Privacy Policy
Please carefully read the Policy to understand how we process your personal data and to learn about your rights related to data processing.
The Service Provider or Data Controller, as a data processor, respects the privacy of all individuals who provide personal data through the use of the donaldbubblegum.com website or through other inquiries at our contact points. The Service Provider treats personal data confidentially and takes all necessary security, technical, and organizational measures to ensure the security of the data.
In accordance with Article 13 of the General Data Protection Regulation (Regulation 679/2016, hereinafter: GDPR) of the European Union, the following mandatory information is provided: The data processing effective date: 01.01.2023. Our data processing principles may be modified at any time, and the Service Provider will make every effort to ensure users are notified of such changes.
Table of Contents
1. Summary
2. Applicable Laws
3. Data Controller Details
4. Concepts of Data Protection
5. Rules of Data Processing
6. Enforcement of Data Subject Rights
7. The Scope of Personal Data Processed
8. Cookies and Similar Technologies
9. Application of Automated Decision-Making, Profiling
10. Data Protection Officer:
11. Supervisory Authority
2. Our data processing particularly complies with the provisions of the following laws:
Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter referred to as Infotv.),
Act V of the year on the Civil Code
Act C of 2003 on Electronic Communications (hereinafter referred to as Eht.)
Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (hereinafter referred to as Eker. tv.)
Act C of 2000 on Accounting,
Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities (hereinafter referred to as Grt.)
Act CXIX of 1995 on the handling of name and address data for the purpose of research and direct business acquisition. (hereinafter referred to as DM tv.)
- Data Controller’s designation
AR-EL Kft.
2092 Budakeszi, Reviczky u 74.
Tax ID: HU12401202
Company Registration Number: 13-09-080496
Telefonszám: +36 30 308 9000
E-mail: info@donaldbubble.hu
- Concepts of Data Protection
Data Subject: any identified or identifiable natural person based on personal data – directly or indirectly
Personal Data: data that can be associated with the Data Subject – especially the data subject’s name, identification mark, and knowledge characteristic of one or more physical, physiological, mental, economic, cultural, or social identities -, and the inference that can be drawn from the data about the Data Subject.
Consent: the Data Subject’s voluntary and explicit expression of will, based on adequate information, by which they unmistakably give their consent for the processing of personal data related to them – either in full or for certain operations
Objection: the Data Subject’s statement by which they object to the processing of their personal data and request the termination of data processing or the deletion of the processed data
Data Controller: the natural or legal person, or organization without legal personality, who or which determines the purposes of data processing, makes decisions related to data processing (including the tools used) and executes them, or has them executed by a data processor appointed by them
Data Processing: any operation or set of operations on data, regardless of the procedure applied, such as collection, recording, organization, storage, alteration, use, retrieval, transmission, public disclosure, coordination or linking, blocking, erasure, and destruction of data, as well as the prevention of further use of the data, making photographs, sound or image recordings
Data Transfer: if the data is made accessible to a specified third party
Public Disclosure: if the data is made accessible to anyone
Data Erasure: rendering the data unrecognizable in such a way that their restoration is no longer possible
Data Destruction: complete physical destruction of the data carrier containing the data; data processing: performing technical tasks related to data processing operations, regardless of the method and tools applied to the execution of the operations and the location of the application, provided that the technical task is performed on the data
Data Processor: the natural or legal person, or organization without legal personality, who or which processes data on the basis of a contract with the data controller – including contracts based on legal provisions
Third Party: a natural or legal person, or organization without legal personality, who or which is not the same as the data subject, the data controller, or the data processor
Third Country: any state that is not an EEA state
Data Protection Incident: illegal processing or handling of personal data, including unauthorized access, alteration, transmission, public disclosure, erasure or destruction, as well as accidental destruction and damage.
- Targeted or Advertising Cookies
The current data management policy is valid from January 02, 2024, until revoked.
The terminology used in this document corresponds to the explanatory definitions outlined in Section 3 of the Information Act.
Personal data may only be processed for the exercise of rights or fulfillment of obligations. The use of personal data, which is managed by the Service Provider, for personal purposes is prohibited. Data processing must always comply with the principle of purpose limitation.
The legal basis for data processing is primarily the consent of the data subject, and in certain data processing cases (e.g., personal data on invoices), it is governed by the law.
The Data Controller informs the Data Subject at the time of data collection that the Data Management Information is applicable to the processing of their data.
Acceptance of the Data Management Information confirms that the Data Subject has read and understood the Data Management Information and constitutes consent to data processing.
The Service Provider processes personal data only for specific purposes, for the exercise of rights and fulfillment of obligations, based on the prior consent of the data subject or legal authorization, to the extent necessary to achieve the purpose, and for a minimal period of time.
At every stage of data processing, it must comply with the purpose, and if the purpose of data processing ceases to exist, or if data processing is otherwise unlawful, the data will be deleted.
Before collecting data, the Service Provider always informs the data subject about the purpose of data processing and the legal basis for data processing.
If a person covered by this policy becomes aware that the personal data managed by the Service Provider is incorrect, incomplete, or out of date, they are obliged to correct it or initiate the correction with the employee responsible for recording the data.
The Service Provider’s employees ensure that unauthorized persons cannot access personal data and that the storage and placement of personal data are designed to prevent it from being accessible, visible, changeable, or destructible by unauthorized persons.
The supervision of the Service Provider’s data protection system is carried out by the managing director.
Please note that our website contains links to other organizations’ websites. The data and information protection practices of these organizations are their responsibility.
- AThe enforcement of the rights of the data subjects.
The data subject can request information about the processing of their personal data, and they can also request the correction of their personal data, or – except for data processing required by law – the deletion of their personal data at the info@donaldbubble.hu email address.
6.1. The right to information
The data subject has the right to request information from the Service Provider about their personal data that is processed by them or by data processors authorized by them. This includes information about the source of the data, the purpose and legal basis of data processing, the duration of processing, the name and address of data processors, their activities related to data protection, the circumstances of data breaches, their effects, and the measures taken to mitigate them, as well as the legal basis and recipient of data transfers.
The Service Provider, in response to the data subject’s request related to the processing of their personal data, shall provide a written, easily understandable response within 25 days from the date of the request.
The information provided shall cover the information specified in Section 15(1) of the Info Act, unless the data subject’s right to be informed cannot be denied by law.
If incorrect data is found, the data controller shall correct it if the necessary data and supporting public documents are available. In case of the circumstances specified in Section 17(2) of the Info Act, the data controller shall take action for the deletion of the processed personal data.
6.2. The right to object
The data subject may object to the processing of their personal data if:
- the processing or transmission of personal data is necessary for the performance of a legal obligation incumbent on the data controller or for the assertion of the legitimate interests of the data controller, the data recipient, or a third party, except in cases of mandatory data processing;
- the use or transmission of personal data is carried out for the purposes of direct marketing, public opinion polling, or scientific research; and
- in other cases specified by law.
The Service Provider shall examine the objection within the shortest possible time, but not later than within 25 days from the submission of the request, make a decision on the justification of the objection, and inform the applicant in writing of its decision.
If the objection is well-founded, the Service Provider shall terminate the data processing and block the data, as well as inform all those to whom the personal data affected by the objection has previously been transmitted, and who are obliged to take action to assert the right of objection.
If the data subject does not agree with the decision taken on the objection, or if the Service Provider fails to comply with the deadline, the data subject may, within 30 days of the last day of the deadline for the Service Provider’s communication of the decision, turn to the court as specified in Section 22 of the Infotv.
If the objection is justified, the data controller shall act in accordance with Section 21 (3) of the Infotv.
6.3. Blocking
The Service Provider shall block the personal data if the data subject requests it or if, based on the information available, it can be assumed that deletion would violate the legitimate interests of the data subject. The blocked personal data may only be processed as long as the data processing purpose that prevented the deletion of the personal data exists.
6.4. Deletion
The Service Provider deletes personal data if its processing is unlawful, the data subject requests it (except if data processing is based on a mandatory legal provision*), the processed data is incomplete or incorrect – and this condition cannot be lawfully remedied – provided that deletion is not excluded by law, the purpose of data processing has ceased, or the statutory storage period for the data has expired, and if it has been ordered by a court or the National Authority for Data Protection and Freedom of Information.
The Service Provider has 25 days to perform the deletion, blocking, or correction of personal data. The Service Provider notifies the data subject and all those to whom the data was previously transmitted for data processing purposes about the measures taken.
The Service Provider also compensates for any damage caused to others due to the unlawful processing of the data or the breach of data security, as well as compensation for non-material damage in the case of an infringement of personality rights caused by the data controller or the data processor used by them. The data controller is exempt from liability for the damage caused and the obligation to pay non-material damages if they can prove that the damage or the infringement of the data subject’s personality rights was caused by an unforeseeable circumstance beyond the scope of data processing. Similarly, they do not compensate for damage if it results from the intentional or grossly negligent behavior of the injured party.
- The Service Provider does not delete the data of the Data Subjects after the termination of the relevant legal relationship, taking into account its statutory obligation to retain data (e.g., Accounting Act). However, after the termination of this obligation, the data is deleted. During the aforementioned periods, we do not use the data for any other purpose without consent.
6.5 Modification of Data
The data subject can request the modification of their data by emailing to the info@donaldbubble.hu email address.
6.6 Data Storage
The data is stored electronically by the Service Provider at data processing companies appointed by them, which ensure the protection of personal data with strong security systems. The Service Provider takes responsibility for this. The data processor cannot make substantive decisions regarding data processing, can only process personal data according to the instructions of the Data Controller, cannot carry out data processing for its own purposes, and is obliged to store and preserve personal data according to the instructions of the Data Controller.
The data is transmitted abroad to high-security data processors appointed by the Service Provider.
We transmit the data for hosting purposes to those servers:
Magyar hosting Kft
Budapest, Victor Hugo u. 18, 1132, for the purpose of providing IT background services, which may involve further data processors.
- The scope of processed personal data.
7.1 Contact details.
If you contact us by email or phone, we will not store your data, or we will store it until the possible contract is terminated.
7.2 We may collect non-personally identifiable data about our users’ behavior on our website, which we use for website development and improving the user experience. You can read more about this in our “Cookie Policy.”
- Use of Cookies and Similar Technologies
We use cookies and similar technologies to enhance your browsing experience, analyze website traffic, and customize content to your preferences. By continuing to use our website, you consent to the use of cookies in accordance with our Cookie Policy.
8.1 The types, purpose, and use of cookies.
On our website, we can use two types of cookies: temporary (session cookies) or permanent cookies. Temporary cookies remain on your device until you leave our website, while permanent cookies may remain on your device for a longer period, depending on your web browser settings, or until manually deleted.
8.2 Essential session (session-id) cookies
These are essential for navigating our website, using its key features, and accessing secure content. They store information needed to fill out data forms and do not collect information that could identify the user. These cookies are automatically deleted and the session is closed after closing the website.
If you do not accept these cookies, certain parts of the website may not display correctly or may not be accessible, making it impossible to use the website.
8.3. Analytical or performance monitoring cookies
These cookies allow us to distinguish and count visitors to our website and monitor how users interact with a particular website, such as which pages they visit most frequently and whether they receive error messages from websites. These cookies ensure the consistent appearance of the website and collect information related to its use. All of this contributes to improving the functionality of our website. These cookies do not collect personally identifiable information, store data anonymously, and are only used to enhance the operation of our website.
8.3.1. Google Analitycs
Through Google Analytics, we collect anonymous information about how visitors use the website to ensure that the site meets the needs of its users.
Google Analytics collects data on which pages visitors access, how long they stay there, how they got there, and what they click on. Since we do not collect or store names or addresses as part of this process, this data is not suitable for identification purposes. Furthermore, we do not allow Google to use this data for its own purposes or share it with anyone else.
8.4. Functional Cookies
These cookies detect, for the purpose of improving the user experience, how our website was accessed using what device, they remember previous user decisions so that we can offer better and more personalized features in this way.
However, these cookies do not track your activities on other websites, and we do not use them for the purpose of sending advertisements on other websites.
8.5. Targeted or Advertising Cookies
In order to provide our website visitors with marketing information that is most relevant to their interests, we also use personalized, targeted, or advertising cookies.
These cookies collect quite detailed information about their browsing habits on our websites (such as recording which products and services they clicked on). They also help recognize if they revisit any of our websites and/or websites belonging to advertising partners within our networks.
8.6 Cookie Settings
Browser Settings: You can configure your web browser to accept all cookies, reject all cookies, or notify you when a cookie is sent to your device. The settings are usually found in the browser’s “Options” or “Settings” menu. Each web browser is different, so please use your browser’s “Help” menu or the following links to modify cookie settings:
– cookie settings in Internet Explorer
– cookie settings in Firefox
– cookie settings in Chrome
Please note that this website is designed to operate using cookies, so disabling them partially or entirely may affect the usability of this website, prevent interactive communication, and limit your access to all of its services.
We would like to emphasize that we do not exchange cookies with third-party operated websites or external data providers.
For further information on this matter, please refer to the following links:
– Google Principles and Policies
More: https://donaldbubble.hu/en/cookie-policy/
8.7 Social Buttons
Our website also uses so-called ‘social buttons,’ which allow our visitors to share or bookmark a particular page. These links point to independent social media platforms that may collect data about your browsing activities on the Internet, including on this website. If you would like more information about how these websites use your information, or if you wish to disable or delete such data, please read the terms of use and privacy policies of the respective websites.
- The use of automated decision-making, including profiling
We do not use automated decision-making and profiling.
- Data Protection Officer:
Under GDPR Article 37, the data controller is not required to appoint a Data Protection Officer.
- Authority
The data subject may file a complaint regarding the Company’s data processing procedures with the NAIH:
National Authority for Data Protection and Freedom of Information
Address: 1055 Budapest, Falk Miksa utca 9-11.
Website: www.naih.hu
The data subject may also choose to enforce their claim through legal proceedings. The adjudication of the case falls under the jurisdiction of the court. The lawsuit can be initiated before the court according to the data subject’s choice of either their place of residence or habitual residence.