Content:
In this Privacy Policy, you may find information regarding the processing of your personal data on the website at www.lazyfelix.com (hereinafter the “Website”) and related to the “Lazy Felix” extension (hereinafter the “Extension”) and for the services provided by Lazy Felix Kft. in the following chapters:
I. General. Besides other general information, this chapter contains the data of the Controller and some processors.
II. Ways of processing. In this chapter you may find specific information (the purpose, grounds and period of processing, the scope of data subjects and the data processed) per each purpose of the processing:
III. The rights of data subjects. Here you may find a detailed description of your rights regarding the processing and the related procedure.
IV. Remedies. In this chapter you may find the detailed description of the remedies you can have if our rights related to your personal data are violated.
I. General
1 In relation to this Privacy Policy, the users of the Extension or the visitors of the Website and any person whose personal data is processed shall be considered and hereinafter referred to as data subjects. The precise scopes of data subjects are specified at each way of processing.
2 The Controller (hereinafter also as: “we”):
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
3 It is the Controller’s intention to ensure the protection of personal data of persons providing them to the Controller to the extent possible. This Privacy Policy shall be applicable in respect of the services of the Controller only.
4 The Controller shall have the right to unilaterally modify this Privacy Policy anytime on which the Controller shall inform the data subjects by email.
5 The Controller provides its services by protecting the personality rights of the data subjects, in accordance with the law, especially REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”). For residents of California, the California Consumer Privacy Act (the “CCPA”) shall also be applicable.
6 Please note that it is voluntary to provide your personal data and upon the acceptance of this Privacy Policy, the data subject gives his or her consent to the processing of the personal data if the processing is based on a voluntary consent. The processing of the personal data of a child shall be lawful on the grounds of the consent of the data subject where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
7 The Controller may forward personal data to pursue its activities, to the extent required thereto, to data processors as recipients. “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
8 The personal data processed by us on the Website are stored at our storage provider as a data processor: DigitalOcean, 101 6th Ave New York, NY 10013.
9 We use a service provider for our payment systems:
You may find the respective cookie policy and privacy policy on the website above.
10 Should any court, prosecutor, investigative body, such as the authority investigating the processing of personal data, or any other bodies entitled upon law contact the Controller to provide or hand over information or data, the Controller shall provide the personal data necessary for the purpose of the request if the requesting person specifies the exact purpose and grounds for the request and scope the of personal data.
11 Data security: We have in place physical, electronic and managerial procedures to protect personal information in our custody and control against loss, theft and unauthorized access, use, modification and disclosure. However, as effective as these measures are, no security system is impenetrable. We cannot guarantee the 100% security of our Services, nor can we guarantee that the information you provide will not be intercepted while being transmitted to us over the Internet.
II. Ways of processing:
II/1. Use of the Extension
1.1 Please note that our servers store access routes to the files that you use the Extension on. All your files and included data are only stored in your local storage, we do not copy or store them.
1.2. For premium services we request you to provide us your name and e-mail address.
1.3 The ground for processing in case of natural person Users is the performance of the contract or it is required in order to take steps at the request of the data subject prior to entering into a contract. [point (a) of subparagraph 1 of Article 6 of the GDPR].
1.4 The purpose of processing is allowing the Controller to provide its services.
1.5 Period of processing: until the deletion of the account, unless we have any grounds for further processing as specified below.
1.6 We will use the contact data provided by you (the e-mail address) to keep contact with you for the performance of the contract and to send you information and messages.
1.7. The Extension may be downloaded from the Google Chrome Store. If you provide your personal to Google in the Store, they will be processed by Google in accordance with its privacy policy: https://policies.google.com/privacy If no data is provided, we cannot provide you our services.
II/2 Invoices
2.1 The Controller stores, i.e. processes the personal data on the invoices.
2.2 The purpose of processing is issuing invoices, compliance with the laws for accounting.
2.3 The ground for processing is compliance with a legal obligation, in accordance with paragraph (1) of Article 159 of Act CXXVII of 2007, and paragraph (2) of Article 169 of Act C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR]
2.4. Processed personal data: name, address.
2.5 The data subjects are the natural persons on the invoices.
2.6 Period of processing: the legal minimum period to keep records, 8 years.
2.7 The data in the invoices will be forwarded to the accountant of the Controller: MEYER & LEVINSON Kft.; 1052 Budapest, Deák Ferenc tér 3. II. emelet
2.8. The data in the invoices will be forwarded to the company providing the invoice software to the Controller as processor (www.szamlazz.hu KBOSS.hu Kft.; tax No: 13421739-2-41; registration No: 01-09-303201; info@szamlazz.hu; +3630 35 44 789)
II/3. Cookies
3.1 In order to monitor the Website, the Controller uses an analytical tool (cookie) which prepares a data string and tracks how the visitors use the internet pages. When a page is viewed, the system generates a cookie in order to record the information related to the visit (pages visited, time spent on the Controller’s pages, browsing data, exits, etc) and installs it on the computer of the visitor but these data cannot be linked to the visitor’s person. This tool is instrumental in improving the ergonomic design of the website, creating and improving a user-friendly website, enhancing the online experience for visitors and preventing data loss. Cookies recognize the computer of the visitor and manage its IP address.
3.2 Most internet browsers accept cookies, but visitors have the option of deleting or automatically rejecting or allowing them. The visitor has the option to decline the installation of cookies. Since all browsers are different, visitors can set their cookie preferences individually with the help of the browser toolbar. Users might not be able to use certain features on the Website if they decide not to accept cookies.
3.3 Using cookies, the websites seen by the visitor and the internet use customs of the visitor may be monitored. Only upon revisiting the Website and exclusively the respective service provider can link such data to the person of the visitor. The duration of the storing of such data depends on the type of the cookies. Session cookies erase the data upon closing the Website, Flash-cookies, however may store the data up to one year of inactivity.
3.4 For the use of functional cookies required to provide our services, the ground for processing is our legal interest to provide the services. For other cookies, the ground for processing is the voluntary consent of the data subject (the visitor) in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR.
3.5 Processed data: browser history, identification No, date, time of visit.
3.6 The purpose of processing: improvement of the user experience, storing of the data of the respective session, prevention of data loss, identification and tracking of the data subjects, web analytics .
3.7 In the Menu of most browsers, there is a “Help” function providing information for the data subject, where to disable cookies in his or her browser; how to accept new cookies; how to instruct the browser to set new cookies; or turn off other cookies.
3.8 The Controller uses the following cookies:
| Cookie name | Source | Type | purpose | Lapse |
|---|---|---|---|---|
| SESSIONID | Own | Functional | Identifies users’ sessions. | until the end of the session |
| USER_ID | Own | Functional | Identifies users’ sessions. | until the end of the session |
II/5. Contact
5.1. When somebody contacts the Controller e.g. via e-mail or phone for the first time without any further processing, the Controller processes personal data.
5.2. The purpose of processing is keeping contact between the data subjects and the Controller.
5.3. The ground for processing is the voluntary consent of the data subject in accordance with point (a) of subparagraph 1 of Article 6 of the GDPR.
5.4. Period of processing: 5 years after the closing of the communication or until the data are processed on new grounds (e.g. entering into a contract).
5.5. The provision of the data is not necessary to enter into the contract, the consequence of failure to provide such data is that contact cannot be kept.
5.6. The scope of the processed personal data: any personal data voluntarily provided by the data subject upon making a contact, especially name, e-mail address, phone number, title, position.
5.7. The recipient of the processing is our colleague dealing with customer relationships, or the addressee of the message sent by the data subject or our colleague handling the matter.
II/7. Complaint-handling
7.1. Processing shall be made for the purpose of complaint-handling, the Contractor is obligated to keep the complaint.
7.2. The data subject is the person making a complaint.
7.3. The ground for processing is compliance with a legal obligation, in accordance with paragraph (7) of Article 17/A of Act CLV of 1997, and paragraph (2) of Article 169 of Act C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR].
7.4. Processed personal data: name, address, e-mail address, phone number.
7.5. Period of processing: 3 years, as provided for by law.
III. The rights of the data subjects
The data subject may exercise his or her rights via the contacts of the Controller listed above.
III/1. Right for information and access:
1.1. Processing shall be made for the purpose of complaint-handling, the Contractor is obligated to keep the complaint.
1.2. The data subject is the person making a complaint.
1.3. The ground for processing is compliance with a legal obligation, in accordance with paragraph (7) of Article 17/A of Act CLV of 1997, and paragraph (2) of Article 169 of Act C of 2000 [point (c) of subparagraph 1 of Article 6 of the GDPR].
1.4. Processed personal data: name, address, e-mail address, phone number.
1.5. Period of processing: 3 years, as provided for by law.
III/2. Right to rectification:
2.1. The data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data and the completion of incomplete personal data concerning him or her.
III/3. Right to erasure (‘right to be forgotten’):
3.1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
3.2. Erasure may not be requested to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims.
III/4. Right to restriction of processing:
4.1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
4.2. Erasure may not be requested to the extent that processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for reasons of public interest in the area of public health; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or for the establishment, exercise or defence of legal claims.
III/5. Right to data portability:
5.1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
III/6. Right to object:
6.1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. The Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
6.2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
III/7. Right to object against automated individual decision-making:
7.1. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. This right may not be exercised if the processing is necessary for entering into, or performance of, a contract between the data subject and a data controller; is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or is based on the data subject’s explicit consent.
III/8. Right of withdrawal:
8.1. The data subject shall have the right to withdraw his or her consent anytime. The withdraw of the consent shall not affect affecting the lawfulness of processing based on consent before its withdrawal.
III/9. Rules on the procedure of the enforcement of rights:
9.1. Deadline: The Controller shall provide information on actions taken on a request under Chapter III hereof to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
9.2. If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
