top of page

PRIVACY POLICY

​

IMPRION is operated as Data Controller by the European Parliament and the Council 2016/679. (GDPR) and CXII of 2011 on the right to information, self-determination and freedom of information, in order to fully comply with the provisions of Act (Infotv.) provides the following data protection information on the handling of the data of natural persons. 

 

The Data Controller takes appropriate measures in order to provide the data subject with information ont he processing of personal data in a transparent, understandable and easily accessible form, and to facilitate the exercise of the data subjects’ rights. 

 

The Data Protection Notice forms an annex tot he General Terms and Conditions containing the rules for the use of the website available under the app.imprion.eu domain and uses the concepts defined in its interpretation provisions in the sense defined therein, as well as the basic data protection concepts detailed below.

Payment, online payment:

Visitors to app.imprion.eu who decidet o purchase a service may do so by providing certain personal information as described below. On the pages of app.imprion.eu, the convenient and safe use of credit cards by data subject is ensured by the electronic payment processing service Barion, and personal data related to payment and invoicing is managed by Barion. Barion Payment Zrt., which provides the service, is an institution under the supervision of the Hungarian National Bank. Barion’s servers are protected by Comodo’s 2048-bit TLS encryption, and the security of Barion’s servers was designed in accordance with the regulations of the Hungarian National Bank. Payment by credit card does not require registration, it is enough to enter the card data required for online shopping, as well as a functioning e-mail address for mailing the issued electronic invoice. MasterCard, Maestro, Visa, Visa Electron and Amex cards can be used for payment. To use the credit card there is no surcharge  for the visitor.

The person concerned has the option -in certain cases, after prior consultation- to make payment by bank transfer, in such a way that, after the conclusion of the contract, based on the type of the payment (transfer) based ont he data received at the specified e-mail address, the person concerned can pay by bank transfer.

The payment process is supported by Billingo in terms of invoicing.

Further information:

- for Barion: https://www.barion.com/hu/, and for data management:
https://www.barion.com/hu/adatvedelmi-tajekoztato/

- for Billingo: https://www.billingo.hu/, and for data management: https://www.billingo.hu/adatkezelesi-tajekoztato

Basic concepts of data protection:

  • person concerned: any specific natural person identified or – directly or indirectly – identifiable ont he basis of their personal data;

  • personal data: any information about the person concerned; a natural person who can be identified directly or indirectly, in particular by an identifier, such as a name, number, location data, online identifier or an identifier based on one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person;

  • data controller: who determines the purposes and means of handling personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be defined by EU or member state law;

  • data processor: who manages personal data on behalf of the data controller;

 

  1. Data of the Data Controller:

 

name: Imprion Zártkörűen MűködÅ‘ Részvénytársaság

company registration number: Cg.01-10-142256 

registry court: FÅ‘városi Törvényszék Cégbíróság

headquarters: 1136 Budapest, Hegedűs Gyula utca 24.

tax number: 32221387-2-41

email: info@imprion.eu

phone number: +36302509455

website: imprion.eu


 

  1. Purpose of data management:

 

  • Providing access to IMPRION's interface and thereby providing services according to the General Terms and Conditions, as well as serving the online payment system.

 

  1. Scope of managed data:

 

  • name and e-mail address of users of the service provided by IMPRION

  • in order to use the payment system, the user's name, billing address, bank card details, e-mail address

 

  1. Duration of data management:

 

  • The personal data provided by the Users will be kept for the duration of the contract between the Parties. After the termination of the service or termination of this right of the U 

  • Name and email address data provided by users during bank card payment until the administration of the online payment and subsequent information, provided that,
    (i) the data in the account will be kept for 8 years, as well as
    (ii) in the event that any user complaint or claim is asserted or a procedure is initiated or is expected to be initiated, the personal data would be preserved until the completion of these procedures, even if the contract has been terminated in the meantime, otherwise they may be preserved until the expiration of the statute of limitations.

 

Personal data will be securely deleted by the Data Controller after the specified deadline, so they can no longer be restored.

 

  1. Data Processors:

The Data Controller uses data Processors to provide the service, which does not require the prior consent of person concerned, only to be informed.

The legal basis for data transmission is the performance of the service or a legal obligation. The purpose of data management is to fulfill the contract with the data processor, taking into account data protection requirements.

The data manager uses the following service providers, who - for the duration of the contract with him - manage the provided personal data and process the personal data in connection with the operations they carry out:

  • Barion Payment Zrt. (see more in the introduction, under Online payment)

  • Billingo Technologies Zártkörűen MűködÅ‘ Részvénytársaság (see more in the introduction, under Online payment)

 

  • regarding the performance of development tasks, WunderBytes Kft. (headquarters: 1107 Budapest, Gém utca 4. d. lház. fszt. 2., company registration number: 01-09-373261, tax number: 28769266-2-42, represented by: Rendes Gábor Antal managing director)

 

  1. Legal basis for data management:

 

  • the fulfillment of the contract between the User and the Service Provider, as well as the fulfillment of legal obligations (in the case of point IV. (ii))

 

  1. Data transfer:

During data processing, personal data may be transferred to a third country (United States of America), subject to maximum compliance with the relevant provisions of Chapter V of the GDPR and the guidelines of the European Court of Justice.

 

  1. Technical and organizational measures for data protection:

 

In order to ensure the security of your personal data, we use technical, administrative and physical security measures to ensure that only authorized persons can access your personal data and use it for the specified purposes. To this end, we take the following measures:

 

  • The data in the possession of the data controller is handled exclusively by the employees of the Service Provider who contribute to the implementation of the data management goals defined in this information. 

  • the data controller establishes the procedural rules that ensure that the recorded, stored and managed data are protected; takes appropriate measures to protect data against accidental or unlawful destruction, loss, alteration, damage, transmission, unauthorized disclosure or unauthorized access;

  • personal data is classified and managed by the data controller as confidential data, employees are required to maintain confidentiality regarding the handling of personal data; 

  • restricts access to personal data by specifying authorization levels; 

  • IT systems are protected with a firewall and virus protection 

  • electronic data processing and registration is carried out by means of a computer program that meets the requirements of data security; the program ensures that only those persons who need it in order to perform their duties have access to the data under controlled conditions; 

  • the data manager ensures the appropriate physical protection of the data (password protection on the computers of the employees who manage the data).

 

  1. Cookies:

 

A cookie is such information (an alphanumeric information package with varying content sent by the server) that the visited websites store on the computer. The use of "cookies" provides the possibility to query some of the visitor's data and to monitor their internet usage. Cookies are not capable of identifying the user by themselves, they are only capable of recognizing the visitor's computer. The system logs user logins (by IP address, time), but only the system administrator is authorized to see this.

 

The app.imprion.eu website operated by the Data Controller also uses "cookies", in which no personal data, only anonymized internal identifiers and technical information are collected and stored in order to improve the service. These include, for example, the type of browser, the web address of the subpages visited, the links followed, and the activity of the visitors to the page.

 

The legal basis of the cookies that ensure the basic functioning of the application is legitimate interest, the purpose of which is to ensure the proper functioning of the website. The duration of the session, in the case of the cookie consent storage (cookieconsent_status) cookie, 1 year.

 

More information on cookies for statistical purposes can be found at Google (https://policies.google.com/technologies/cookies), Hotjar (https://help .hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookie-Information).

 

The application does not use targeting or advertising cookies.

You can find information about the cookie settings of the most popular browsers at the links below

Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu

Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn

Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq

Safari: https://support.apple.com/hu-hu/HT201265

However, we would like to point out that certain website functions or services may not function properly without cookies.

 

Further information on processing methods, procedures and services used:

​

Google interfaces (API)

We obtain data from Google via the interfaces provided by Google. The data transfer takes place only with the consent of the user and for the purposes covered by the consent as well as on the basis of the general terms and conditions / terms of use and data protection information of the respective interfaces. Information on the interface provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Statement: https://policies.google.com/privacy.

Below you will find an overview of the interfaces used by us, their purposes, processed data and their provisions:

Gmail

Query data via Google API for Gmail accounts to manage this data in Engage (Community Management Tool). Here we use the special permissions "../auth/gmail.readonly" and "../auth/gmail.send" of the Google API:

Additional Limits on Use of Your Google User Data: Notwithstanding anything else in this Privacy Policy, if you provide the App access to the obove mentioned types of your Google data, the App's use of that data will be subject to these additional restrictions:

  • The App will only use access to read and write Gmail message bodies (including attachments), metadata and headers to provide a customer relationship management client that allows users to compose, send and read emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.

  • The App will not use this Gmail data for serving advertisements.

  • The App will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App's internal operations and even then only when the data have been aggregated and anonymized.

App's use of information received from Gmail APIs will adhere to Google's Limited Use Requirements: https://developers.google.com/terms/api-services-user-data-policy#additional-requirements-for-specific-api-scopes.

​

Provision of online services and web hosting

We process user data in order to be able to provide them with our online services. For this purpose, we process the IP address of the user, which is necessary to transmit the content and functions of our online services to the user's browser or terminal device.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status); Content data (e.g. text input, photographs, videos).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of Processing: Provision of our online services and usability; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).); Security measures.

  • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

  • Collection of Access Data and Log Files: The access to our online services is logged in the form of so-called "server log files". Server log files may include the address and name of the web pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and, as a general rule, IP addresses and the requesting provider. The server log files can be used for security purposes, e.g. to avoid overloading the servers (especially in the case of abusive attacks, so-called DDoS attacks) and to ensure the stability and optimal load balancing of the servers; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Retention period: Log file information is stored for a maximum period of 30 days and then deleted or anonymized. Data, the further storage of which is necessary for evidence purposes, are excluded from deletion until the respective incident has been finally clarified.

  • E-mail Sending and Hosting: The web hosting services we use also include sending, receiving and storing e-mails. For these purposes, the addresses of the recipients and senders, as well as other information relating to the sending of e-mails (e.g. the providers involved) and the contents of the respective e-mails are processed. The above data may also be processed for SPAM detection purposes. Please note that e-mails on the Internet are generally not sent in encrypted form. As a rule, e-mails are encrypted during transport, but not on the servers from which they are sent and received (unless a so-called end-to-end encryption method is used). We can therefore accept no responsibility for the transmission path of e-mails between the sender and reception on our server; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

  • Google Cloud Storage: Cloud storage, cloud infrastructure services and cloud-based application software; Service provider: Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://cloud.google.com/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://cloud.google.com/terms/data-processing-addendum; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://cloud.google.com/terms/eu-model-contract-clause; Further Information: https://cloud.google.com/privacy.

​

Single Sign-on Authentication

Single Sign-On" or "Single Sign-On Authentication or Logon" are procedures that allow users to log in to our online services using a user account with a provider of Single Sign-On services (e.g. a social network). The prerequisite for Single Sign-On Authentication is that users are registered with the respective Single Sign-On provider and enter the required access data in the online form provided for this purpose, or are already logged in with the Single Sign-On provider and confirm the Single Sign-On login via the button.

Authentication takes place directly with the respective single sign-on provider. Within the scope of such authentication, we receive a user ID with the information that the user is logged in with the respective single sign-on provider under this user ID and an ID that cannot be used for other purposes (so-called "user handle"). Whether we receive further data depends solely on the single sign-on procedure used, the data releases selected as part of authentication and also which data users have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the user's choice, there can be different data, usually the e-mail address and the user name. The password entered by the single sign-on provider as part of the single sign-on procedure is neither visible to us nor is it stored by us.

Users are requested to note that their data stored with us can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actual. If, for example, the e-mail addresses of users change, users must change these manually in their user account with us.

We can use single sign-on authentication, provided that it has been agreed with users in the context of pre-fulfillment or fulfilment of the contract, in the context of consent processing and otherwise use it on the basis of our legitimate interests and the interests of users in an effective and secure authentication system.

Should users decide to no longer want to use the link of their user account with the Single Sign-On provider for the Single Sign-On procedure, they must remove this link within their user account with the Single Sign-On provider. If users wish to delete their data from us, they must cancel their registration with us.

  • Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status); Event Data (Facebook) ("Event Data" is data that can be transmitted from us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to persons or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (such as written comments), login information, and Contact Information (such as names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, the Custom Audiences created from them with the deletion of our Facebook account).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of Processing: Provision of contractual services and customer support; Security measures; Authentication processes.

  • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

​

Contact and Inquiry Management

When contacting us (e.g. via mail, contact form, e-mail, telephone or via social media) as well as in the context of existing user and business relationships, the information of the inquiring persons is processed to the extent necessary to respond to the contact requests and any requested measures.

  • Processed data types: Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).

  • Data subjects: Communication partner (Recipients of e-mails, letters, etc.).

  • Purposes of Processing: Contact requests and communication; Managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online services and usability.

  • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Performance of a contract and prior requests (Article 6 (1) (b) GDPR).

Further information on processing methods, procedures and services used:

  • Contact form: When users contact us via our contact form, e-mail or other communication channels, we process the data provided to us in this context to process the communicated request; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR).

​

Cloud Services

We use Internet-accessible software services (so-called "cloud services", also referred to as "Software as a Service") provided on the servers of its providers for the storage and management of content (e.g. document storage and management, exchange of documents, content and information with certain recipients or publication of content and information).

Within this framework, personal data may be processed and stored on the provider's servers insofar as this data is part of communication processes with us or is otherwise processed by us in accordance with this privacy policy. This data may include in particular master data and contact data of data subjects, data on processes, contracts, other proceedings and their contents. Cloud service providers also process usage data and metadata that they use for security and service optimization purposes.

If we use cloud services to provide documents and content to other users or publicly accessible websites, forms, etc., providers may store cookies on users' devices for web analysis or to remember user settings (e.g. in the case of media control).

  • Processed data types: Inventory data (e.g. names, addresses); Contact data (e.g. e-mail, telephone numbers); Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).

  • Data subjects: Customers; Employees (e.g. Employees, job applicants); Prospective customers; Communication partner (Recipients of e-mails, letters, etc.); Users (e.g. website visitors, users of online services).

  • Purposes of Processing: Office and organisational procedures; Information technology infrastructure (Operation and provision of information systems and technical devices, such as computers, servers, etc.).).

  • Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

​

Web Analysis, Monitoring and Optimization

Web analysis is used to evaluate the visitor traffic on our website and may include the behaviour, interests or demographic information of users, such as age or gender, as pseudonymous values. With the help of web analysis we can e.g. recognize, at which time our online services or their functions or contents are most frequently used or requested for repeatedly, as well as which areas require optimization.

In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online services or their components.

Unless otherwise stated below, profiles, i.e. data aggregated for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read from it. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have agreed to the collection of their location data from us or from the providers of the services we use, location data may also be processed.

Unless otherwise stated below, profiles, that is data summarized for a usage process or user, may be created for these purposes and stored in a browser or terminal device (so-called "cookies") or similar processes may be used for the same purpose. The information collected includes, in particular, websites visited and elements used there as well as technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data or profiles to us or to the providers of the services we use, these may also be processed, depending on the provider.

The IP addresses of the users are also stored. However, we use any existing IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect the user. In general, within the framework of web analysis, A/B testing and optimisation, no user data (such as e-mail addresses or names) is stored, but pseudonyms. This means that we, as well as the providers of the software used, do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.

  • Processed data types: Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (Creating user profiles); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Provision of our online services and usability.

  • Security measures: IP Masking (Pseudonymization of the IP address).

  • Legal Basis: Consent (Article 6 (1) (a) GDPR).

Further information on processing methods, procedures and services used:

​

Online Marketing

We process personal data for the purposes of online marketing, which may include in particular the marketing of advertising space or the display of advertising and other content (collectively referred to as "Content") based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedure in which the relevant user information for the display of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, communication partners and technical information such as the browser used, computer system used and information on usage times and used functions. If users have consented to the collection of their sideline data, these can also be processed.

The IP addresses of the users are also stored. However, we use provided IP masking procedures (i.e. pseudonymisation by shortening the IP address) to ensure the protection of the user's by using a pseudonym. In general, within the framework of the online marketing process, no clear user data (such as e-mail addresses or names) is secured, but pseudonyms. This means that we, as well as the providers of online marketing procedures, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or similar memorizing procedures. These cookies can later, generally also on other websites that use the same online marketing technology, be read and analyzed for purposes of content display, as well as supplemented with other data and stored on the server of the online marketing technology provider.

Exceptionally, clear data can be assigned to the profiles. This is the case, for example, if the users are members of a social network whose online marketing technology we use and the network links the profiles of the users in the aforementioned data. Please note that users may enter into additional agreements with the social network providers or other service providers, e.g. by consenting as part of a registration process.

As a matter of principle, we only gain access to summarised information about the performance of our advertisements. However, within the framework of so-called conversion measurement, we can check which of our online marketing processes have led to a so-called conversion, i.e. to the conclusion of a contract with us. The conversion measurement is used alone for the performance analysis of our marketing activities.

Unless otherwise stated, we kindly ask you to consider that cookies used will be stored for a period of two years.

  • Processed data types: Content data (e.g. text input, photographs, videos); Usage data (e.g. websites visited, interest in content, access times); Meta, communication and process data (e.g. IP addresses, time information, identification numbers, consent status); Event Data (Facebook) ("Event Data" is data that can be transmitted from us to Facebook, e.g. via Facebook pixels (via apps or other means) and relates to persons or their actions; the data includes, for example, information about visits to websites, interactions with content, functions, installations of apps, purchases of products, etc.; Event data is processed for the purpose of creating target groups for content and advertising information (Custom Audiences); Event Data does not include the actual content (such as written comments), login information, and Contact Information (such as names, email addresses, and phone numbers). Event Data is deleted by Facebook after a maximum of two years, the Custom Audiences created from them with the deletion of our Facebook account); Contact Information (Facebook) ("Contact Information" is data that (clearly) identifies data subjects, such as names, email addresses and phone numbers, that can be transmitted to Facebook, e.g. via Facebook pixels or uploads for matching purposes to form Custom Audiences; After the matching to create target groups, the Contact Information is deleted).

  • Data subjects: Users (e.g. website visitors, users of online services).

  • Purposes of Processing: Web Analytics (e.g. access statistics, recognition of returning visitors); Targeting (e.g. profiling based on interests and behaviour, use of cookies); Conversion tracking (Measurement of the effectiveness of marketing activities); Affiliate Tracking; Marketing; Profiles with user-related information (Creating user profiles); Provision of our online services and usability.

  • Security measures: IP Masking (Pseudonymization of the IP address).

  • Legal Basis: Consent (Article 6 (1) (a) GDPR); Legitimate Interests (Article 6 (1) (f) GDPR).

  • Opt-Out: We refer to the privacy policies of the respective service providers and the possibilities for objection (so-called "opt-out"). If no explicit opt-out option has been specified, it is possible to deactivate cookies in the settings of your browser. However, this may restrict the functions of our online offer. We therefore recommend the following additional opt-out options, which are offered collectively for each area: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-regional: https://optout.aboutads.info.

Further information on processing methods, procedures and services used:

  • Facebook Pixel and Custom Audiences (Custom Audiences): With the help of the Facebook pixel (or equivalent functions, to transfer Event-Data or Contact Information via interfaces or other software in apps), Facebook is on the one hand able to determine the visitors of our online services as a target group for the presentation of ads (so-called "Facebook ads"). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users and within the services of partners cooperating with Facebook (so-called "audience network" https://www.facebook.com/audiencenetwork/ ) who have shown an interest in our online services or who have certain characteristics (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called "custom audiences"). With the help of Facebook pixels, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not appear annoying. The Facebook pixel also enables us to track the effectiveness of Facebook ads for statistical and market research purposes by showing whether users were referred to our website after clicking on a Facebook ad (known as "conversion tracking"); Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessing; Further Information: User event data, i.e. behavioral and interest data, is processed for the purposes of targeted advertising and audience building on the basis of the joint controllership agreement ("Controller Addendum", https://www.facebook.com/legal/controller_addendum). The joint controllership is limited to the collection and transfer of the data to Meta Platforms Ireland Limited, a company located in the EU. Further processing of the data is the sole responsibility of Meta Platforms Ireland Limited, which concerns in particular the transfer of the data to the parent company Meta Platforms, Inc. in the USA (on the basis of standard contractual clauses concluded between Meta Platforms Ireland Limited and Meta Platforms, Inc.).

  • Facebook - Custom Audiences from File: Creation of target groups for marketing purposes - We submit Contact Information (names, email addresses and phone numbers) to Facebook in list form for the purpose of creating Custom Audiences for content and advertising information based on the presumed interests of users. The transmission and matching with data available on Facebook is not in plain text, but as so-called "hash values", i.e. mathematical representations of the data (this method is used, for example, in the storage of passwords). After the matching to create target groups, the Contact Information is deleted. The Contact Information is processed on the basis of a DPA with Meta Platforms Ireland Limited ("Data Processing Terms", https://www.facebook.com/legal/terms/dataprocessing), the "Data Security Terms" (https://www.facebook.com/legal/terms/data_security_terms) and, with regard to processing in the USA, on the basis of Standard Contractual Clauses ("Facebook-EU Data Transfer Addendum", https://www.facebook.com/legal/EU_data_transfer_addendum). Further information on the processing of contact information can be found in the "Facebook Business Tools Terms", https://www.facebook.com/legal/terms/customaudience; Service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR); Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Data Processing Agreement: https://www.facebook.com/legal/terms/dataprocessing; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum.

  • Google Ad Manager: We use the "Google Marketing Platform" (and services like "Google Ad Manager") to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). The Google Marketing Platform" is characterised by the fact that ads are displayed in real time according to the presumed interests of the users. This allows us to display ads for and within our online services in a more targeted manner in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products in which he is interested on other online offers, this is referred to as "remarketing"; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Further Information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices; Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms; where Google acts as processor, Data Processing Conditions for Google Advertising Products and standard contractual clauses for data transfers to third countries: https://business.safety.google/adsprocessorterms apply.

  • Google Ads and Conversion Tracking: Online marketing process for purposes of placing content and advertisements within the provider's advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads. Furthermore, we measure the conversion of the ads, i.e. whether the users took them as a reason to interact with the ads and make use of the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Consent (Article 6 (1) (a) GDPR), Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Further Information: Types of processing and data processed: https://privacy.google.com/businesses/adsservices; Google Ads Controller-Controller Data Protection Terms and standard contractual clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms.

​

  1. Rights of the person concerned

 

The data subject, i.e. the User, has the right to request access to personal data relating to him, their correction, deletion or restriction of processing and may object to the processing of such personal data, as well as the right to data portability, as described below.

Right to transparent information: Upon request, the data controller provides detailed information about the data it manages, the purpose and duration of data management, the activities related to data management, as well as who receives your data and for what purpose. The information will be sent by the data controller as soon as possible, but no later than 30 days after the submission of the request, in writing, in an understandable way, electronically to the e-mail address provided by the data subject.

 

Right of access: You are entitled to receive feedback from our company as to whether your personal data is being processed and, if so, you are entitled to access your personal data managed by the data controller. We provide a copy of the personal data subject to data management upon request. In this way, you can check whether your personal data is handled in accordance with data protection legislation.

 

Right to rectification: You have the right to request the correction or addition of your inaccurate or incomplete personal data. In the event of a change, the person concerned can also initiate the modification of the provided data.

 

Right to erasure/forgetfulness: The right to deletion, also known as the "right to be forgotten", ensures that you can request the deletion of your personal data, if their processing is no longer absolutely necessary for the data controller for the purpose for which it was processed or collected, or in other cases. However, this does not mean an unconditional obligation to delete. The data controller may refuse to delete the data if, for example, the law requires the processing of the data, or there is another legal basis for the processing of the data, or there is a purpose specified in the law. In the event of a change, you can request the deletion of your data.

 

The right to restrict data processing: In certain cases and situations defined by law, you are entitled to limit the further processing of your personal data. In case of limited data management, we do not process your data except for storage. 

 

Right to protest: You are entitled to object to certain data processing. The data controller examines the objection - in addition to the simultaneous suspension of data management - within the shortest period of time from the receipt of the request, but no later than 15 days, and informs the data subject in writing of the result. If the data controller finds the protest of the person concerned to be well-founded, it will terminate the data management and block the data, and will notify all those to whom the data affected by the protest were previously transmitted about the protest and the measures taken based on it, and who are obliged to take action in order to enforce the right to protest. 

 

Right to data portability: You are entitled to request a copy of certain personal data managed by the data controller and to forward them to another data controller.

 

  1. Validation of the rights of the person concerned, legal remedies, court enforcement:

 

1. The data subject can lodge a complaint with the data controller at any time in connection with the handling of his personal data, using one of the following contact details: 

 

E-mail address: info@imprion.eu

Phone number: +36302509455

Postal address: 1136 Budapest, Hegedűs Gyula utca 24.

 

2. If the person concerned does not agree with the data controller's decision regarding the protest, or if the data controller does not make a statement within the deadline, he may apply to the court within 30 days from the notification of the decision or the last day of the deadline. The court acts out of sequence in the case. The person concerned may - according to his choice - initiate the lawsuit before the court of his place of residence or place of stay.

3. The person concerned can submit a complaint to the supervisory authority (National Data Protection and Information Freedom Authority; 1055 Budapest, Falk Miksa utca 9-11. – mailing address 1363 Budapest, Pf.: 9.; ugyfelszolgalat@naih.hu; +36 1 391 1400), and you can initiate an investigation with a report, citing that a violation of rights has occurred in connection with the management of your personal data or there is a direct threat of such violation.

 

The data controller provides information on its website about any changes to the data management it has carried out, and also reserves the right and undertakes to amend this data protection policy and information sheet at any time without prior notice in accordance with the applicable legal provisions and jurisprudence.. Any modification is only valid for data processing after the publication of the modified version.

bottom of page