Privacy Policy

Budapest, 20.05.2018.

Name of the Data Controller, contacts:
• Name of the Data Controller: Family Tree Ltd.
• Registered office of the Data Controller: 1036 Budapest, Bécsi út 83.
• Mailing address of the Data Controller: 1301 Budapest P.O. Box 72
• E-mail address of the Data Controller: familytree-gdpr@familytree.hu
• Phone number of the Data Controller: +36-1-453-7020
• Website of the Data Controller: www.familytree.hu

Legal background, legal basis, categories of data subjects and duration of data processing

1. Information on use of cookies
• What is a cookie?
The Data Controller uses what are known as cookies during your visit to the website. Cookies are sets of information consisting of letters and digits that our website sends to your browser in order to save certain settings, facilitate the use of the website and help us collect some relevant statistical information about visitors. Cookies do not contain private information and cannot identify individual visitors. Cookies often comprise a specific identification – a secret, randomly generated sequence of numbers – that is stored on your device. Some cookies disappear after the website is closed, some are stored on your computer for a longer period of time.
• Legislative background and legal basis regarding cookies:
Data processing is based on the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and on the Freedom of Information (Data Protection Act) and Act CVIII of 2001 on Certain Aspects of Electronic Commerce Services and Information Society Services. The legal basis for data processing is your consent in accordance with Section 5(1)(a) of the Data Protection Act.
• Main features of the cookies used by our website:
Strictly necessary cookies: these cookies are essential for the use of the website and allow you to use its core functions. Without them, many of the site’s features will not be available to you. The lifetime of these types of cookies is limited to the duration of the visit.
Cookies to improve the user experience: these cookies collect information about the user’s website, such as which pages they visit most often or what error messages they receive from the website. These cookies do not collect any identifying information from the visitor, therefore they use completely generic, anonymous information. We utilize the information they provide to improve the performance of the website. The lifetime of these types of cookies is limited to the duration of the session only.

If you do not accept the use of cookies, certain features will not be available to you. For more information on how to delete cookies, please click on the links below:

◦ Internet Explorer: https://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies
◦ Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websides-store-on-your-computer
◦ Chrome: https://support.google.com/chrome/answer/95647?hl=en

2. Contact us on the website
The form on the website will help you to contact the Data Controller. This prior contact is not obligatory, but a convenience feature.
Data processed:
• Name
•Address
•Telephone number
Duration of processing: data will be processed until the contact is completed.
Legal basis for processing: your voluntary consent, which you provide to the Controller by contacting the Controller [processing pursuant to Article 6(1)(a) of the Regulation].

3. Data processing in relation to invoicing and contracting
Data processed:
• Name
• Address
• Place and date of birth
• Mother’s name
Duration of processing: 8 years from the date of invoice as well as from the expiration of the contract. Pursuant to Article 169(2) of the Act of 2000 on Accounting, all accounting documents, including invoices and contracts, which directly and indirectly support the accounting records must be kept for at least 8 years. The processing is based on legal obligation, Article 6(1)(c) of the Data Protection Regulation states that processing is lawful where it is necessary for compliance with a legal obligation to which the Data Controller is subject.

Data security measures
The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and inaccessibility due to changes in the technology used.
Your rights during data management:
Within the period of data processing you are entitled to:
• The right to information,
• The right to rectify the data,
• The right to delete the data,
• The right to block the data,
• The right to object.
You may request information from the Data Controller about the processing of your personal data within the period of processing. The Data Controller shall inform you in writing, in an intelligible form, of the data processed, the purposes, legal basis and duration of the processing, as well as where the data have been further processed, the persons to whom and for what purposes the data are or have been disclosed, as soon as possible after the request, but not later than 25 days.
You may request the Controller to correct your personal data within the period of processing. The Controller shall comply with your request within 15 days at the latest.
You have the possibility to request the deletion of your personal data, which the Data Controller shall comply with within 15 days. The right to erasure does not apply if the Controller is obliged by law to store the data further, nor in cases where the Controller is entitled to further process the personal data in accordance with Article 6(5) of the Data Protection Act (for example in connection with invoicing or contracts).
You may request the Controller to block personal data if the final deletion of the data would harm the legitimate interests of the data subject. Personal data blocked in this way may be processed only for as long as the purpose which precluded the deletion of the personal data continues to exist.

You may object to the processing of your personal data:
• If the processing or transfer of the personal data is necessary solely for compliance with a legal obligation to which the Controller is subject or for the purposes of the legitimate interests pursued by the Controller, the recipient or a third party, except in the case of mandatory processing and in the case provided for in Article 6(5) of the Data Protection Act;
• If the personal data is used or disclosed without your consent for direct marketing, public opinion polling or scientific research.
The Data Controller shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide whether the objection is justified and inform you in writing of its decision.
If the Data Controller does not comply with the data subject’s request for rectification, blocking or erasure, it shall, within 25 days of receipt of the request, communicate in writing or, with the data subject’s consent, by electronic means, the factual and legal grounds for refusing the request for rectification, blocking or erasure.

Legal remedies:
If you believe that the Data Controller has violated a legal provision on data processing or has failed to comply with a request, you may initiate an investigation procedure with the Hungarian National Authority for Data Protection and Freedom of Information (postal address: 1530 Budapest, PO Box 5, email: ugyfelszolgalat@naih.hu).
You are also informed that you may take legal action against the Data Controller in the event of a breach of the legal provisions on data processing or if the Data Controller has not complied with a request.
Registration in the data protection register:
Under the provisions of the Data Protection Act, the Data Controller must register certain of its data processing operations in the data protection register.
Amendments to the Privacy Policy:
The Data Controller reserves the right to amend this Privacy Policy. By using the website after the amendment comes into force, you accept the amended Privacy Policy.