PRIVACY NOTICE

FOR REQUESTING AN OFFER ON THE WEBSITE

 

This Privacy Policy describes the data processing activities carried out on the website https://helloparks.com/ operated by HelloParks Partnership C.V. Magyarországi Fióktelepe.

 

The Data Controller reserves the right to unilaterally amend this Privacy Policy with effect from the date of modification, subject to applicable legal restrictions and, where necessary, by promptly providing prior notice to affected individuals. Amendments to this Policy may be required due to changes in legislation, data protection authority practices, business or employee needs, new data processing purposes, newly identified security risks, or feedback from affected individuals.

 

For any enquiries related to this Policy or data protection matters, the Data Controller may use the contact details of affected individuals in its possession for communication and correspondence purposes. Upon request, the Data Controller may, for instance, provide a copy of the latest version of the Privacy Policy or confirm that the affected individual has reviewed the Policy.

 

1. The Data Controller and Its Contact Details

 

Name of Data Controller: HelloParks Partnership C.V. Magyarországi Fióktelepe (hereinafter referred to as the “Data Controller”)

Registered Office and Postal Address: Hungary, 1082 Budapest, Futó utca 47-53. VII. floor

Email Address: info@helloparks.com

Telephone Number: +36 70 654 4444

Website: https://helloparks.com/

 

2. Scope of Processed Data, Purposes of Data Processing, and Legal Basis

 

During the operation of the Website, the Data Controller processes the following data for the purposes and on the legal bases specified below:

 

2.1.      Data Processing for the Purpose of Contact and Communication

 

Personal Data Purpose of Data Processing   Legal Basis
Family Name and Given Name*  

 

Required for communication between the Data Controller and you or your company, for sending offers, and for scheduling appointments.

If you are acting on behalf of a company or other organisation: Pursuant to Article 6(1)(f) of the GDPR, data processing is necessary for the purposes of the legitimate interests of the Data Controller and your organisation/company. The legitimate interest is to ensure communication, present the Data Controller’s services, and maintain and develop business relationships.

 

If you are acting as a private individual: Pursuant to Article 6(1)(b) of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR), data processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract.

Email Address* (either an email address or a telephone number must be provided)
Telephone Number* (either a telephone number or an email address must be provided)
Company Name
Any Other Data Provided During Contact (e.g. data submitted via the Website)

 

 

The relevant data will be deleted by the Data Controller five years after the termination of the contract or, in the event that the contract is not concluded, five years after the failure of the contracting process, in accordance with Section 6:22 of Act V of 2013 on the Civil Code.

 

If the Data Controller is required to retain the data for the purpose of fulfilling tax obligations related to the contract, the data retention period is five years from the last day of the calendar year in which the tax declaration or report should have been submitted, or in the absence of such declaration or report, from the year in which the tax should have been paid (pursuant to Sections 78(3) and 202(1) of Act CL of 2017 on the Rules of Taxation).

 

If the Data Controller is required to retain the data under Section 169 of Act C of 2000 on Accounting, the data will be deleted after eight years. In practice, this applies when the data forms part of accounting records related to the contract, such as documents supporting bookkeeping, including contractual documents (if applicable, the contract itself) or issued invoices.

 

2.2.      Data Processing for the Purpose of Sending Newsletters

 

Personal Data Purpose of Data Processing   Legal Basis
Family Name, Given Name, Email Address, Company/Organisation Name The email address is required for business-related marketing through newsletter distribution. Pursuant to Article 6(1)(a) of the GDPR and Section 6(1) of Act XLVIII of 2008 on the Fundamental Requirements and Certain Restrictions of Commercial Advertising Activities, data processing is based on the consent of the data subject (i.e., your consent). Consent is voluntary, and you may unsubscribe from the newsletter at any time. Unsubscribing does not affect the lawfulness of data processing related to messages sent prior to the withdrawal of consent.

 

The Data Controller will process and store personal data used for direct marketing purposes until the data subject withdraws their consent (i.e., unsubscribes from the newsletters) or requests the deletion of their data.

 

3. Data Processors

 

The Data Controller engages the following contractual partners to perform tasks related to data processing operations. These contractual partners act as “data processors,” processing the personal data specified in this Privacy Policy on behalf of the Data Controller.

 

The Data Controller may only engage data processors that provide adequate guarantees—particularly in terms of expertise, reliability, and resources—that they implement the technical and organisational measures necessary to ensure compliance with GDPR requirements, including the security of data processing. The specific tasks and responsibilities of the data processor are governed by a contract between the Data Controller and the data processor.

 

Upon completing data processing on behalf of the Data Controller, the data processor must either return or delete the personal data, as per the Data Controller’s instructions, unless Union or Member State law requires the data processor to retain the data.

 

3.1.      DONE DIGITAL Kft. is responsible for the development of the Website. In the course of this work, it may have technical access to the personal data stored on the website to the extent necessary for development purposes (Website database: data processed in relation to contact requests and newsletter subscriptions). However, it does not perform any other activities with the data.

 

Registered Office and Postal Address: 1095 Budapest, Gát utca 21. Ground floor 1.

Email Address: hello@thisisdone.com

Telephone Number: +36 30 200 8218

Website: https://thisisdone.com/

 

3.2.      Hidden Design Kft. provides website hosting services (database storage). In the course of this service, it may have technical access to personal data to the extent necessary for the provision of hosting (Website database: data processed in relation to contact requests and newsletter subscriptions). However, it does not perform any other activities with the data.

 

Registered Office: 1095 Budapest, Gát utca 21. Ground floor 1.

Postal Address: 1094 Budapest, Tűzoltó utca 66. Ground floor 4.

Email Address: hidden@hidden.hu

Telephone Number: +36 20 426 1580

Website: https://www.hidden.hu/

 

3.3.      Wavemaker Hungary Kft. is responsible for media planning and media buying for the Website, as well as the evaluation of advertising campaigns. In the course of this work, it may have technical access to personal data to the extent necessary for the service (Website database: data processed in relation to contact requests and newsletter subscriptions). However, it does not perform any other activities with the data.

 

Registered Office and Postal Address: 1123 Budapest, Alkotás út 53. B Building, 3rd floor

Email Address: info.budapest@mecglobal.com

Telephone Number: +36 30 407 8733

 

4. Cookies Used on the Website

 

4.1.      Certain areas of the Website use cookies. Cookies are files that store information on the user’s web browser. For example, cookies allow the Website to recognise if a user has previously visited it or help us understand which parts of the site are the most popular by showing us which pages visitors access and how much time they spend there. By analysing this, we can better tailor the Website to users’ needs and provide a more diverse user experience.

 

4.2.      Cookies also enable us to ensure that the information displayed during the user’s next visit aligns with their expectations (without personally identifying them). When visiting our Website, certain technical information may be automatically collected that does not allow for the identification of the user. This may include the name of another website that directed the user to our site, the location from which they accessed the website, and searches conducted on the site. Collecting this information helps us understand user search preferences without using personal data. This data is used exclusively for internal purposes. Anonymous or general data that does not allow for the identification of an individual is not considered personal data and, therefore, does not fall under the scope of this Privacy Notice.

 

4.3.      You can configure your web browser to accept all cookies, reject all cookies, or notify you when a cookie is sent to your device. Since each web browser is different, please refer to your browser’s “Help” menu to modify your cookie settings. For more information about the nature of cookies and how to disable them, please consult your browser’s “Help” menu.

 

4.4.      For more information about the nature of cookies and how to disable them, please visit http://www.youronlinechoices.com/hu/. The Website is designed to operate with the use of cookies, so disabling them may affect the Website’s usability and prevent you from fully benefiting from its features.

 

The cookie settings menu for the most commonly used browsers:

Mozilla Firefox

Google Chrome

Internet Explorer

 

Google Analytics also offers additional options for opting out of Google Analytics services: http://tools.google.com/dlpage/gaoptout?hl=en-GB.

 

The cookies used on the Website can be managed via the Cookie Settings menu at the bottom of the webpage.

 

5. The protection of data subjects’ rights

 

5.1.      In accordance with Articles 12-21 of the GDPR, the data subject may request access to their personal data from the Data Controller, as well as its rectification, deletion, or restriction of processing. They may also object to the processing of such personal data and exercise their right to data portability. The rights of data subjects regarding data protection and their legal remedies are detailed in the relevant provisions of the GDPR, particularly in Articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79, 80, and 82. The following summary outlines the most important provisions.

 

The Data Controller shall fulfill the data subject’s request to exercise their rights within a maximum of one month from the date of receipt. The day of receipt does not count toward the deadline. If necessary, considering the complexity of the request and the number of requests received, the Data Controller may extend this deadline by an additional two months. The Data Controller shall inform the data subject of the extension and the reasons for the delay within one month of receiving the request.

 

5.2.      The data subject has the right to receive confirmation from the Data Controller as to whether their personal data is being processed. If such processing is taking place, the data subject has the right to be informed about:

 

  • Which personal data is being processed;
  • The legal basis for the processing;
  • The purpose of the data processing;
  • The duration of the processing.

Additionally, the data subject has the right to know:

  • To whom, when, on what legal basis, and which of their personal data the Data Controller has granted access or transferred;
  • The source of their personal data;
  • Whether the Data Controller uses automated decision-making, including profiling, and the logic behind such processing.

 

The Data Controller will provide a copy of the personal data being processed to the data subject free of charge upon the first request. For any subsequent requests, a reasonable fee may be charged based on administrative costs.

 

To ensure compliance with data security requirements and to protect the rights of the data subject, the Data Controller is required to verify the identity of the data subject before granting access to the requested data. Therefore, providing information, allowing data access, or issuing copies is subject to identity verification.

 

Identity verification is carried out electronically by sending a confirmation email to the provided email address. The recipient must confirm their request via this email. This confirmation process is essential to ensure that the requester is not a robot, is acting on their own behalf, confirms the request within their own email account, and uses a valid email address.

 

5.3.      The data subject has the right to request that the Data Controller correct any inaccurate personal data relating to them without undue delay. The data subject is also entitled to request the completion of incomplete personal data, including through a supplementary statement. If the data subject can credibly prove the accuracy of the corrected data, the Data Controller will fulfill the request within a maximum of one month and notify the data subject through the contact details provided by them.

 

5.4.      The data subject has the right to request the deletion of personal data relating to them without undue delay if any of the following reasons apply:

 

  1. The personal data is no longer necessary for the purpose for which it was collected or otherwise processed by the Data Controller;
  2. The data subject withdraws the consent on which the processing is based, and there is no other legal ground for processing;
  3. The data subject objects to the processing, and there is no overriding legitimate ground for the processing;
  4. The personal data has been unlawfully processed;
  5. The personal data must be erased in order to comply with a legal obligation under Union or Member State law; or
  6. The personal data was collected in relation to the offer of information society services.

 

The right to erasure does not apply where the processing is necessary for, among other things, the establishment, exercise, or defense of legal claims.

 

5.5.      The data subject has the right to request the Data Controller to restrict data processing (with clear marking of the restricted nature of processing and ensuring separate handling from other data) if any of the following conditions are met:

 

  1. The data subject disputes the accuracy of the personal data; in this case, the restriction applies for the period necessary for the Data Controller to verify the accuracy of the personal data;
  2. The processing is unlawful, and the data subject opposes the erasure of the data and instead requests the restriction of its use;
  3. The Data Controller no longer needs the personal data for processing purposes, but the data subject requires it for the establishment, exercise, or defense of legal claims; or
  4. The data subject has objected to the processing; in this case, the restriction applies for the period during which it is determined whether the legitimate grounds of the data subject override those of the Data Controller.

 

5.6.      The data subject has the right to object at any time, for reasons related to their particular situation, to the processing of their personal data based on legitimate interest, including profiling. In such cases, the personal data will no longer be processed unless it is demonstrated that there are compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or that are necessary for the establishment, exercise, or defense of legal claims.

 

5.7.      When unsubscribing from newsletters, the data subject will receive a confirmation link via the provided email address. They must confirm their request by clicking the link to complete the unsubscription process. This confirmation is necessary to ensure that the request was made by the individual themselves (not a robot), that they are acting on their own behalf, verifying the request from their own email account, and using a valid email address. The unsubscription only takes effect once the confirmation is completed.

 

5.8.      If the data subject believes that the Data Controller has violated applicable data protection regulations while processing their personal data, they have the right to lodge a complaint with the National Authority for Data Protection and Freedom of Information (address: 1055 Budapest, Falk Miksa utca 9-11, mailing address: 1363 Budapest, P.O. Box 9, email: ugyfelszolgalat@naih.hu, website: https://www.naih.hu/). The data subject also has the right to file a complaint with another supervisory authority, particularly in the European Union member state of their habitual residence.

 

5.9.      The data subject may also initiate legal proceedings against the Data Controller for violating data protection regulations. The lawsuit can be filed before the Metropolitan Court of Budapest or the competent court based on the data subject’s place of residence. In Hungary, court contact details can be found at http://birosag.hu/torvenyszekek. If the data subject’s habitual residence is in another EU member state, the case may be brought before the competent court of that member state.

 

Budapest, 18 March 2025