PREPUTE

1. GENERAL INFORMATION

Data Controller: Person Magyarország Kft. (registered office: H-7400 Hungary, Kaposvár, Petőfi tér 1.; registration number: 14-09-307702).

Data Subject: shall mean all the natural persons whose Personal Data the Data Controller processes to provide the PRepute services (media connections, journalists, social influencers, the employees and agents of the clients and the Subscribers).

Subscriber: shall mean the Data Subject who is an employee or agent of  the subscriber of Data Controller’s online PR service (PRepute).

Personal Data: means any information relating to the Data Subject.

  1. The purpose of this Privacy Policy is to supply essential information to the Data Subject about the data processing the Data Controller performs with respect to all the relevant data protection regulation. 
  2. The Data Controller is committed to the protection of the Data Subject’s personal data and particularly wishes to observe the Data Subject’s fundamental right to informational self-determination. 
  3. The Data Controller reserves the right to alter this Privacy Policy and commits to supply information about any such alteration in accordance with the relevant legal regulations as effective.
  4. Data Controller:
    1. processes the personal data lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
    2. collects personal data for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
    3. processes data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
    4. processes accurate and up to date data (’accuracy’);
    5. keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
    6. processes the personal data in a manner that ensures appropriate security of the personal data (‘integrity and confidentiality’).
  5. Data Controller’s data processing principles are in harmony with the relevant data protection regulations as effective, including but not limited to the following:
    1. The Constitution of Hungary (Freedom and Responsibility, Article VI);
    2. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – “GDPR”)
    3. Act No. CXII of 2011 on the right to informational self-determination and on informational freedom (“Info Act”); 
    4. Act No. V of 2013 on the Civil Code.
  6. This Privacy Policy and information related to the Data Controller’s data processing are always available at prepute.com/privacy-policy.
  7. Should you have any question regarding the Privacy Policy or the Data Controller’s data processing, please contact Richard Hampuk (privacy@prepute.com).

2. DATA PROCESSING

  1. The Data Controller strives to limit its personal data processing activity to what is absolutely necessary. Nonetheless, the processing of some personal data is inevitable. The Data Controller processes the personal data that the Data Subject provides, as well as all the personal data related to the Data Subject and generated during the mutual business relationship with the Data Controller. Data Controller processes the following personal data for the purposes and on the legal basis detailed below:
    1. Contact details of the Data Subjects
      1. Purpose of the data processing: To maintain a business relationship with the Data Subjects and to share information regarding press releases, events, stories that may interest them.
      2. List of processed personal data: first name, last name, nickname, email, address, phone number, social network availabilities.
      3. Legal basis for the data processing: Data Controller’s legitimate interest. If the Personal Data has been uploaded via an electronic form filled by the Data Subject, then the legal basis is the consent of the Data Subject.
      4. Duration of data processing: The end of the business relationship between the Data Subjects and the Data Controller, but not later than 3 years after the last communication between them.
    2. Personal Data of the Subscribers’ employees and agents
      1. Purpose of the data processing: Processing is necessary for the performance of a contract to which Subscriber is a party (in case of Subscribers), or in order to take steps at the request of the potential Subscriber prior to entering into a contract (in case of potential Subscribers).
      2. List of processed personal data: Subscriber’s employee’s name, email address, phone number and role, other personal data that the parties share with each other during the communication.
      3. Legal basis for the data processing: Data Controller’s legitimate interest.
      4. Duration of data processing: 5 years after the end of the contractual relationship or business discussions (general limitation period).
    3. Additional PR data generated by PRepute
      1. Purpose of the data processing: Data Controller employees and the PRepute system record further data to manage and follow-up Data Controller’s PR activity. 
      2. List of processed personal data: information regarding the communication between Data Controller and Data Subject (details of the messages, availability), information on the exact time of message opening and clicking, registrations, tags regarding the interest of the Data Subject, other notes added by the Data Controller’s employees.
      3. Legal basis for the data processing: Data Controller’s legitimate interest.
      4. Duration of data processing: The end of the business relationship between the Data Subjects and the Data Controller, but not later than 3 years after the last communication between them.
  2. The Data Controller does not use automated decision-making software or mechanics.

3. OTHER DATA PROCESSING

  1. The Data Controller may occasionally perform other personal data processing. Information about any data processing not mentioned in this Privacy Policy will be supplied on the data collection.
  2. The Data Subject is informed that the court, the public prosecutor, the criminal investigation authority, the infringements authority, the public administration authority, the National Data Protection and Informational Freedom Authority (“NAIH”), as well as other authorities authorized by legal regulation may request information, data and documents from the Data Controller, who will grant such requests to the extent it is required by the relevant legal regulations. The Data Controller will disclose personal data to the authorities only to the extent it is indispensable for the fulfilment of the authorities’ meticulously detailed request for information as regards the scope and purpose of information.

4. DATA PROCESSORS

  1. The Data Controller as data controller assigns the following data processors during its data processing activity:
    1. Rackforest Kft. (seat: 1132 Budapest, Victor Hugo utca 18-22. 3. em. 3008.; registration number: 01-09-914549; email: nabil.atiyeh@rackforest.com): Providing server services.
    2. Webonic Kft. (seat: 8000 Székesfehérvár, Budai út 9-11.; registration number: 07-09-025725; email: ugyfelszolgalat@gyumolcstarhely.hu): Providing server services.
    3. Twilio UK Limited (seat: 7 Soho Square, 5th Floor, London, W1D 3QB, UK): Providing newsletter services.
    4. SendGrid Inc. (seat: 1801 California Street, Suite 500, Denver, Colorado 80202): Providing newsletter services.
    5. Developio Informatikai Kft. (seat: 1142 Budapest, Szőnyi út 21/A; email: hello@developio.me): Providing IT services.

5. PROCESSING OF THIRD PARTIES’ DATA

  1. If the Data Subject provides data from third parties, Data Subject must have the required consent or other legal basis to share the personal data with the Data Controller and informs Data Controller of any change or update relating to them. All Data Subjects should refrain from providing third parties’ data, unless it is necessary to comply with the contract with the Data Controller.

6. DATA SECURITY

  1. The Data Controller treats the Data Subject’s personal data confidentially, therefore Data Controller has adopted the technical and organizational measures necessary to ensure the security of personal data and avoid their accidental or unlawful destruction, loss, alteration, processing or unauthorized access, given the state of the technology, the nature of the stored data and the risks to which they are exposed, whether they come from human action or from the physical or natural environment. The Data Controller selects and operates the IT equipment used to process personal data with respect to the contractual relationship in such a way that the processed data:
    1. is available to authorized persons (availability);
    2. authenticity and authentication are ensured (authenticity of data processing);
    3. integrity can be proven (integrity of data); and
    4. is protected against unauthorized access (confidentiality of data).

7. COOKIES

  1. Data Subject agrees that the use of the www.prepute.com website (“Site”) constitutes Data Subject’s acceptance to the use of cookies. If your web browser enables this function, our Site may automatically save information about your computer or other devices used for internet browsing and may also place so-called cookies on your device. This section explains what these cookies are and how we use them.
  2. A cookie is a file that can be placed on your computer or on other devices used for browsing, when a user visits a website. Cookies have multiple functions and can be used for various purposes, such as:
    1. necessary cookies: their use is essential for navigating the website and for the functionality of the website. Without these, the website, or parts of it, may not appear or may appear incorrectly. Website owner store necessary cookies based on Directive 2002/58/EC;
    2. functional cookies: the purpose of these cookies is to improve the user experience e.g. by remembering the device the user used for browsing, the language settings, the custom settings;
    3. statistics cookies: statistic cookies are collected anonymously; they help to understand how visitors interact with the Site;
    4. marketing cookies: these cookies collect detailed information about the user’s browsing habits and are used to deliver advertised content to the user. These cookies are placed on the Site by third party service providers.
  3. Our Site uses Google Analytics cookies. These cookies are set by external services and:
    1. are under the control of the third-party service, not the website operator;
    2. can be accessed on any website that makes use of the service;
    3. can be used to track a user from one site to another;
    4. enable us to deliver more relevant advertising to users.
  4. You may find more information on Google Analytics cookies at the following webpages:
    1. Google’s Privacy Policy – https://www.google.com/intl/hu/policies/privacy/
    2. Google Analytics Cookie Usage on Website – https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
  5. Cookies used on our website:
    1. Necessary cookies:
      1. XSRF-TOKEN: This cookie is written to help with site security in preventing Cross-Site Request Forgery attacks. (Expire: End of session)
      2. prepute_session: This is used to hold information about your current visit with us. This cookie is essential to the functionality of the site. (Expire: End of session)
      3. cookieconsent_status: This cookie enables user to accept the pop-up cookie statement once every year. (Expire: 1 year)
      4. moove_gdpr_popup: This cookie enables us to save your cookie preferences. (Expire: 1 year)
    2. Functional (optional)
      1. remember_admin_{hash}: This is used to store and remember admin login. (Expire: Upon user’s logout)
    3. Google Analytics (optional)
      1. _gta: Used to distinguish users. (Expire: 2 years)
      2. _gid: Used to distinguish users. (Expire: 24 hours)
      3. _gat_gtag_UA_134740892_1: Used to throttle request rate. (Expire: 1 minute)
  6. You may also reject cookies on your computer, on other devices used for browsing, or in the settings of the web browser (typically in Tool / Settings / Privacy / Cookies) you are using to access our Site. Should cookies be rejected, you will not be able to fully utilise the functionality and services of our Site, and – as a consequence – we cannot guarantee you full, smooth and uninterrupted use of the website. You may find more information on cookies at the European Interactive Advertising Alliance’s webpage (http://www.youronlinechoices.com/).

8. RIGHTS AND REMEDIES

  1. The Data Subject has a right to:
    1. access the personal data: Upon the Data Subject’s request, the Data Controller supplies information about the Data Subject’s data processed by the Data Controller as data controller and/or processed by a data processor on the Data Controller’s behalf if any of the conditions stipulated in Article 15 of GDPR is fulfilled.
    2. request the rectification of the personal data: The Data Controller rectifies the Data Subject’s personal data if such data is inaccurate or incomplete while the correct personal data is available to the Data Controller.
    3. request the erasure of the personal data (right to be forgotten): The Data Controller erases any and all personal data if any of the conditions stipulated in Article 17 of GDPR is fulfilled.
    4. restriction of processing: The Data Subject obtains from the Data Controller the limitation of the data processing if any of the conditions stipulated in Article 18 of GDPR is fulfilled.
    5. data portability: The Data Subject receives the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format, if the processing is based on a consent or contract and it is carried out by automated means.
  2. Data Controller sends out media audit messages at least every 6 months informing the Data Subjects about their personal data that are being processed by the Data Controller. The media audit is an extra step from Data Controller to inform and remind Data Subject that he/she have full control over his/her personal data and can modify or delete any of the data.
  3. The Data Controller provides information on action taken on the Data Subject’s request sent to the contract person specified in Section 1.7. without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, considering the complexity and number of the requests. The Data Controller informs the Data Subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the Data Subject makes the request by electronic means, the information will be provided by electronic means where possible, unless otherwise requested by the Data Subject. If the Data Controller does not act on the Data Subject’s request, the Data Controller will inform the Data Subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
  4. Data Subject’s right to remedy:
    1. filing a complaint with the authority:Without prejudice to any other administrative or judicial remedy, Data Subject may, in the event of an infringement of his or her rights, file a complaint  with the data protection authority (Nemzeti Adatvédelmi és Információszabadság Hatóság: address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.; Tel.: +36 1 391 1400, Fax: +36 1 391 1410, email: ugyfelszolgalat@naih.hu; website: https://naih.hu/index.html)
    2. filing a complaint with the court:Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, Data Subjects have the right to an effective judicial remedy where he or she considers that his or her rights have been infringed as a result of the processing of his or her personal data in non-compliance with the data protection regulations. The Data Controller is liable for any loss or damage caused by the unlawful processing of the Data Subject’s data or by any violation of applicable data-security requirements. The Data Controller will be exempted from such liability if the loss or damage was caused by circumstances beyond its control and outside the scope of data processing. No compensation shall be paid to the extent that the loss or damage was caused by the Data Subject’s willful or grossly negligent conduct.