Privacy Policy

1. Data controller

Full name: Skyfilm Production Kft. (hereinafter “Data Controller”)

Representative: Dr. Gábor Tibor Herendi, Managing Director

Headquarters: 1026Budapest, Hűvösvölgyi út 35.

Company registration number: 01-09-202191

Tax ID: 25140608-2-41

E-mail: skyfilm@skyfilm.hu

Phone: +36-30-555-3888

Website: www.skyfilm.hu(hereafter “Website”)

‍

2. Legal background

The Data Controller processes personal data of its partners in accordance with the following acts:

• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (hereinafter referred to as “GDPR”);
• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information
• Act V of 2013 on the Civil Code;
• Act C of 2000 on Accounting;
• Act CL of 2017 on the Taxation System.

‍

3. Personal data processed about contractual partners

3.1. The scope of data subjects and the personal data processed.

a) Data subjects: natural persons in a contractual relationship with the Data Controller.

The scope of personal data processed, the purpose and legal basis of data processing, the security of data processing.

1. Personal data processed

• Full name
• Address / registered office / place of residence
• Telephone number, e-mail address
• Other personal data necessary for fulfilling the contract (e.g. social media contact details, clothing size)

Purpose of data processing

Fulfillment of a contract between the data controller and its contractual partner.

Legal basis

Necessity for the performance of a contract to which the data subject is a party
[Article 6(1)(b) GDPR]

2. Personal data processed

• Full name
• Billing address
• Tax ID
• Bank account

Purpose of data processing

Issuing an invoice related to the fulfilment of the contract and forwarding it to the authorities if required by law.

Legal basis

The processing is necessary for compliance with a legal obligation to which the Controller is subject
[Article 6(1)(c) GDPR]

b) Data subjects: contact persons of legal entities in a contractual relationship with the Data Controller.

The scope of personal data processed, the purpose and legal basis of data processing, the security of data processing

Personal data processed

• Full name
• Email address used during work of the contact person provided by the legal entity partner
• Work phone number
• Place of work
• Other personal data necessary for the performance of the contract (e.g. social media contact, clothing size)

Purpose of data processing

Contact with the legal entity's contractual partner.

Legal basis for data processing

The processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party
[Article 6(1)(f) GDPR]

The Data Controller has conducted a balancing test in relation to the processing of the data specified in point b). Based on the balancing test, it was determined that the processing of the data subject's data is necessary for the performance of the contract between the Data Controller and the legal entity partner. The balancing test is part of the Data Controller's records.

The Data Controller does not use or may use the personal data provided for purposes other than those specified in points a) and b). The disclosure of personal data to third parties or authorities other than the data processor is possible with the prior, express consent of the data subject, unless otherwise provided for by EU or Member State law.

The Data Controller stores the data in electronic form and/or on paper. The Data Controller stores the electronic files on a password-protected data medium in compliance with appropriate data security measures. The personal data are known within the Data Controller's organization by the executive and the employee involved in the fulfilment of the contract.

3.2. Time period of data processing: the Data Controller processes personal data from the time they are provided by the data subject

1. data processed in connection with the fulfillment of the contract until the contract is fulfilled,
2. data recorded during invoicing for 8 years from the relevant business year,
3. data provided for the purpose of contact until the end of the data processing related to the given contract or until the day after becoming aware of a change in the contact person.

If the legal basis for data processing no longer exists and the Data Controller is not entitled to process the data subject's personal data on another legal basis, it will delete them immediately.

3.3. Data processors

The Data Controller uses the following data processors to perform technical operations related to its data management:

BGN Next Adótanácsadó Kft.
1147 Budapest, Birtok u. 30. Hungary
Bookkeeping, accounting tasks, payroll

Hóbogár Bt.
1192 Budapest, Mészáros Lőrinc s. 41. Hungary
Providing technical support and performing system administration activities

Dare Studio Bt.
1063 Budapest, Szinyei Merse utca 10. as. 2. Hungary
Website development activities

Mediacenter Hungary Kft.
6000 Kecskemét, Erkel Ferenc street 5. Hungary
Hosting service, provision of a mailing system

Apple Distribution International Ltd.
Hollyhill Industrial Estate Hollyhill, Cork, Ireland
Providing hosting and cloud services

Apple Distribution International Limited's information documents regarding data processing are available at the following link: https://www.apple.com/legal/privacy/hu/.

4. Contact from Website visitors

4.1. The scope of data subjects and the personal data processed

Scope of data subjects: natural persons visiting the Data Controller's Website who contact us using the e-mail address, telephone number or postal address provided on the Website.

The scope of personal data processed, the purpose and legal basis of data processing, the security of data processing

Personal data processed

• Name
• Email address
• Any personal data provided by the data subject in their request (e.g. address, mailing address, clothing size, social media contact information)

Purpose of data processing

Responding to a request sent by the data subject via the Contact menu item on the Website.

Legal basis for data processing

The consent of the data subject
[Article 6(1)(a) GDPR]

Personal data processed

• Any personal data provided by the data subject in their request
  (e.g. telephone number, email address, home address, mailing address, clothing size, social media contact information)

Purpose of data processing

Responding to the data subject's request.

Legal basis for data processing

The consent of the data subject
[Article 6(1)(a) GDPR]

The Data Controller does not use or may use the personal data provided for purposes other than those specified in this information. The disclosure of personal data to third parties or authorities other than the data processor is possible with the prior, express consent of the data subject, unless otherwise provided for by EU or Member State law.

The Data Controller stores the data in electronic form and on paper, depending on the method of contact. The Data Controller stores the electronic files on its central server, in compliance with appropriate data security measures. The personal data is known within the Data Controller's organization by the executive and the employee performing administrative tasks.

4.3. Time period of data processing: The Data Controller stores personal data from the time the data subject provides it until the purpose of the contact is achieved. If, as a result of the contact, the Data Controller concludes a contract with the data subject, the personal data will be processed on the basis of the contract between them, as set out in point 3 of this notice.

If the legal basis for data processing no longer exists and the Controller is not entitled to process the data subject’s personal data on any other legal basis, the Controller shall delete such data without delay.

4.4 Data processors

The Data Controller uses the following data processors to perform technical operations related to its data management:

BGN Next Adótanácsadó Kft.
1147 Budapest, Birtok u. 30. Hungary
Bookkeeping, accounting tasks, payroll

Hóbogár Bt.
1192 Budapest, Mészáros Lőrinc s. 41. Hungary
Providing technical support and performing system administration activities

Dare Studio Bt.
1063 Budapest, Szinyei Merse utca 10. as. 2. Hungary
Website development activities

Mediacenter Hungary Kft.
6000 Kecskemét, Erkel Ferenc street 5. Hungary
Hosting service, provision of a mailing system

Apple Distribution International Ltd.
Hollyhill Industrial Estate Hollyhill, Cork, Ireland
Providing hosting and cloud services

Apple Distribution International Limited's information documents regarding data processing are available at the following link: https://www.apple.com/legal/privacy/hu/.

5. Data transfer:
   
   1. Data transfer in connection with a legal obligation to which the Data Controller is subject

In order to comply with its legal obligations, the Data Controller may transfer the personal data provided by the partners and the data subject during the contact to the recipients specified in the law. The legal basis for the data transfer is: compliance with a legal obligation applicable to the Data Controller [Article 6 (1) (c) of the GDPR].

2. Further data transfer: In the event of a dispute arising in connection with the contractual relationship or between the website visitor and the Data Controller, the Data Controller shall transfer the documents related to the dispute (in particular the relevant contract and its annexes, as well as other documents related to the subject of the dispute) to the legal representative (law firm) acting in connection with the dispute, and in the event of court or authority proceedings, forward them to the court or authority with jurisdiction and competence.

6. Rights of data subjects

The Data Controller will do everything in its power to ensure that the rights of the data subjects regarding the processing of their personal data, as detailed below, are enforced. 

The Data Controller provides the data subject with the opportunity to submit their request regarding the exercise of their data subject rights via the contact details specified in point 1 in any of the following ways:

• personally,
• through mail,
• through e-mail,
• over the phone. 

The Data Controller shall comply with the data subject's request without undue delay, but in any case within 1 month of receipt of the request, and shall inform the data subject thereof in a concise, transparent, understandable and easily accessible form. The Data Controller shall also decide on the refusal of the request within this deadline and shall inform the data subject of the fact, the reasons for this and the data subject's legal remedies in this regard.

The Data Controller shall, as a general rule, fulfil the data subject's request by e-mail, but if the data subject expressly requests this by providing his/her postal or telephone contact details, the Data Controller shall fulfil the request by post or telephone. Telephone information may only be provided at the data subject's request if the data subject has duly verified his/her identity.

The Data Controller shall provide a copy of the data subject's personal data free of charge upon the data subject's request for the first time. For subsequent requests with the same data content and for the release of the same personal data, a reasonable fee based on administrative costs may be charged.

1. Right of access:

The data subject has the right to request information from the Data Controller about the following, via the contact details indicated in point 1:

1. whether the processing of your personal data is ongoing at the Data Controller;
2. about the data processing, the names and contact details of the data processors referred to in points 3 and 4, and the personal data transmitted;
3. about the personal data processed by the Data Controller and the source from which they originate;
4. the purpose of processing the personal data of the data subject and the legal basis for data processing;
5. the duration of data processing;
6. the recipients or categories of recipients to whom you have disclosed or will disclose the personal data, including in particular recipients in third countries or international organisations;
7. To whom, when, and on the basis of what legal basis, does the Data Controller provide access to which personal data of the data subject;
8. whether the Data Controller uses automated decision-making, if so, the data subject can learn about its logic and profiling;
9. the circumstances and effects of a possible data protection incident and the measures taken to prevent it.

Even in the absence of a request from the data subject, the data controller will provide the data subject with information – via e-mail – about any significant changes in data processing compared to those contained in this information, about the circumstances and effects of the data protection incident that occurred, and about the measures taken to prevent it.

2. Right to rectification

The Data Controller shall, at the request of the data subject, rectify inaccurate personal data concerning the data subject.

The Data Controller shall inform all recipients to whom the personal data have been disclosed of the rectification, unless this proves impossible or involves a disproportionate effort. The Data Controller shall inform the data subject, at his request, of these recipients.

3. Right to erasure:

At the request of the data subject, the Data Controller will delete the personal data concerning the data subject if one of the following reasons exists:

1. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed and the Data Controller is not under any legal obligation to further process the data;
2. the personal data was processed unlawfully by the Data Controller;
3. the personal data must be deleted to comply with a legal obligation under EU or Hungarian law applicable to the Data Controller.

The Data Controller shall inform all recipients to whom the personal data have been disclosed of the deletion, unless this proves impossible or involves a disproportionate effort. Upon request by the data subject, the Data Controller shall inform the data subject of these recipients.

4. Right to restrict (block) data processing:

At the request of the data subject, the Data Controller will restrict data processing if one of the following applies:

1. the data subject disputes the accuracy of the personal data – in this case, the restriction applies to the period that allows the Data Controller to verify the accuracy of the personal data;
2. the processing is unlawful, but the data subject opposes the erasure of the data and instead requests the restriction of their use;
3. the Data Controller no longer needs the personal data for the purposes of data processing, but the data subject requires them for the establishment, exercise or defense of legal claims;

The Data Controller shall inform all recipients to whom the personal data have been disclosed of the restriction, unless this proves impossible or involves a disproportionate effort. Upon request by the data subject, the Data Controller shall inform the data subject of these recipients.

5. Right to data portability:

The Data Controller shall, at the request of the data subject, make available to the data subject the personal data provided by the data subject. The Data Controller acknowledges that the data subject may transmit these personal data to another data controller without the Data Controller preventing this.

6. Right to object:

The data subject does not have the right to object to personal data processed pursuant to points (a), (b) and (c) of Article 6(1) of the GDPR.

The person designated as the contact person of the data subject shall have the right to object to the processing of his or her personal data pursuant to Article 6(1)(f) of the GDPR, if, in his or her opinion, the Controller is not processing his or her personal data for the purposes set out in this notice. The data subject may exercise this right through one of the contact details set out in point 1. In such a case, the Controller shall demonstrate that the processing of the personal data is justified by compelling legitimate interests which override the interests, rights and freedoms of the data subject or which are related to the establishment, exercise or defence of legal claims.

7. Right to legal remedy:

If the data subject believes that the Data Controller has violated his/her right to the protection of personal data during the processing of his/her data, he/she may seek legal redress with the competent bodies in accordance with the applicable laws, i.e. he/she may file a complaint with the National Data Protection and Freedom of Information Authority (address: 1055 Budapest, Falk Miksa utca 9-11., postal address: 1363 Budapest, Pf.9.; telephone: +36 (1) 391-1400; fax: +36 (1) 391-1410; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu; hereinafter referred to as “NAIH”), or he/she may contact the competent court. The Data Controller undertakes to cooperate with the relevant court or NAIH in all respects during these procedures and to disclose the data related to data processing to the relevant court or NAIH.

The data controller also undertakes to compensate for any damage caused by the unlawful processing of the data subject's personal data or by a breach of data security requirements. In the event of a violation of the data subject's personal rights, the data subject may claim damages. The data controller is exempt from liability if the damage was caused by an unavoidable cause outside the scope of data processing, and if the damage or the infringement of the rights caused by the violation of the data subject's personal rights results from the intentional or grossly negligent conduct of the data subject.

8. Miscellaneous provisions

The Data Controller undertakes to ensure that all data processing related to its activities complies with the requirements set out in this information, the Data Controller's internal regulations - which impose the same requirements as this information - and the applicable laws.

The Data Controller shall provide this information to the data subjects specified in point 3.1. a) upon conclusion of the contract. The Data Controller shall provide this information to the data subjects specified in point 3.1. b) upon conclusion of the contract with the contractual partner of the legal entity, with the assistance of the contractual partner. In addition, the Data Controller shall also display this information on the Website.

The Data Controller reserves the right to change this information at any time, providing that it informs the data subjects of any changes in a verifiable manner after the changes have been implemented.

The Data Controller draws attention to the fact that it prepares a separate data management information for visitors to any additional websites it may operate, which is always available on the given website. In the event of any discrepancies with this information, the information on the given website shall always be considered as authoritative.

‍

Closed: [*] November 2021.