knowing the scope of data to be transferred and the recipient of the data transfer – or if the law authorizes the data transfer. The Data Controller documents all data transfers and maintains records of data transfers.

10. Data Processing

The Data Controller may use authorized data processors for its activities. Data processors do not make independent decisions, they are only authorized to act according to the contract concluded with the Data Controller and the instructions received. The Data Controller supervises the work of data processors. Data processors may only use additional data processors with the Data Controller's consent.

Data processors used by the Data Controller:

WEB HOSTING SERVICE RELATED DATA PROCESSING ACTIVITY

Name of the data processor:Klick Computer Hungary Kft.

Registered office of the data processor:1071 Budapest, Dembinszky utca 44. fsz. 4. (No Customer Service!)

Tax number of the data processor:12372845-2-43

Phone number of the data processor:+36 202395904, +36 205335554

E-mail address of the data processor:foldadam93@gmail.com

Processing of all personal data provided by the data subject on the website, for the proper operation of the website.

Duration of data processing, deadline for data deletion: Until the termination of the agreement between the Service Provider and the Hosting Provider, or until the data subject's deletion request to the Hosting Provider.

WEBSITE OPERATION RELATED DATA PROCESSING ACTIVITY

Name of the data processor:Klick Computer Hungary Kft.

Registered office of the data processor:1071 Budapest, Dembinszky utca 44. fsz. 4. (No Customer Service!)

Tax number of the data processor:12372845-2-43

Phone number of the data processor:+36 202395904, +36 205335554

E-mail address of the data processor:foldadam93@gmail.com

The Data Processor maintains the Website at certain intervals based on a written contract with the Data Controller, and backs up its database for security reasons.

11. External Service Providers

During the operation of the Website, the Data Controller uses external service providers with whom the Data Controller cooperates.

Regarding personal data processed in the systems of External Service Providers, the provisions of the external service providers' own privacy policies are authoritative. The Data Controller does everything possible to ensure that the external service provider processes the personal data transferred to it in accordance with the laws and uses it exclusively for the purpose specified by the User or recorded in this Information below.

The Data Controller informs Users about data transfers to external service providers within the framework of this Information.Külső szolgáltatók:

  • Heroku

  • Maileroo

  • Cakemail

In case of online payment

  • Stripe (Stripe, Inc.)

12. Data Security and Access to Data

he Data Controller ensures data security, takes the technical and organizational measures and establishes the procedural rules that are necessary for the enforcement of the applicable laws, data and confidentiality protection rules. The Data Controller protects the data with appropriate measures against unauthorized access, modification, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and inaccessibility resulting from changes in the applied technology.

The Data Controller keeps records of the data it processes in accordance with the applicable laws, ensuring that only those employees and other persons acting in the Data Controller's sphere of interest (data processors) who need it for the performance of their job duties and tasks can access the data. Data can only be accessed within the employee organization with logging. Data controller employees perform individual searches and individual operations on the data only at the User's request, or in cases where this is necessary for the provision of the service.

13. Duration of Data Processing

The Data Controller deletes personal data if

its processing is unlawful:If it becomes clear that the data is being processed unlawfully, the Data Controller executes the deletion immediately.

  • the data subject requests it(except for data processing based on law): The data subject may request the deletion of data processed based on the data subject's voluntary consent. In this case, the Data Controller deletes the data.

  • the data is incomplete or incorrect– and this condition cannot be lawfully remedied –, provided that the deletion is not excluded by law.

  • the purpose of data processing has ceased, or the legally determined storage period of the data has expired. Since the Data Controller provides continuous service to the data subject, the relationship between the parties is not time-limited. Based on all this – in the absence of the data subject's request – the Data Controller processes the data as long as the relationship between the Data Controller and the data subject exists, and as long as the data controller can provide service to the data subject. The Data Controller deletes all other data if it is obvious that the data will not be used in the future, i.e., the purpose of data processing has ceased.

  • ordered by a court or the National Authority for Data Protection and Freedom of Information:If a court or the National Authority for Data Protection and Freedom of Information orders the deletion of data with final effect, the Data Controller executes the deletion. Instead of deletion, the Data Controller – with the data subject's notification – blocks the personal data if the data subject requests it, or if it can be assumed based on the available information that the deletion would violate the data subject's legitimate interests. Such blocked personal data may only be processed as long as the data processing purpose that excluded the deletion of the personal data exists. The Data Controller marks the personal data it processes if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established. In cases of data processing ordered by law, the provisions of the law are authoritative for data deletion. In case of deletion, the Data Controller makes the data unsuitable for personal identification. If the law requires it, the Data Controller destroys the data carrier containing personal data.

14. Customer Contacts

  • If the data subject has questions or problems while using our data controller services, they can contact the data controller through the methods provided on the website (phone, e-mail, social media, etc.).

  • The data controller deletes incoming e-mails, messages, data provided by phone, Facebook, etc. together with the inquirer's name and e-mail address, as well as other voluntarily provided personal data, at most 2 years after the data communication.

  • We provide information about data processing not listed in this information at the time of data collection.

  • In exceptional cases of official inquiry or based on legal authorization for other organizations' inquiries, the Service Provider is obliged to provide information, disclose, hand over data, or make documents available.

  • In these cases, the Service Provider only releases personal data to the inquirer – if it has specified the exact purpose and scope of the data – to the extent and degree that is absolutely necessary for the realization of the inquiry's purpose.

15. Rights Related to Data Processing

Data subjects are provided with the opportunity to exercise all rights belonging to the legal basis of the data processing case. Requests submitted by the data subject in connection with the exercise of individual rights can be made in writing:

  • by mail: addressed to 1115. Budapest, Hídvég utca 2/a, or

  • electronically at the Data Controller's e-mail address: dancepassapp@gmail.com .

The Data Controller informs the data subject about the measures taken in response to the request sent to the Data Controller for the purpose of exercising the specified rights without undue delay, but no later than within one month from the receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by a further two months.

The Data Controller informs the data subject about the extension of the deadline with the indication of the reasons for the delay within one month from the receipt of the request. If the data subject submitted the request electronically, the information is provided electronically, unless the data subject requests otherwise. If the Data Controller does not take measures in response to the data subject's request, it informs the data subject about the reasons for the lack of measures without delay, but no later than within one month from the receipt of the request, and that the data subject may lodge a complaint with a supervisory authority and may exercise their right to judicial remedy.


Right to information and right of access

The data subject has the right to know the personal data stored by the Data Controller and information related to their processing, to request and check at any time what data the Data Controller keeps about them, and is entitled to access the personal data.

When exercising the right of access, the information covers the following data:

  • purpose, time, legal basis of data processing,

  • categories of the data subject's personal data,

  • recipients of data transfers, if there was an official inquiry, information about which recordings were transferred to which authority,

  • the data subject's right to rectification, deletion, restriction of data processing and objection,

  • the data subject's right to lodge a complaint with a supervisory authority,

  • indication of data source: data collected directly from the data subject,

  • the fact of automated decision-making (including profiling), the applied logic, the significance of data processing and the expected consequences for the data subject.

The Data Controller provides the data subject with a copy of the data free of charge for the first time. For additional copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject requests the copy electronically, the Data Controller makes the information available to the data subject in a widely used electronic format via e-mail. After the information, the data subject may request the rectification, supplementation, deletion, restriction of processing of personal data concerning them, or may initiate the procedure specified in point 16, if they do not agree with the data processing or the accuracy of the processed data.


Right to rectification and supplementation

The data subject may request the rectification of inaccurate personal data concerning them and the supplementation of incomplete data.


Right to erasure

The data subject is entitled to request that the Data Controller delete personal data concerning them without undue delay if any of the following reasons exist:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by the Data Controller;

  • the data subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;

  • the data subject objects to the processing on grounds relating to their particular situation, and there are no overriding legitimate grounds for the processing;

  • the data subject objects to the processing of personal data concerning them for direct marketing purposes, including profiling insofar as it is related to such direct marketing;

  • the personal data have been unlawfully processed by the Data Controller;

  • the personal data have been collected in relation to the offer of information society services directly to children.

Right to restriction of processing

At the data subject's request, the Data Controller restricts data processing if any of the following conditions are met:

  • the data subject contests the accuracy of the personal data, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data;

  • the processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of their use instead;

  • the Data Controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or

  • the data subject has objected to processing; in this case, the restriction applies for a period until it is verified whether the Data Controller's legitimate grounds override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. The Data Controller informs the data subject in advance about the lifting of the restriction of processing.


Right to object

The data subject has the right to object at any time, on grounds relating to their particular situation, to processing of personal data concerning them which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller or for the purposes of the legitimate interests pursued by the Data Controller. In case of objection, the Data Controller may no longer process the personal data unless there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.16. AZ ADATKEZELÉSSEL KAPCSOLATOS JOGÉRVÉNYESÍTÉSI LEHETŐSÉG

16. LEGAL REMEDIES RELATED TO DATA PROCESSING

National Authority for Data Protection and Freedom of Information

Mailing Address:1530 Budapest, Pf.: 5.

Address:1125 Budapest, Szilágyi Erzsébet fasor 22/c

Phone:+36 (1) 391-1400

Fax:+36 (1) 391-1410

E-mail:ugyfelszolgalat (at) naih.hu

Web:https://naih.hu

MailPass Data Management Policy

1. Purpose, Scope and Applicable Laws

This data management information is intended for those who subscribe to a dance school newsletter through the Dancepass interface. The newsletters are sent out using Dancepass's technological solution (Mailpass), but the content of the emails is always determined by the dance school in question.

2. Data Controller

The data controller is the dance school to whose newsletter the data subject subscribes. Schools using the Dancepass system act as independent data controllers when processing the data of newsletter subscribers.

Dancepass (Dancepass Kft., registered office: 1115 Budapest, Hídvég utca 2/a) acts as a data processor and provides technical tools for dance schools to send newsletters.

3. Scope of Data Processed

The following personal data is processed during newsletter subscription:

  • name (optional),

  • email address (mandatory),

  • gender (optional),

  • interests/dance type (optional),

  • date and source of registration (automatically saved technical data).

4. Purpose of Data Processing

The purpose of subscribing to the newsletter is to provide data subjects with regular information about the dance school's events, courses, workshops, ticket purchase options, and other news and offers related to the school's operations.

4. Legal Basis for Data Processing

The legal basis for data processing is the voluntary, specific, and informed consent of the data subject pursuant to Article 6(1)(a) of the GDPR.

When subscribing, the data subject clearly states that they consent to receiving marketing messages to their email address.

5. Duration of Data Processing

The data controller shall process personal data until the data subject requests their deletion or unsubscribes from the newsletter.

Unsubscribing is possible via a clear link available at the bottom of each newsletter.

6. Data Transfer Data Processors

The data controller uses the following technology partner (data processor) to send newsletters:

Cakemail Inc. (www.cakemail.com) – email marketing service provider. Newsletters are sent through this system.

Ádám Földvári, sole trader – operator of the Dancepass system, who has access to the newsletter subscriber database for technical operation purposes, but manages it exclusively on behalf of and in accordance with the instructions of the school concerned.

Data transfer is carried out solely for the technical sending and analysis of emails and the management of subscriptions. Dancepass and Cakemail do not use this data for their own purposes.

7. Rights Related to Data Processing

The data subject may request:

  • information about the processing of their personal data,

  • the rectification of their data,

  • the erasure of their data ("right to be forgotten"),

  • restriction of data processing,

  • objection to data processing,

and may lodge a complaint with the National Authority for Data Protection and Freedom of Information (www.naih.hu).

8. Customer Relations

In case of questions or requests related to data processing, the data subject can contact the dance school directly.

If you have any technical or data security questions, please contact Ádám Földvári at:

  • Email:info@dancepass.eu

  • Postal address: 1115 Budapest, Hídvég utca 2/a