Terms and Privacy Policy

For the activities of Parti Csónakház Kft. and the https://crownfinancingsolutions.com/ about data management related to website operation

Introduction

In accordance with the rules of the General Data Protection Regulation of the EU 2016/679 (GDPR/General Data Protection Regulation), this Information ensures that Parti Csónakház Kft. (hereinafter referred to as Data controller) what kind of activity does it perform with the data of natural persons during the performance of its tasks detailed below. About what rules he acts according to during his activity and provides insight into his measures for the protection of the data he uses. Last but not least, it provides information on all the rights that the affected parties are entitled to in order to protect their interests.

The data controller provides mandatory information according to Article 13 of the GDPR to the data subjects and interested parties as follows.

1. Data controller data

Name of data controller:	Parti Csónakház Kft.
Headquarter:	1202 Budapest, Vasút sor 10/B 1/12.
Tax number:	27830745-2-43
Email:	info@crownfinancingsolutions.com
Phone:	+3630 397 8830

2. Principles of handling personal data

The data controller operates in accordance with the following principles:

• The principle of purposefulness: shows the purpose for which the Data Controller stores and uses the data of natural persons in the course of its activities.
• The principle of data saving: therefore, the scope of the processed data is suitable for the given purpose and only to the extent necessary for it. 
• The principle of accuracy: according to this, the Data Controller shall immediately correct or delete inaccurate personal data for the sake of the Data Subjects and legal compliance.

The data controller receives the personal data directly from the data subjects. You accept that it is mandatory for you to perform the tasks related to the protection of personal data managed in connection with your activities, through which you will – where appropriate – help prove to the Authorities, business partners and the affected customers that in this regard the Regulation and the Info. tv., as well as in compliance with other relevant regulations (principle of accountability).

3. The main legislation defining our data management activities:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and repealing Regulation 95/46/EC (general data protection regulation – General Data Protection Regulation – GDPR, hereinafter: Regulation) 
• CXII of 2011 on the right to information self-determination and freedom of information. law (Info. tv.)
• XLVIII of 2008 Act on the basic conditions and certain limitations of economic advertising activity
• Act I of 2012 on the Labor Code
• 2017 CL. law on taxation
• Act C of 2000 on accounting

 

4. Concepts

GDPR: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC ( general data protection regulation)

Personal data: any information about the data subject, such as an identifier, name, number, location data, online identifier or data about the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person. 

Special data: personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs or trade union membership, as well as genetic and biometric data aimed at the unique identification of natural persons, health data and personal data relating to the sex life or sexual orientation of natural persons.

Data handling: regardless of the procedure used, any operation or set of operations performed on personal data or data files, including in particular the collection, recording, recording, organization, segmentation, storage, change, transformation, use, query, transmission, disclosure, coordination or connection, blocking, deleting and destroying the data, preventing access to the data and further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprints or palm prints).

Data controller: the natural or legal person or organization without legal personality who, independently or together with others, determines the purpose and means of personal data management, makes and implements decisions regarding data management, or has them implemented by the data processor.

Data processor: the natural or legal person or organization without legal personality who, or which manages personal data on behalf of the data controller.

Affected: any natural person identified on the basis of specific personal data or – directly or indirectly, on the basis of one or more factors – identifiable. A natural person who can be identified directly or indirectly, especially on the basis of an identifier such as name, number, location data, online identifier or one or more factors, can be identified.

Data transfer: making personal data available to specific third parties. Data transmission to the EEA member states and to the bodies of the European Union must be considered as if data transmission takes place within the territory of Hungary.

Data erasure/erasure: making the data unrecognizable by deleting content or in a way that enables an equivalent result. 

Data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.

EEA member state: a member state of the European Union and another state party to the Agreement on the European Economic Area, as well as the state whose citizen is a citizen of the European Union and its member states, and a state party to the Agreement on the European Economic Area based on an international treaty concluded between a state that is not a party to the Agreement on the European Economic Area enjoys the same legal status as a citizen of a state.

Third country: any state that is not an EEA member state.

NAIH: National Data Protection and Freedom of Information Authority, supervisory authority under the GDPR in relation to Hungary.

5. The order of data management

In the course of our activities, we handle business partner or customer data in any way and to any extent in accordance with the provisions of this Data Management Information Sheet, under an obligation of confidentiality, in accordance with the provisions of the GDPR and the relevant Hungarian legislation.  

We can legally store the personal data received in the context of our activities and related tasks, organize them within the framework of the legislation, and use them to the extent necessary. 

Data management will be terminated immediately if its purpose has been fulfilled or terminated, or we will consider it if the person concerned requests it.

We do not use profiling or automatic decision-making. 

6. Details of the data management related to our activities, by purpose
   1. Contact

I was touched: Representative of a natural person/legal entity contacting us with the intention of contacting us

Purpose of data management: Contacting, maintaining contact, information

Data type	Legal basis	Watch time
name	Article 6 (1) GDPR the dot,contribution	Until withdrawal of consent, but up to 5 years
e-mail address
telephone number

The process of data management: 

If you are our website form (https://crownfinancingsolutions.com/contact/ ), you provide us with your contact details by e-mail or phone call, we will use them to keep in touch and to perform our service. 

Please do not enter personal data in the “Message” section when using the website messaging form! We cannot handle the data received in this way (i.e. unsolicited), so they will be deleted immediately and permanently.

Providing the above data is not mandatory, but we cannot contact you if they are not provided. You may withdraw your consent at any time without giving any reason, but this does not affect the legality of the data processing previously carried out based on your consent. You can withdraw it by sending a request to the above e-mail address, which we will do as soon as possible, but within 5 working days at most.

2. Signing contracts with partners and customers

I was touched: A natural person who enters into a contract with our company, or a representative of a legal entity. All persons using counseling as our main service.

Purpose of data management: Fulfillment of contract 

Data type	Legal basis	Watch time
name	Article 6 (1) GDPR b) point, performance of the contract	For 5 years after the expiration or termination of the contractual relationship
signature
e-mail address	Article 6 (1) GDPR Point b) is necessary for contractual contact
telephone number

The process of data management: 

The processing of the above personal data is essential for the conclusion and performance of the contract and the related contact (cooperation). 

3. Management of data related to charity

I was touched: A https://crownfinancingsolutions.com/charity-financial-advisor/ sender of the form on page (charity requester)

Purpose of data management: documentation of charity request (written application), contact

Data type	Legal basis	Watch time
name	Article 6 (1) GDPR the dot; contribution	Until consent is revoked, but for a maximum of 5 years
company name
e-mail address
telephone number

The process of data management: 

This service is primarily open to small businesses and individuals, which may be suitable for together we will find the best financial solution for you. We will use the provided data for contact and to perform the service. 

Please do not enter personal data in the “Message” section when using the website messaging form! We cannot handle the data received in this way (i.e. unsolicited), so they will be deleted immediately and permanently.

Providing the above data is not mandatory, but we cannot contact you if they are not provided. You may withdraw your consent at any time without giving any reason, but this does not affect the legality of the data processing previously carried out based on your consent. You can withdraw it by sending a request to the above e-mail address, which we will do as soon as possible, but within 5 working days at most.

4. Handling of complaints related to data management

I was touched: The natural person whose rights are violated, affected person

Purpose of data management: Identification, conduct of the procedure and contact

Data type	Legal basis	Watch time
name	Article 6 (1) GDPR c) point; Compliance with legal obligations Regulation (EU) 2016/679 (GDPR)	5 years after the closure of a given case
His mother’s name
e-mail address
telephone number
info. about the objectionable data management

The process of data management: 

With regard to the data management carried out by the Data Controller, all stakeholders have the right to file a complaint if they feel that they have been harmed.  

The provision of the data is mandatory in order to investigate the grievance and to maintain contact – that is, to carry out the legal procedure. Without this, the complaint and/or the complainant cannot be identified, so we are unable to conduct the procedure.

5. Management of accounts, accounting

I was touched: Partner, client: individual entrepreneur or natural person representing a business association 

Purpose of data management: Document management according to the Accounting Act

Data type	Legal basis	Watch time
name	Article 6 c) GDPR; Compliance with legal obligations;Act C of 2000 on accounting	8 years after the termination of the contractual relationship
tax number

The process of data management: 

In the case of individual entrepreneurs, the receipts contain (may) contain personal data. We keep these documents in accordance with the provisions of the Accounting Act.

Providing the data is mandatory based on the relevant legislation. Failure to do so will result in the invoice not being accepted.

We store the data electronically with the help of the service szamlazz.hu.

• Partner: KBOSS Kft.
• Privacy info: https://www.szamlazz.hu/adatvedelem/ 

The competent tax authority has legal access to account information.

• NAV XX. ker., Budapest
• Availability, info.: dbpavig@nav.gov.hu ; telephone: +36(1) 299 4000

We have engaged an external partner for accounting, to whom we transmit data in order to perform this task.

• Partner: Adó Fix Kft.
• Availability, info.: mihalymonika@adofix.hu 

6.  Information about the use of cookies on the website:

Affected: all persons who are Data Controllers  https://crownfinancingsolutions.com/ they visit your website.

The website may use so-called “cookie” technology. A cookie is a small text file that the website provider places on your computer’s hard drive. Cookies provide various functionality supporting the website. 

The user has the option of allowing or rejecting cookies when accessing the website for the first time. After that, you have the opportunity to change your previous decision on each subsequent visit. If you decide to reject cookies, you may not be able to use some of the functions of our website in full.

The website currently uses the following cookie 

Essential cookie (no contribution required)

key	province	data management period	short description
cookie-consent	crownfinancingsolutions.com	1 year	This cookie serves to remember the user’s consent to the use of cookies on the website.

Performance cookie (requires contribution)

key	province	data management period	short description
_ga	crownfinancingsolutions.com	1 year 1 month	This cookie name is associated with the Google Universal Analytics service, which is a significant update to Google’s more frequently used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client ID. It is included in every page request of the website and is used to calculate visitor, session and campaign data for website analytics reports.
_ga_JFJL3JKBKL	crownfinancingsolutions.com	1 year 1 month	This cookie is used by Google Analytics to preserve the state of the session.

In terms of providing the technical background of the website, our service partner:

• Rackhost Zrt.
• Privacy info: https://www.rackhost.hu/privacy-policy 

7. Transmission and transfer of data

In some cases, we transfer personal data to third parties in connection with our activities. Data can be transmitted on paper or electronically, in both cases ensuring that the data is accessible only to the recipient. 

• paper-based transmission: by personal delivery or by post, specifically for the addressee 
• electronically (e-mail): personal data is not displayed in the text of the message. If necessary, personal data is sent in an attached Excel or compressed file, provided with a unique password in each case. 

Data is not transferred to a third country or to an international organization.

As a data controller – with the legal basis of “performance of contracts” or “legal compliance” – we transfer data – in addition to the partners indicated in point 6 – to the following organizations operating as data processors or independent data controllers: 

• K&H Bank Zrt.

Data management info.: https://www.kh.hu/adatkezelesi-tajekoztato 

8. Data security

We take care of the security of the personal data we manage with technical and organizational measures, as well as the development of procedures. 

Only our employees who need to know them to perform their duties have access to personal data.

For data security:

• during the planning and operation of the IT system, we assess and take into account possible risks, striving to continuously reduce them
• we monitor emerging threats and vulnerabilities (such as computer viruses, computer intrusions, denial-of-service attacks, etc.) so that we can take timely measures to avoid and eliminate them
• IT devices and information handled on paper are protected against unauthorized physical access and environmental effects (e.g. water, fire, electrical surges)
• by monitoring our IT system, we ensure the detection of possible problems and events
• Reliability is a fundamental aspect in the selection of service providers participating in the operation

9. Those concerned are subject to the provisions of Articles 15-20 of the GDPR. based on its articles, you have the following rights in relation to your personal data:

• right to information;
• access right;
• right to rectification;
• right to erasure;
• the right to restrict data processing;
• right to data portability;
• right to protest.

It’s his rights info@crownfinancingsolutions.com  you can do so by sending a request to the e-mail address.

The right of access based on this, you can request information about whether your personal data is being processed, and if such data processing is underway, you can access your personal data and receive information about the security conditions of data processing.

Right to rectification at your request, we will correct your inaccurate personal data without delay, as well as supplement your incomplete data.

Right to erasure We will delete your personal data without undue delay in the following cases:

• the personal data is no longer needed for the purpose for which we collected it or we process it in another way;
• if the consent that forms the basis of data management is revoked and there is no other legal basis for data management;
• if the personal data were processed unlawfully;
• according to the law, we must delete personal data.

We cannot delete personal data if the data processing is necessary for the presentation, validation or protection of a legal claim.

Use of personal data upon request the right to restrict data processing based on this, personal data will only be used within a specific scope. 

The right to data portability based on, if it does not infringe the rights and freedoms of others, we will send your data to you in a segmented, widely used, machine-readable format, and data will be transferred directly to another data controller upon request.

The right to information: The data subject can request information about the processing of his personal data from us within the period of data management. As soon as possible from the submission of the request, but no later than within 30 days, we will provide the Data Subject with information in writing, in an understandable form, about the processed data, the purpose, legal basis and duration of the data processing, and – if the data has also been forwarded – about who and for what purpose the data is received or has been received.

The right to protest: We will examine the objection as soon as possible, but no later than 15 days after the submission of the application, we will make a decision on its merits, and we will provide written information about the decision. If we are unable to fulfill the data subject’s request for correction, blocking or deletion, within 30 days of receiving the request, we will provide the factual and legal reasons for rejecting the request for correction, blocking or deletion in writing or with the consent of the data subject electronically. 

10. Other provisions regarding data management

Termination of data management

We will delete any personal data that 

• in the case of the processing of which the data processing purpose has ceased, or
• for the treatment of which the data subject’s consent is not available,
• whose right to be processed has been revoked by the data subject, or data processing has been prohibited, or
• for the treatment of which there is no legal basis.

Instead of deletion, we block personal data if the data subject requests this, or if, based on the available information, it can be assumed that the deletion would harm the legitimate interests of the data subject. Personal data locked in this way are processed only as long as the data management purpose that precluded the deletion of the personal data exists.

11. Our procedural rules related to the handling of data protection complaints

The procedure: we treat and deal with all comments sent to us in writing from the natural persons concerned as complaints, if they express grievances related to data protection and our procedure or omission that is incompatible with the provisions of this Data Management Information (hereinafter: complaint).

Complaints can be made by sending a notification to our e-mail address above (electronically) or to your mailing address. 

The complaint must contain at least: the complainant’s name, address (e-mail address), telephone number, date of the complaint, specific description of the complaint, signature of the complainant, and the consent to the handling of the data contained in the complaint notification in the procedure related to the complaint notification at the same time as signing the complaint. In the absence of these data and the declaration, we will not investigate the complaint and will notify the Complainant in writing. 

We handle the Complainant’s data exclusively in connection with the complaint report, we do not disclose it to third parties, except for official and judicial requests stipulated in the law, and we do not use it for business purposes.

We will investigate the complaint and provide a reasoned, written response within 30 days of receipt in the same way as the complaint was reported (by e-mail or post). If the 30-day deadline is not enough to investigate the complaint, we will inform the complainant of this. In this case, we will provide a written, justified response in the same manner as the notification within 3 months of the notification.

If, after investigating the complaint, we determine that the Complainant’s complaint was factual and justified, we will inform the Complainant about the method and extent of remedying the grievance at the same time as the complaint is evaluated.

If the complaint is rejected, we will inform you in writing that the Complainant can further address the complaint to the National Data Protection and Freedom of Information Authority (hereinafter: NAIH) or, in case of grievance, to the Court. 

The NAIH promotes the enforcement of data subject rights by issuing form letters: https://naih.hu/panaszuegyintezes-rendje.html   

Complaint: NAIH; 1055 Budapest, Falk Miksa u. 9-11, 

E-mail address: ugyfelszolgalat@naih.hu  

tel.: +36(1) 391 1400

website: www.naih.hu      

12. Data protection incident and its management

Data protection incident: any activity, intervention or omission that enables the illegal handling or processing of personal data, including unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.

If you notice something like this in connection with our activities, please let us know by e-mail as soon as possible info@crownfinancingsolutions.com or by phone: +3630 397 8830

As a data controller, we record the report and immediately begin its investigation. If the data protection incident occurred affecting the IT system, we will also inform the service providers responsible for operating the affected databases.

In order to investigate the report and deal with the incident, we collect all the information that may be necessary to identify it, reduce possible damage and develop further measures to be taken in order to prevent it. We record it as much as possible

• the time and place of the incident,
• description of the incident, circumstances, effects,
• the scope and number of data compromised during the incident,
• the range of persons affected by the compromised data

In addition to all this – in accordance with the legal requirements – we make a notification to the Authority (NAIH) within 72 hours. 

Data Protection Officer: As a data controller, we do not handle large amounts of and/or particularly sensitive personal data related to our main activity, we do not qualify as an official body, therefore we do not consider the assignment or employment of a data protection officer justified, and our company is not required to do so by the current legal regulations.

Comment: As a data controller, we reserve the right to continuously update this Data Management Information Sheet, and to unilaterally modify the detailed information in this process – also following legislative changes. The currently effective information is available from the Data Controller.

Budapest, July 2024 

Parti Csónakház Kft.