Terms and Privacy Policy

A https://cedrata.hu and the http://crownfinancingsolutions.com/ about data processing related to the operation of the website

 

Introduction

This Notice, in accordance with the rules of the EU General Data Protection Regulation 2016/679 (GDPR/General Data Protection Regulation), ensures that the Parti Csónakház Kft. (hereinafter referred to as Data controller) a https://cedrata.hu and the http://crownfinancingsolutions.com/. What activities it carries out with the data of natural persons in connection with the operation of the website. What rules it follows in the meantime and provides insight into the measures it takes to protect the data it uses. Last but not least, it provides information about all the rights that data subjects have in protecting their interests.

The Data Controller provides the mandatory information pursuant to Article 13 of the GDPR to data subjects and interested parties as follows.

1. Data controller data

Name of data controller:

Parti Csónakház Kft.

Headquarters:

1202 Budapest, Vasút sor 10/B 1/12.

Tax ID:

27830745-2-43

E-mail:

info@cedrata.hu 

Telephone:


Hosting provider:

Customer service:

Data management info:

+3630 397 8830


Rackhost Ltd.

info@rackhost.hu ; +36(1) 445 1200

https://www.rackhost.hu/privacy-policy 
     

2. Principles of personal data processing

The Data Controller operates in compliance with the following principles:

  • The principle of purposefulness: shows the purpose for which the Data Controller stores and uses the data of natural persons in the course of its activities.
  • The principle of data saving: therefore, the scope of the processed data is appropriate for a given purpose and only to the extent necessary for that purpose.
  • The principle of accuracy: according to this, the Data Controller shall immediately correct or delete inaccurate personal data in the interests of the Data Subjects and for legal compliance.

The Data Controller receives personal data directly from the data subjects. It accepts as binding the performance of tasks related to the protection of personal data processed in connection with its activities, through which it helps to prove – where appropriate – to the Authorities, business partners and the affected clients that it has acted in compliance with the Regulation and the Info. tv., as well as other relevant regulations in this regard. (principle of accountability).


3. The main laws governing our data management activities:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR, hereinafter referred to as the Regulation)
  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Info. tv.)
  • Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities
  • Act I of 2012 on the Labor Code
  • Act CL of 2017 on the Taxation System
  • Act C of 2000 on Accounting

 

4. Concepts

GDPR: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC (General Data Protection Regulation)

Personal information: any information relating to a data subject, such as an identifier, name, number, location data, online identifier or data specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.

Special categories: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data for the purpose of uniquely identifying natural persons, data concerning health and personal data concerning the sex life or sexual orientation of natural persons.

Data management: any operation or set of operations performed on personal data or data files, regardless of the procedure used, including in particular collection, recording, recording, organization, structuring, storage, alteration, transformation, use, retrieval, transmission, disclosure, alignment or combination, blocking, erasure and destruction, access to data and preventing further use of data, taking photographs, audio or video recordings and taking physical characteristics (e.g. fingerprints or palm prints) suitable for identifying a person.

Data controller: the natural or legal person or organisation without legal personality who, alone or jointly with others, determines the purposes and means of processing personal data, makes and implements decisions relating to data processing, or has them implemented by the data processor.

Data processor: the natural or legal person, or an organization without legal personality, who processes personal data on behalf of the data controller.

Affected: any natural person who is identified or can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier or one or more factors. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier or one or more factors.

Data transmission: making personal data accessible to a specific third party. Data transfers to EEA member states or to European Union bodies shall be considered as data transfers within the territory of Hungary.

Data deletion/erasure: making data unrecognizable by deleting content or in a manner that allows for an equivalent result.

Data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored, or otherwise processed.

EEA Member State: a Member State of the European Union and another state party to the Agreement on the European Economic Area, as well as a state whose citizen enjoys the same legal status as a citizen of a state party to the Agreement on the European Economic Area under an international treaty concluded between the European Union and its Member States and a state not party to the Agreement on the European Economic Area.

Third country: any state that is not an EEA member state.

NAIH: National Data Protection and Freedom of Information Authority, the supervisory authority under the GDPR for Hungary.

 

5. Data processing procedure

We process visitor data that we obtain in any way and to any extent during the operation of the website, in accordance with the provisions of this Data Protection Notice, under an obligation of confidentiality, and in accordance with the provisions of the GDPR and the relevant Hungarian legislation.

We may lawfully store personal data received in connection with our activities and related tasks, organize them within the framework of the law, and use them to the necessary extent.

We will terminate data processing immediately if its purpose has been fulfilled or ceased, or we will consider it if the data subject requests it.

We do not use profiling or automated decision-making.

 

6. Details of data processing related to our activities, by purpose

6.1. Contact us

Affected: a https://cedrata.hu/kapcsolat-es-elerhetoseg/ user who contacts us via the website with the intention of contacting us

Purpose of data processing: Contact, information

Data type

Legal basis

Guard time

name

GDPR Article 6 (1) (a),

contribution

Until consent is withdrawn, but for a maximum of 5 years

email address

phone number

 

The process of data management

If you provide us with your contact information via our website “Contact” form, email or phone call, we will use it to contact you and provide you with information.

Please do not provide personal data in the “Message” section when using the website message form! We cannot process data received in this way (i.e. unsolicited), so we will delete it immediately and permanently.

Providing the above data is not mandatory, but in the absence of this data we will not be able to contact you. You may withdraw your consent at any time without giving any reason, but this will not affect the lawfulness of the data processing carried out previously based on your consent. You can withdraw your request by sending an e-mail to the above address, which we will respond to as soon as possible, but no later than within 5 working days.

 

6.2. Handling complaints involving data processing

Affected: A natural person whose rights have been violated, a data subject

Purpose of data processing: Identification, conduct of the procedure and contact

Data type

Legal basis

Guard time

name

GDPR Article 6 (1) point (c);

Fulfillment of legal obligations


Regulation (EU) 2016/679 (GDPR)

5 years after the closure of a given case

mother’s name

email address

phone number

info. about the objectionable data processing

 

The process of data management

Every data subject has the right to file a complaint regarding the data processing carried out by the Data Controller if they feel that they have been wronged.

Providing the data is mandatory for the purpose of investigating the grievance and maintaining contact – i.e. conducting the due process. Without this, the complaint and/or the complainant cannot be identified, so we are unable to conduct the procedure.

 

6.3. Information about the website’s use of cookies:

Affected: all persons who are Data Controllers https://cedrata.hu/ they visit your website.

The website may use a technology called “cookies”. A cookie is a small text file that the website provider places on your computer’s hard drive. Cookies provide various functions that support the operation of the website.

The user has the option to allow or refuse cookies when they first visit the website. After that, they have the opportunity to change their previous decision on each subsequent visit. If you decide to refuse cookies, you may not be able to fully use some of the features of our website.

The website currently uses the following cookies:

  • Strictly necessary cookie (does not require consent)

key

province

data processing period

short description

cookie-consent

crownfinancingsolutions.com

1 year

This cookie is used to remember the user’s consent to the use of cookies on the website.

 

A https://crownfinancingsolutions.com Use of cookies on this page:

  • Strictly necessary cookie (does not require consent)

key

province

data processing period

short description

cookie-consent

Főoldal

1 year

This cookie is used to remember the user’s consent to the use of cookies on the website.

 

  • Performance cookie: requires consent, but is not mandatory

key

province

data processing period

short description

_ga_JFJL3JKBKL

.crownfinancingsolutions.com

13 months

This cookie is used by Google Analytics to maintain session state.

_to

.crownfinancingsolutions.com

13 months

This cookie name is associated with Google Universal Analytics – a major update to Google’s more widely used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client ID. This cookie is included with each page request on a website and is used to calculate visitor, session and campaign data for website analytics reports.

 

Our service partner for providing the technical background of both websites:

 

7. Data security

We ensure the security of the personal data we process by implementing technical and organizational measures and procedures.

Only those of our employees who need to know your personal data to perform their duties have access to it.

To ensure data security:

  • During the design and operation of the IT system, we assess and take into account potential risks, striving to continuously reduce them.
  • we monitor emerging threats and vulnerabilities (such as computer viruses, computer intrusions, denial of service attacks, etc.) so that we can take timely action to avoid and mitigate them
  • We protect IT devices and paper-based information against unauthorized physical access and environmental influences (e.g. water, fire, electrical surges)
  • We monitor our IT system to detect potential problems and incidents.
  • Reliability is a fundamental consideration when selecting service providers participating in the operation.


8. Data subjects have the following rights with regard to their personal data pursuant to Articles 15-20 of the GDPR:

  • right to information;
  • right of access;
  • right to rectification;
  • right to erasure;
  • the right to restrict data processing;
  • right to data portability;
  • right to protest.

 

Your rights to info@cedrata.hu You can exercise it by sending a request to the e-mail address.

The right of access You may request information on whether your personal data is being processed, and if such data processing is in progress, you may access your personal data and receive information about the security conditions of data processing.

The right to rectification Upon your request, we will correct your inaccurate personal data without delay and complete your incomplete data.

Right to erasure We will delete your personal data without undue delay in the following cases:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • if the consent forming the basis for data processing is withdrawn and there is no other legal basis for processing the data;
  • if the personal data has been processed unlawfully;
  • By law, we must delete personal data.

We cannot delete personal data if the processing is necessary for the establishment, exercise or defense of legal claims.

Upon request, the use of personal data the right to restrict data processing. We limit your personal data based on this, in which case we only use it within a specific scope.

The right to data portability based on, provided that it does not violate the rights and freedoms of others, we will send your data to you in a structured, commonly used, machine-readable format, or we will directly transfer your data to another data controller upon your request.

Right to information: The data subject may request information from us about the processing of his or her personal data within the period of data processing. As soon as possible after the request is submitted, but no later than 30 days, we will provide the data subject with written, intelligible information about the data processed, the purpose, legal basis, and duration of data processing, and – if the data has been transferred – about who receives or has received the data and for what purpose.

The right to protest: We will examine the objection as soon as possible after the request is submitted, but no later than 15 days, make a decision on its merits, and provide written information about our decision. If we are unable to comply with the data subject’s request for rectification, blocking or erasure, we will communicate the factual and legal reasons for rejecting the request for rectification, blocking or erasure in writing or, with the data subject’s consent, electronically within 30 days of receipt of the request.

 

9. Other provisions regarding data processing

Termination of data processing

We will delete all personal data that

  • in the case of the processing of which the purpose of data processing has ceased, or
  • for the processing of which the data subject’s consent is not available,
  • the right to which the data subject has withdrawn or has prohibited the processing, or
  • for which there is no legal basis.

Instead of erasure, we will block personal data if the data subject requests it or if, based on the information available to us, it can be assumed that erasure would harm the legitimate interests of the data subject. We will only process personal data blocked in this way for as long as the purpose of the data processing that precluded the erasure of the personal data exists.


10. Our procedural rules for handling data protection complaints

The procedure: we treat and handle all written comments from the natural persons concerned as complaints, if they are related to data protection and express a grievance regarding our procedure or omission that is incompatible with the provisions of this Data Protection Notice (hereinafter: complaint).

You can file a complaint by sending a report to our e-mail address above (electronically) or to your mailing address.

The complaint must contain at least:: the complainant’s name, address (e-mail address), telephone number, date of the grievance, specific description of the complaint, signature of the complainant, and that he/she consents to the processing of his/her data included in the complaint report in the procedure related to the complaint report, simultaneously with signing the complaint. In the absence of this data and the declaration, the complaint will not be investigated and the Complainant will be notified in writing.

We process the Complainant’s data exclusively in connection with the complaint, we do not disclose it to third parties, except for official or court requests as stipulated by law, and we do not use it for business purposes.

We will investigate the complaint and provide a reasoned, written response within 30 days of receipt in the same manner as the complaint was filed (e-mail or post). If the 30-day deadline is not sufficient to investigate the complaint, we will inform the complainant. In this case, we will provide a written, reasoned response within 3 months of the filing in the same manner as the filing.

If, after investigating the complaint, we determine that the Complainant’s complaint was factual and justified, we will inform the Complainant about the method and extent of the remedy for his grievance at the same time as the complaint is assessed.

If the complaint is rejected, we will inform you in writing that the Complainant may further refer the complaint to the National Authority for Data Protection and Freedom of Information (hereinafter: NAIH) or, in the event of a grievance, to the Court.

The NAIH facilitates the enforcement of data subject rights by issuing standard forms: https://naih.hu/panaszuegyintezes-rendje.html   

 

Complaint reporting: NAIH; 1055 Budapest, Falk Miksa u. 9-11,

Email address: ugyfelszolgalat@naih.hu  

tel.: +36(1) 391 1400

website: www.naih.hu      

 

11. Data protection incident and its management

Data protection incident: any activity, intervention or omission that enables the unlawful handling or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.

If you notice this in connection with our activities, please report it by email as soon as possible info@cedrata.hu or by phone: +3630 397 8830

 

As a data controller, we will record the report and immediately begin investigating it. If the data protection incident occurred in an IT system, we will also inform the service providers responsible for operating the affected databases.

In order to investigate the report and handle the incident, we collect all information that may be necessary to identify it, reduce any potential damage, and develop further measures to be taken for remediation. We record it as much as possible.

  • the time and place of the incident,
  • description of the incident, its circumstances, effects,
  • the scope and quantity of data compromised during the incident,
  • the range of people affected by the compromised data

 

In addition to all this – in accordance with legal requirements – we will report to the Authority (NAIH) within 72 hours.

 

Data Protection Officer: As a data controller, we do not process large amounts of personal data and/or data that can be classified as particularly sensitive in connection with our main activity, therefore we do not consider the appointment or employment of a data protection officer to be justified, and our company is not obliged to do so by the current legal regulations.

 

Note: As a data controller, we reserve the right to continuously update this Data Protection Notice, and to unilaterally modify the information detailed therein – also following legal changes. The currently valid notice is available on the website.

Last update:

Budapest, November 2025

Parti Csónakház Kft.