Table of contents
1. Purpose of this privacy notice
2. Data Controller's data
2.1 Data Protection Officer
3. Scope of personal data processed
3.1 Technical data
3.2 Cookies
3.2.1 Function of cookies
3.2.2 Strictly necessary, session cookies
3.2.3 Third-party cookies (analytics)
3.2.4 List of cookies on the websites of the Data Controller
4 General data processing policy, name of data processing, use, legal basis and retention period
4.1 Newsletter / eDM related data
5 Physical storage locations of data
6 Data transfer, data processing, data subjects
6.1 Data transfers to third countries
7 Data subject's rights and redress mechanism
7.1 Right to information
7.2 Right of access of the data subject
7.3 Right to rectification
7.4 Right to erasure
7.5 Right to restriction of processing
7.6 Right to data portability
7.7 Right to object
7.8 Automated decision-making in individual cases, including profiling
7.9 Right of withdrawal
7.10 Right to apply to the courts
8 Other provisions
1. Purpose of this privacy notice
Catapult Design Ltd. (address: 1028 Budapest, Silágyi Etzsébet utca 7.) hereinafter referred to as the "data controller", as the data controller, acknowledges the contents of this legal notice as binding upon it.
It undertakes to ensure that any processing of data related to its activities complies with the requirements set out in this Policy and in the applicable national legislation and European Union legal acts.
This privacy notice covers the following domain:
- catapult.hu
The privacy policy of the Data Controller in relation to its data processing is permanently available at catapult.hu/en/info/data-processing-policy.
The Data Controller reserves the right to amend this policy at any time. Changes will be notified to the data subjects in due time.
If you have any questions regarding this notice, please write to us and we will answer them.
The Data Controller is committed to protecting the personal data of its customers and partners and attaches the utmost importance to respecting the right to information self-determination of its customers. The Data Controller treats personal data confidentially and takes all security, technical and organisational measures to ensure the security of the data.
2. Data Controller's data
If you wish to contact the Data Controller, you can do so at this address: info@catapult.hu.
Name: Catapult Design Ltd.
Address: 1028 Hungary, Budapest, Szilágyi Erzsébet utca 7.
Tax No.: 14686278-2-41
Registration number: 01-09-915162
Phone: +36 30 977 1708
E-mail: info@catapult.hu
2.1 Data Protection Officer
The Data Controller does not carry out any activities that would justify the appointment of a Data Protection Officer.
3. Scope of personal data processed
3.1 Technical data
The Data Controller selects and operates the IT tools used to process personal data in the provision of the service in such a way that the processed data:
- is accessible to those authorised to access it (availability);
- its authenticity and authenticity are ensured (authenticity of processing);
- its integrity can be verified (data integrity);
- is protected against unauthorised access (data confidentiality).
The Data Controller shall take appropriate measures to protect the data against unauthorised access, alteration, disclosure, disclosure, erasure or destruction and against accidental destruction.
The Data Controller shall ensure the security of data processing by technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with the processing.
The Data Controller shall, in the course of the processing, preserve confidentiality: protect the information so that it is accessible only to those who are authorised to have access to it; integrity: protect the accuracy and completeness of the information and the method of processing; availability: ensure that the information is accessible and available when the authorised user needs it.
3.2 Cookies
3.2.1 Function of cookies
Cookies collect information about visitors and their devices; they remember visitors' individual preferences, which are used, for example, when requesting online transactions, so that they do not have to be re-entered; they facilitate the use of the website; they provide a quality user experience; and they are involved in the collection of some statistical information about visitors.
In order to provide a personalised service, a small piece of data, called a cookie, is placed on the user's computer and read back during a subsequent visit. When the browser returns a previously saved cookie, the cookie provider has the possibility to link the user's current visit to previous visits, but only in relation to its own content.
Some of the cookies do not contain any personally identifiable information about the individual user, while others contain a secret, randomly generated sequence of numbers that are stored on the user's device and ensure the user's identity.
3.2.2 Strictly necessary, session cookies
The purpose of these cookies is to allow visitors to browse the catapult.hu website, use its functions and services without any problems. The validity period of this type of cookie lasts until the end of the session (browsing), and when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.
3.2.3 Third-party cookies (analytics)
The catapult.hu website also uses Google Analytics as a third party cookie. By using Google Analytics for statistical purposes, catapult.hu collects information about how visitors use the website. The data is used to improve the website and the user experience. These cookies will also remain on the visitor's computer or other browsing device, their browser, until they expire or until they are deleted by the visitor.
3.2.4. Legal basis for cookie management
The legal basis for the cookie management is the consent of the website visitor, pursuant to Article 6(1)(a) of the relevant Regulation.
If you do not consent to the use of cookies, certain functions of the website listed in section 3.2.3 will not be available during use, or certain functions may not function properly.
For more information on how to delete cookies for more common browsers, please see the links below:
- Firefox: Firefox: delete cookies set by websites from your computer
- Chrome: Clear cache & cookies
- Safari: Manage cookies and website data in Safari on Mac
3.2.4 List of cookies on the websites of the Data Controller
Name | Service provider | Details | Expiry | Character |
Cookies necessary for the functioning of the website | Cookies are essential for the use of the website and allow the use of its essential functions. In their absence, many of the site's functions will not be available. | End of session | does not collect personal data | |
Cookies to improve the user experience | Cookies collect information about the use of the website and are used to improve the user experience. | End of session | does not collect personal data | |
Session cookies | Cookies store the visitor's location, browser language, payment currency. | Max 2 hours or close the browser | ||
1P_JAR | Google.com & Gstatic.com | Cookie used to collect site statistics and track conversion rate. | 2 years | does not collect personal data |
CONSENT | catapult.hu | The cookie is used to store preferences related to cookie acceptance | 1 year | does not collect personal data |
viewedExitPopupWP | catapult.hu | The cookie is used to store preferences for information provided when leaving a website | 30 days | does not collect personal data |
NID | Google.com | These cookies allow our websites to remember how the website works or is displayed, for example, information that changes the language you have set or the region you are in. | 10 years | does not collect personal data |
_ga | Google.com | We use Google Analytics cookies to measure traffic to our website. A single text bar is saved to identify the browser, interaction timestamp and browser / source page that led the user to our website. | 2 years | does not collect personal data |
_gat | Google.com | We use Google Analytics cookies to measure traffic to our website. A single text bar is saved to identify the browser, interaction timestamp and browser / source page that led the user to our website. | 2 years | does not collect personal data |
_gid | Google.com | We use Google Analytics cookies to measure traffic to our website. A single text bar is saved to identify the browser, interaction timestamp and browser / source page that led the user to our website. | 2 years | does not collect personal data |
4 General data processing policy, name of data processing, use, legal basis and retention period
The data processing of the activities of the data controller is based on voluntary consent or legal authorisation. In the case of processing based on voluntary consent, data subjects may withdraw their consent at any stage of the processing.
In certain cases, the processing, storage and transmission of some of the data provided is required by law and we will inform our customers separately. We draw the attention of data controllers to the fact that, where data controllers do not provide their own personal data, it is the data controllers' duty to obtain the consent of the data subject. Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR); Act V of 2013 on the protection of individuals with regard to the processing of personal data (GDPR). Act C of 2000 - on Accounting (Accounting Act); Act LIII of 2017 - on the Prevention and Combating of Money Laundering and Terrorist Financing (Pmt.); Act CCXXXVII of 2013 - on Credit Institutions and Financial Undertakings (Hpt.).
The Data Controller has prepared data maps, on the basis of which the scope of the data processed, their use, legal basis and retention period have been determined.
4.1 Newsletter / eDM related data
Personal data requested when subscribing to the newsletter:
Name (required field)
Newsletter subscription is possible after reading and accepting the Privacy Policy. Acceptance of the Privacy Policy is done by accepting the mandatory checkbox that is not filled in in advance.
After subscribing, the subscriber will receive an email message informing him/her of the subscription, which he/she will have to confirm, after which the subscription will take effect.
In all related processes, the customer still has the possibility to unsubscribe, the possibility to unsubscribe is included in each mail in the form of a link, easily accessible with one click
As the newsletter contains the name of the company and the contact details of its website, it is considered as an advertisement, eDM.
Purpose of the processing, intended use of the data processed. The newsletter will contain the address of the website and will therefore be considered as advertising.
The legal basis for the data processing is voluntary consent.
Retention period: until unsubscription.
5 Physical storage locations of data
Your personal data (i.e. data that can be associated with your person) may be processed by us in the following ways:
- on the one hand, technical data relating to the computer you use, the browser program, the Internet address, the pages you visit, are automatically generated in our computer system in connection with the maintenance of the Internet connection,
- on the other hand, you may also provide your name, contact details or other data if you wish to contact us personally when using the website. Data technically recorded during the operation of the system: the data of the computer of the person concerned who logs in, which are recorded by catapult.hu's systems as an automatic result of technical processes.
The data that are automatically recorded are automatically logged by the system at the time of logging in or out, without any specific declaration or action by the data subject.
This data cannot be linked to other personal user data, except in cases required by law. The data is only accessible by the catapult.hu domain.
6 Data transfer, data processing, data subjects
The Data Controller uses the following data processors within the scope of its business activities:
Hosting:
ATW Internet Ltd.
H-1138 Budapest, Esztergomi út 66. fsz. 1.
Tax number: 13471868-2-41
Company registration number: 01-09-736956
Customer service (working days 9-17): +36 1 6000
E-mail: support@atw.co.hu
Scope of the data collected: content of the websites on the catapult.hu domain, emails sent to email addresses based on these domains.
Newsletter:
The Rocket Science Group, LLC (Mailchimp), 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
Data collected: name and email address of subscriber.
Google Analytics:
Google Inc., Mountain View, California, USA
Scope of data collected: anonymised, non-personally identifiable IP addresses of visitors to the catapult.hu website.
Facebook page:
Facebook Inc.
Menlo Park, California, USA
Privacy Policy: https://www.facebook.com/about/privacy/update
Data collected: username, comments.
6.1 Data transfers to third countries
Data is transferred to the United States of America, for which a compliance decision was issued on 12 July 2016 (https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en).
The compliance decision Mailchimp , the Google and Facebook also applies to the data controllers
7 Data subject's rights and redress mechanism
The data subject may request information about the processing of his/her personal data, request the rectification, erasure or withdrawal of his/her personal data, except for mandatory processing, exercise his/her right to data portability and objection as indicated when the data were collected or by contacting the Data Controller at the above contact details.
7.1 Right to information
The controller shall take appropriate measures to provide data subjects with all the information referred to in Articles 13 and 14 of the GDPR and each of the information referred to in Articles 15 to 22 and 34 of the GDPR concerning the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.
7.2 Right of access of the data subject
The data subject shall have the right to obtain from the controller feedback as to whether or not his or her personal data are being processed and, where such processing is taking place, the right to access the personal data and the following information:
- the purposes of data processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular recipients in third countries or international organisations;
- the envisaged period of storage of the personal data;
- the right to rectification, erasure or restriction of processing and the right to object;
- the right to lodge a complaint with a supervisory authority;
- information on the data sources;
- the fact of automated decision-making, including profiling, and clear information on the logic used and the significance of such processing and its likely consequences for the data subject.
The Data Controller shall provide the information within a maximum of one month from the date of the request.
7.3 Right to rectification
The data subject may request the correction of inaccurate personal data relating to him or her processed by the Controller and the completion of incomplete data.
7.4 Right to erasure
The data subject shall have the right, upon request and without undue delay, to obtain from the Controller the erasure of personal data relating to him or her, on one of the following grounds: the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; the data subject withdraws the consent on the basis of which the processing was carried out and there is no other legal basis for the processing; the data subject objects to the processing and there is no overriding legitimate ground for the processing; the personal data have been processed unlawfully; the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject; the personal data were collected in connection with the provision of information society services.
The erasure of the data may not be initiated if the processing is necessary: for the exercise of the right to freedom of expression and information; for compliance with an obligation under Union or Member State law to process personal data or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; for public health purposes or for archiving, scientific or historical research purposes or statistical purposes in the public interest; or for the establishment, exercise or defence of legal claims.
7.5 Right to restriction of processing
At the request of the data subject, the Controller shall restrict processing if one of the following conditions is met: the data subject contests the accuracy of the personal data, in which case the restriction shall be for a period of time which allows the accuracy of the personal data to be verified; the processing is unlawful and the data subject opposes the erasure of the data and requests instead that its use be restricted; the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or the data subject has objected to the processing; in which case the restriction shall apply for a period of time until it is established whether the legitimate grounds of the controller override the legitimate grounds of the data subject.
Where processing is subject to restriction, personal data other than storage may be processed only with the consent of the data subject or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State.
7.6 Right to data portability
The data subject has the right to receive personal data relating to him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and to transmit such data to another controller.
7.7 Right to object
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. In the event of an objection, the Controller may no longer process the personal data, except on compelling legitimate grounds which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
7.8 Automated decision-making in individual cases, including profiling
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
7.9 Right of withdrawal
The data subject has the right to withdraw his or her consent at any time.
7.10 Right to apply to the courts
The data subject may take legal action against the Controller in the event of a breach of his or her rights. 8.11 Complaints may be lodged with the National Authority for Data Protection and Freedom of Information:
Name: National Authority for Data Protection and Freedom of Information. Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mail address: 1530 Budapest, Pf.: 5. Phone: +36 1 3911400
E-mail: ugyfelszolgalat@naih.hu Website: http://www.naih.hu
8 Other provisions
Information on data processing not listed in this information notice will be provided at the time of data collection. We inform our customers that the court, the prosecutor, the investigating authority, the law enforcement authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank or other bodies authorised by law may contact the data controller to provide information, to communicate or transfer data or to make documents available. The controller shall disclose to the authorities - provided that the authority has indicated the precise purpose and scope of the data - personal data only to the extent and to the extent strictly necessary for the purpose of the request.