Privacy Policy
Prior to the photo shoot I will make a written agreement with you and at the same time I will provide a separate sheet of paper elaborating the Privacy Policy, as well as the rules concerning privacy and copyrights. In this document (agreement) I will specify the duration and methods of storing and using the photographs.
Contact: info@krisztiantota.com
Representative: dr. Krisztián Tóta
Contact: info@krisztiantota.com
Registered address for correspondence: 2120 Dunakeszi, Gérecz Attila utca 1/B. 2. Hungary
Website of Data Controller: krisztiantota.com
Registration Number: 53684538
Permission for data control may be withdrawn any time by sending a message to info@krisztiantota.com. In this case I will immediately delete your personal data, except data I am obliged to store for other purposes (e.g. your name can be deleted from my contact list, but it will be retained on my invoices which I am legally obliged to keep). Data control prior to the withdrawal of permission will be considered legitimate.
Activity | Personal data involved | Purpose of data management | Duration of data management |
Contact by telephone | name, telephone number | Contact via telephone or electronic mail, information request regarding my services, request for a call back. | Until the withdrawal of permission. Also, call list is deleted every month. |
Direct contact via e-mail:
|
name, e-mail address and any other personal data you disclose in your message | Until the withdrawal of permission. The mailing system is reviewed every January. | |
Contact via contact form – “Send” button on the website | name, e-mail address and the contents of your message |
Activity | Personal data involved | Purpose of data management | Duration of data management |
Appointment request | name, e-mail address, telephone number, message | Appointment for photo shoot, keeping in touch in order to arrange the details | 5 years, if my offer is accepted. In the absence of acceptance, the mailing system is subject to annual review; personal data is deleted latest at this point, or immediately upon request. |
Order | name, e-mail address, telephone number | The purpose of managing the data which is essential for the identification of my customers is to keep in touch and fulfill the contract. | 5 years |
Signing user agreement | name and personal identification of natural person (mother’s name, place and date of birth, address), self-employed entrepreneur’s name, address, registration number, tax number, name and contact information of the contact person of legal person partners, representative of the legal person | Entering the terms of the contract in writing, with the details necessary to identify the contract partner and to fulfill the contract. Data are an essential element of the contract which must be concluded in writing. | Until the expiry of the contract. |
Activity | Personal data involved | Purpose of data management | Duration of data management |
Payment via bank transfer | name, bank account number | Fulfilment of the contract with the payment method of the customer’s choice | 1+8 years for the storage of bank statements; SMS notifications deleted monthly |
Activity | Personal data involved | Purpose of data management | Duration of data management |
Issue of invoice | billing name and address | Fulfilment of the invoice obligation with the information required by law. | Accounting documents must be kept for 1+8 years |
Consent may be revoked by sending a message to info@krisztiantota.com. In this case I will immediately delete your personal data, except data I am obliged to store for other purposes (e.g. your name can be deleted from my contact list, but it will be retained on my invoices which I am legally obliged to keep). Data control prior to the withdrawal of permission will be considered legitimate.
Activity | Personal data involved | Purpose of data management | Duration of data management |
Sending newsletters | name, e-mail address | Promoting my services, publishing my blog posts, sending news stories, introducing my new services to subscribers. | Until unsubscription |
Activity | Personal data involved | Purpose of data management | Duration of data management |
Managing the data of professional and business partners and contact persons | the name, business address, telephone number, e-mail address, and occupation of the contact person | Professional and business contact with partners I only contact occasionally | For the duration of professional or business relationship; until objection |
Consent may be revoked by sending a message to info@krisztiantota.com. In this case I will immediately delete your personal data, except data I am obliged to store for other purposes. Data control prior to the withdrawal of permission will be considered legitimate.
Activity | Personal data involved | Purpose of data management | Duration of data management |
Releasing images (on the krisztiantota.com website, Krisztián Tóta photographer Facebook page, Krisztián Tóta photographer Instagram page) | image, and possibly audio recording related to the image (for serial and / or separate captions) |
presentation of activities, presentation of reference images | Until the revocation of consent, or until deletion. I have no real influence on deletion from social media. I may remove the picture from my own site, but if it was shared even once, it cannot be deleted without a trace. |
However, given the relationship between the Joint Controllers, I would also like to inform you that I do not really have any authority over the full process of joint data management; my influence extends to the use of social media plug-ins on my website, the collection of data that may be obtained through Facebook’s built-in cookies, and their transfer to Facebook. After this transfer I am not responsible for any further use or management by Facebook of the data collected; that is the sole responsibility of Facebook.
For further information by Facebook about Page Insights Data, information used to create Page Insights, responsibility for your information used to create Page Insights, please see the following link:
https://www.facebook.com/legal/terms/information_about_page_insights_data (English)
Facebook Ireland and dr. Krisztián Tóta (self-employed) as the Page admin have entered into an arrangement to determine their respective responsibilities for compliance with the obligations under the GDPR. The processing of personal data for Page Insights are subject to the joint controllership arrangement (Page Insights Controller Addendum). For further information, please see the following link:
https://www.facebook.com/legal/terms/page_controller_addendum (English)
According to the Addendum, Page admins do not have access to the personal data processed as part of events but only to the aggregated Page Insights. Events used to create Page Insights do not store IP addresses, cookie IDs or any other identifiers associated with people or their devices aside from a FB user ID for people logged in to Facebook.
The events logged by Facebook in order to create Page Insights are solely defined by Facebook and cannot be set, changed or otherwise be influenced by Page admins.
I have posted information about joint data management and cookies on my Facebook page on the Notes tab.
Activity | Personal data involved | Purpose of data management | Duration of data management |
Krisztián Tóta photographer Facebook page | name, public profile, public shares, likes, comments, private messages | Posting my activities, publishing my reference images, keeping in touch with interested parties, publishing my blog posts and short news stories, promoting special offers and new services. | Until liking and following the page is revoked. Prior data control will be considered legitimate.
|
Krisztián Tóta photographer Instagram page | name, public profile, public comments, private messages | Until the user unfollows the page. Prior data control will be considered legitimate.
|
I would like to inform you that I have linked my website to my two social networking sites (you can go to Facebook and Instagram, and you can share my posts on Facebook). These social networking sites also place cookies on your computer, including those that may collect personal information about you. However, as I mentioned, I do not get to know or see this data.
I use Google Analytics cookies to collect information about the behaviour, demographics, and interests of the visitors of my website. This will help me make my website clearer and easier to use in the future. These cookies are unable to personally identify you and they store your data collectively and anonymously. The IP address is only partially recorded.
Cookies are not operational until user clicks the relevant button. If you do not want social networking sites or Google Analytics to place cookies on your device, please make sure you choose the appropriate options in your browser.
You will find further information in the Cookie Policy document on how to disallow cookies in your browser.
Access to the full content of the site and mailing system as well as my newsletter mailing service.
Access to invoices issued to natural persons, and other accounting-related documents. They do not process any data other than recording and filing invoices.
They provide the interface for my social networking sites through shared data management (Krisztián Tóta photographer Facebook, Krisztián Tóta photographer Instagram page)
(https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en), which also applies to Google (https://policies.google.com/privacy/frameworks)
and Facebook (https://www.facebook.com/about/privacyshield).
Automattic complies with the GDPR by a contractual clause. (https://automattic.com/privacy/).
a) Access to personal data
You have the right to ask for feedback on whether your personal information is being processed, and if so, why I am processing it, what data I am processing, to whom I transfer it, how long it is stored, what other rights you have, where to complain, etc.
b) The right to rectification
If I have misspelled your name, or got your telephone number, e-mail address or any other personal information wrong, I will correct or complete it upon request. Even if you request me to do so, I will not modify the photo you may have attached with your letter, or the photo I took of you, unless this is retouch work what we agreed on prior to taking the photograph. The right to rectification is therefore not unlimited. If I give your personal information to someone, I will tell them to make the necessary rectifications too.
c) The right to erasure („The right to be forgotten”)
You do not even have to ask; I delete all your personal information without undue delay if you have withdrawn your consent to my permission-based data management (unless there is some other legal basis for data management) or I no longer need the data for the purpose for which I requested it.
In the unlikely event of me managing any of your personal data unlawfully, I will delete the data concerned of course.
Should you object to my data management based on legitimate interests, I will delete the personal data concerned unless there is an overriding legal reason for continued data management.
I only release personal data after receiving written permission to do so; therefore the right to be forgotten does not make sense in this context. If you wish to exercise your right to be forgotten, I will do my utmost to grant your wish.
d) The right to restriction
If you think I do not manage your personal data with precision, you may request restriction until we clarify the matter.
I have already mentioned that it is highly unlikely that I would manage your personal data unlawfully, but in this case you may request restriction instead of deletion.
It is possible that I might want to delete certain data which you need, for example in order to exercise your legal rights. In this case you may request restriction instead of deletion of the data in question, which means I keep it a little while longer.
If you object to your personal data being processed, the restriction is valid until there is a decision on whether my rightful reasons as data controller take precedence over your rightful reasons.
In this case my rights are restricted to data storage only.
e) The right to object
You may object to the processing of your personal information if my data management is based on a legitimate interest. This may only be the case with the contact details of my professional partners, and in the scope of my archiving activities (as specified in the notice elaborating the considerations of intended use), and it is not the legal basis of my data management for other activities. Exception to the right to object may be taken if I, as a data controller, I prove that data management is justified by compelling legitimate reasons which take precedence over your interests, rights and freedoms, or which are related to the filing, enforcement or defence of legal claims.
f) The right to data portability
You may request that your automated data be given to you in a structured, widely used, machine-readable format, or sent to another data controller. You may only request this if the legal basis for my data management is consent or contract. I will not hand over raw images in this case (as specified in the notice elaborating the considerations of intended use).
If you do not wish to discuss your complaint with me, you can also turn to the ”Nemzeti Adatvédelmi és Információszabadság Hatóság” (NAIH; National Authority for Data Protection and the Freedom of Information). Address: 1055 Budapest, Falk Miksa u. 9-11.; telephone number: +36 (1) 391-1400; e-mail: ugyfelszolgalat@naih.hu; postal address: 1530 Budapest, Pf. 5.).
Without affecting your right to complain to the supervisory authority (NAIH), you may enforce your rights in court, in a civil lawsuit. The court has jurisdiction to hear and determine the lawsuit. You will need to file a lawsuit with the court at your place of residence (for a list and contact details of the courts, see this link: http://birosag.hu/torvenyszekek).
Addendum on joint data management of Facebook and dr. Krisztián Tóta (self-employed):
According to the information available on Facebook’s website about Page Insights, Facebook Ireland and dr. Krisztián Tóta (self-employed) as the Page admin have agreed that Facebook Ireland is responsible for providing you with information about the processing for Page Insights and for enabling you to exercise your rights under the GDPR. Learn more about these rights in your Facebook settings. You can also contact Facebook Ireland’s data protection officer whose contact details can be found in Facebook Ireland’s Data Policy.
Facebook and dr. Krisztián Tóta (self-employed) as the Page admin have agreed that the Irish Data Protection Commission is the lead supervisory authority responsible for overseeing the processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission or with your local supervisory authority.
For any issue not covered above, please refer to the rules and regulations of the GDPR.
Dunakeszi, 6 April 2022