Embedded Files
Data processing information
This website is operated by Gooliversum Kft. Please read these terms and conditions before using the website. Please note that by using the website you accept these terms and conditions.
The purpose of this Data Management Notice is to record the data management principles and policies applied by Gooliversum Kft. (hereinafter referred to as the Data Controller), which the company, as the Data Controller, recognizes with binding force for itself.
When developing the provisions of the Data Protection Notice, the Data Controller took into particular consideration the provisions of Regulation 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or GDPR), Act CXII of 2011 on the right to informational self-determination and freedom of information (Infotv.), Act V of 2013 on the Civil Code (Ptk.), and Act XLVIII of 2008 on the basic conditions and certain limitations of commercial advertising activities (Grtv.).
In accordance with the rules of the EU General Data Protection Regulation 2016/679, this information ensures that natural persons using the services, before using any of the Data Controller's services, become aware of what personal data is being processed, how their personal data is being processed, what mandatory data protection rules apply to their legal relationship, what data processing practices the service provider engages in, what rights they have to protect their rights and interests, and for what purpose and where their data may be transferred.
The Regulation requires the User's consent before sending newsletters and using certain cookies to process the data of natural persons, otherwise data processing is legal even without consent. The User may withdraw his consent at any time, but this will result in him not receiving newsletters or not being able to use certain services of the Website.
The Data Controller is considered a data controller in relation to the users of the content available on the internet interface during the operation of the website https://www.gooliversum.hu/. The purpose of data management is to ensure the provision of services available on the website and to achieve personalized communication. The Data Controller guarantees the procedure in accordance with the data protection rules in accordance with the provisions of Act CXII. of 2011 on the right to information self-determination and freedom of information (Infotv.).
Although the Data Controller is committed to maintaining the highest quality of services, it does not assume any liability for any damages resulting from the use of the system. The Data Controller is committed to protecting the personal data of its partners and users, and considers it of paramount importance to respect the informational self-determination of its customers. The Data Controller treats personal data confidentially and takes all security, technical and organizational measures to guarantee the security of the data.
This privacy policy applies to the website, domain, application, and products and services sold through it, which are owned by Gooliversum Kft. The privacy statement, which is part of the Privacy Policy, serves to comply with the legal requirement to inform users about the legal basis and purpose of data processing.
Name of the data controller
The Data Controller is the owner of the website https://www.gooliversum.hu/, GOOLIVERSUM Information Technology, Service and Education Limited Liability Company
Registered office: 6722, Szeged, Szentháromság Street 16
Contact: kapcsolat@gooliversum.hu
Company registration number: 06-09-013184
Tax number: 14518270-2-06
Community tax number: HU14518270
Concepts
1, Personal data
Any data that can be linked to a specific (identified or identifiable) natural person (data subject), and a conclusion can be drawn from the data concerning the data subject. Personal data retain this quality during data processing as long as the link with the data subject can be re-established. A person is considered identifiable in particular if he or she can be identified - directly or indirectly - by reference to a name, an identification mark or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.
2, Registration system
A collection of personal data, structured in any way – centralized, decentralized, functional or geographical – that is accessible based on specific criteria.
3, Data Controller
The natural or legal person who processes personal data on behalf of the Data Controller.
4, Recipient
The natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether or not a third party. Public authorities which have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered recipients. The processing of such data by such public authorities shall be in accordance with the applicable data protection rules, in accordance with the purposes of the processing.
5, Affected
Any natural person who is identified or can be identified, directly or indirectly, on the basis of specific personal data.
6, Third party
A natural or legal person, or an organization without legal personality, who is not the same as the data subject, the Data Controller or the Data Processor.
7, Customer
A Data Subject who uses a service of the Data Controller.
8, User
Every natural person who contacts the Data Controller visits its website.
9, Data management
Any operation or set of operations performed on data, regardless of the method used, such as collection, recording, recording, organization, storage, alteration, use, transmission, disclosure by communication, alignment or combination, restriction, erasure, destruction, or any other action taken to prevent the further use of data. Data processing also includes the taking of photographs, audio or video recordings, and the recording of physical characteristics (e.g. fingerprints, palm prints, DNA samples, iris scans) suitable for identifying a person.
10, Profiling
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal characteristics relating to a natural person, in particular to analyse or predict characteristics relating to performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
11, Pseudonymization
Processing of personal data in such a way that it can no longer be determined without the use of additional information to which specific natural person the personal data relate, provided that such additional information is stored separately and technical and organizational measures are taken to ensure that the personal data cannot be linked to identified or identifiable natural persons.
12, Data processing
Performing technical tasks related to data processing operations, regardless of the method and means used to perform the operations, and the location of application.
13, Contribution
The Data Subject's voluntary and definite declaration of his/her wishes, based on adequate information and by which he/she gives his/her unambiguous consent to the processing of personal data concerning him/her, in full or in relation to certain operations.
14, Data protection incident
A breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
15, Protest
The Data Subject's statement objecting to the processing of his/her personal data and requesting the termination of data processing or the deletion of the processed data.
16, Data transmission
If the data is made accessible to a specific third party.
17, Data deletion
Making data unrecognizable in such a way that its recovery is no longer possible.
The concept of personal data processing
Any operation or set of operations which is performed on personal data or data files, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Principles of data processing
The processing of personal data is only lawful if and to the extent that at least one of the following is met:
the Data Subject has given consent to the processing of his/her personal data for one or more specific purposes;
the processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the data subject's request prior to entering into a contract;
the data processing is necessary for the fulfillment of a legal obligation applicable to the Data Controller;
the processing is necessary to protect the vital interests of the Data Subject or another natural person;
the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
the processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The Data Controller processes personal data in accordance with the principles of good faith, fairness and transparency, as well as the provisions of applicable laws and this Data Protection Notice.
The Data Controller uses personal data solely for the purpose for which it was collected, based on the consent of the Data Subject or for the performance of a contract.
The Data Controller processes personal data only for the purposes specified in this Data Protection Notice and in the relevant legislation. The scope of personal data processed is proportionate to the purpose of the data processing. In all cases where the Data Controller intends to use personal data for a purpose other than the purpose of the original data collection, it shall inform the Data Subject thereof and obtain his/her prior, express consent, or provide him/her with the opportunity to prohibit the use.
The Data Controller does not verify the personal data provided; the Data Subject who provided it is solely responsible for its adequacy.
The personal data of the Data Subject under the age of 16 may only be processed with the consent of an adult exercising parental supervision over him/her. The Data Controller is not able to verify the entitlement of the consenting person or the content of his/her declaration, so the Data Subject or the person exercising parental supervision over him/her guarantees that the consent complies with the law. In the absence of a consenting declaration, the Data Controller does not collect personal data relating to the Data Subject under the age of 16, with the exception of the IP address used when using the service, which is recorded automatically due to the nature of internet services.
The Data Controller does not transfer the personal data it processes to third parties other than the Data Processors specified in this Data Management Information. An exception to the provision contained in this point is the use of data in a statistically aggregated form, which does not contain any other data capable of identifying the Data Subject in any form, and therefore does not constitute data processing or data transfer. In certain cases – due to an official court or police request, legal proceedings for copyright, property or other infringement or reasonable suspicion thereof, the Data Controller may make the available personal data of the Data Subject available to third parties.
The Data Controller ensures the security of personal data, takes technical and organizational measures and develops procedural rules that ensure that the recorded, stored and processed data are protected and prevent their accidental loss, unlawful destruction, unauthorized access, unauthorized use and unauthorized modification, and unauthorized distribution. The Data Controller calls on all third parties to whom personal data is transmitted to fulfill this obligation.
In view of the relevant provisions of the GDPR, the Data Controller does not appoint a data protection officer.
Scope of personal data processed, purpose, legal basis and duration of data processing
1, Website visitor data, logs
The Data Controller records the IP address of the Users when visiting its own websites, the time of the visit and the address of the page viewed. The Data Controller uses the data to operate the protection system, detect errors, clarify disputes and prove abuse. The data is deleted after 2 months. The Data Controller does not use cookies for personal identification on its own websites.
2, Customer registration, ordering
The Data Controller's services can only be ordered after registration. The purpose and legal basis of data processing are the fulfillment of orders, the provision of services, maintaining contact with the Customer, the fulfillment of contractual obligations and exercising rights arising from the order, the fulfillment of accounting obligations, and sending newsletters and information letters. The personal data requested during registration are the following: username, password, name, address, telephone number, e-mail address, and in the case of ordering a certain domain name, the number of an identification document, according to the registration regulations of the given domain ending. The Data Controller stores the data necessary for the fulfillment of the contract for 5 years after the expiration of the subscription period, given that a civil law claim related to the contract may arise within this period.
The data controller retains accounting documents for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting.
3, Newsletter
The purpose of data management is to send an e-mail-based newsletter to interested parties, to provide information about current information and services. The legal basis for data management is the voluntary consent of the data subject or the legitimate interest of the Data Controller and Section 6 (5) of Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities. The scope of data managed: name, e-mail address. The duration of data management is until the withdrawal of consent in the case of a declaration of consent, or until the exercise of the right to object in the case of a legitimate interest of the Data Controller. The data subject may withdraw consent or exercise his or her right to object by clicking on the link in the newsletter sent, or may initiate it by sending a letter sent by post to the registered office of the Data Controller.
4, Customer service
The Data Controller provides customer service to Users. Depending on the form of the request, the User gives his consent to the processing of his personal data. The Data Controller records incoming e-mails, telephone conversations, messages sent using the contact forms on the website, online conversations, along with all voluntarily provided data, stores them for a maximum of 5 years and uses them in connection with the provision of the service.
5, Scope of additional data processed by the Data Controller
In order to provide service, the Data Controller places a data package (so-called "cookie") on the User's computer, the primary purpose of which is process identification and load distribution. All cookies are necessary for the basic operation of the website and are not suitable for personal identification. The User can delete the cookie from his/her own computer or set his/her browser to prohibit the use of cookies. By prohibiting the use of cookies, the User acknowledges that the operation of the given site is not complete without cookies.
The requirement of data security
The data controller is obliged to plan and implement data processing operations in a way that ensures the protection of the privacy of the data subjects.
The data controller, or within its scope of activity, the data processor, is obliged to ensure the security of the data, and is also obliged to take the technical and organizational measures and develop the procedural rules that are necessary to enforce the data protection and confidentiality rules.
The data must be protected by appropriate measures, in particular against unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, and against inaccessibility resulting from changes in the technology used.
Rights of data subjects and their enforcement
The data subject may request information from the data controller about the processing of his or her personal data, the correction of his or her personal data, and the deletion or blocking of his or her personal data - with the exception of mandatory data processing.
At the request of the data subject, the data controller shall provide information on the personal data processed by it or by the processor it has commissioned, the purpose, legal basis and duration of the data processing, the name, address (registered office) of the data processor and its activities related to the data processing, as well as on who receives or has received the personal data and for what purpose. The data controller shall provide the information in writing and in a plain language as soon as possible after the submission of the request, but no later than 30 days.
In the event of refusal to provide information, the data controller shall inform the data subject in writing of the provision of the Privacy Act on the basis of which the refusal to provide information was made. In the event of refusal to provide information, the data controller shall inform the data subject of the possibility of seeking legal redress in court and of contacting the National Authority for Data Protection and Freedom of Information (hereinafter referred to as the Authority).
If the personal data is not accurate and the data controller has accurate personal data at its disposal, the data controller shall correct the personal data.
Personal data must be deleted if its processing is unlawful, if the data subject requests it, it is incomplete or incorrect - and this condition cannot be legally remedied - provided that deletion is not precluded by law, the purpose of the data processing has ceased, or the statutory storage period for the data has expired, or it has been ordered by a court or the Authority.
Instead of erasure, the controller shall block the personal data if the data subject so requests or if, based on the information available to it, it can be assumed that the deletion would harm the legitimate interests of the data subject. Personal data blocked in this way may only be processed for as long as the purpose of the data processing that precluded the deletion of the personal data exists.
The data controller shall mark the personal data it processes if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established.
The data subject and all those to whom the data were previously transmitted for the purpose of data processing must be notified of the rectification, blocking, marking and deletion. Notification may be omitted if this does not prejudice the legitimate interests of the data subject in view of the purpose of data processing.
If the data controller does not comply with the data subject's request for rectification, blocking or erasure, it shall provide the factual and legal reasons for rejecting the request for rectification, blocking or erasure in writing within 30 days of receipt of the request.
If the request for correction, deletion or blocking is rejected, the data controller will inform the data subject about the possibility of legal recourse in court and of contacting the Authority.
The user may enforce his rights in court, and may also contact the National Data Protection and Freedom of Information Authority (1125. Budapest, Szilágyi Erzsébet fasor 22/c) in the event of a complaint regarding the data controller's data processing.
The trial falls within the jurisdiction of the court. The trial may also be initiated - at the choice of the person concerned - before the court of the place of residence or residence of the person concerned. The court shall proceed in the case out of turn.
6, The circle of persons who have access to the data.
6.1, Data transfer, data processing
The data is primarily accessible to the Data Controller and the Data Controller's internal staff, but it is not published and is not transferred to third parties, except for data processors and cooperating external service providers.
In the area of fulfilling orders, ensuring the operation of services, and settling accounts, the Data Controller may use a data processor or cooperate with external service providers.
6.2, Data processors
In relation to the customers, the Data Controller transfers data to the following companies and uses the following data processors. The Data Processors do not make independent decisions, they are only entitled to act in accordance with the contract concluded with the Data Controller and the instructions received. The data processors record, manage and process the personal data transmitted to them by the Data Controller and managed or processed by them in accordance with the provisions of the GDPR.
7, Rights of the Data Subject
7.1. Right of access
The Data Subject has the right to receive feedback from the Data Controller as to whether his/her personal data is being processed and, if such processing is in progress, he/she has the right to access his/her personal data and the information listed in the regulation.
7.2. Right to rectification
The Data Subject shall have the right to obtain from the Controller, upon request, the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purpose of the processing, the Data Subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary statement.
7.3. Right to erasure
The Data Subject has the right to request that the Data Controller erase personal data concerning him or her without undue delay, and the Data Controller is obliged to erase personal data concerning the Data Subject without undue delay if one of the following reasons applies:
a, the personal data are no longer necessary for the purposes for which they were collected;
b, the Data Subject withdraws his/her consent which forms the basis for the data processing and there is no other legal basis for the data processing;
c, the Data Subject objects to the processing of his/her data and there are no overriding legitimate grounds for the processing.
Where the Controller has made the personal data public and is obliged to erase them, the Controller, taking into account available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform the controllers processing the data that the data subject has requested the erasure of links to the personal data in question or of copies or replications of those personal data.
7.4. Right to restriction of data processing
The Data Subject has the right to request that the Data Controller restrict data processing if:
a, the Data Subject disputes the accuracy of the personal data;
b, the Data Controller no longer needs the personal data, but the data subject requires them to enforce legal claims.
7.5. Right to data portability
The Data Subject has the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format, if the data processing is based on consent or a contract and the data processing is carried out by automated means.
7.6. Right to object
The Data Subject has the right to object at any time to the processing of his or her personal data for reasons relating to his or her own situation, if the processing of the personal data is in the legitimate interest of the Data Controller.
8. Method of enforcement
For any questions or comments related to data management, you can contact the Data Controller at the contact details specified in point 2.
The Data Subject may directly contact the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; telephone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu) with a complaint regarding data processing.
In case of violation of the rights of the Data Subject, he/she may apply to the court. The court shall have jurisdiction over the case. The case may also be initiated – at the choice of the Data Subject – before the court of the place of residence or residence of the Data Subject. Upon request, the Data Controller shall inform the Data Subject of the possibility and means of legal remedy.
9, Applicable law, other provisions
This Data Protection Notice is governed by Hungarian law.
If the laws in force in the User's country impose stricter rules on the parties than those set out in this Privacy Policy, the User shall comply with them. However, the User acknowledges and accepts that the Data Controller's liability is based on the laws applicable to this Privacy Policy and excludes its liability to the fullest extent possible for non-compliance with the provisions of the User's country based on the applicable laws and court decisions.
This Data Management Notice is for information purposes only and is not sufficient in itself to fully understand the data management. In cases where this Data Management Notice does not provide a clear answer, the User may request information from the Data Controller using the contact details indicated in point 2.
10, Cookie Policy
Potential data controllers authorized to view the data: The data controller does not process personal data using cookies.
Description of the data subjects' rights regarding data processing: The data subject has the option to delete cookies in the Tools/Settings menu of the browser, usually under the settings of the Privacy menu item.
Based on Section 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following must be determined within the scope of the website's cookie data management:
a) the fact of data collection,
b) the range of affected parties,
c) the purpose of data collection,
d) the duration of data processing,
e) the identity of potential data controllers authorized to view the data,
f) description of the rights of the data subjects in relation to data processing.
Google Analytics
The Service Provider measures the website's traffic data using the Google Analytics service. Data is transmitted when using the service. The transmitted data is not suitable for identifying the data subject. More information about Google's data protection principles can be found here: http://www.google.hu/policies/privacy/ads/
Google Adwords
The website uses GoogleAdwords remarketing tracking codes. Remarketing is a feature that allows a website to display relevant ads to users who have previously visited a website while they browse other websites in the Google Display Network. The remarketing code uses cookies to mark visitors. Users visiting the web store can disable these cookies and read other information about Google's data processing at the following addresses: http://www.google.hu/policies/technologies/ads/ and https://support.google.com/analytics/answer/2700409. If a user disables remarketing cookies, they will not be shown personalized offers from the website.
1. Based on Section 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following must be determined within the scope of the website's data transmission activities:
a) the fact of data collection,
b) the range of affected parties,
c) the purpose of data collection,
d) the duration of data processing,
e) the identity of potential data controllers authorized to view the data,
f) description of the rights of the data subjects in relation to data processing.
2. The fact of data collection, the scope of data processed: the user's registered name on the Facebook.com social network and their public profile picture.
3. Scope of data subjects: All data subjects who have registered on the Facebook.com social network and liked the website.
4. Purpose of data processing: Sharing and liking certain content elements, products, promotions of the web store, or the website itself on Facebook.com.
The duration of data processing, the identity of potential data controllers authorized to view the data, and the rights of data subjects related to data processing: The data subject can find out about the source of the data, its processing, the method of transfer, and its legal basis at http://www.facebook.com/about/privacy/.
Data management is carried out on the Facebook.com website, so the duration and method of data management, as well as the possibilities for deleting and modifying data, are subject to the regulations of the facebook.com social network: (http://www.facebook.com/legal/terms?ref=pf), (http://www.facebook.com/about/privacy/)
Legal basis for data processing: the data subject's voluntary consent to the processing of their personal data on the Facebook.com website.
Browser cookie management
If you would like to learn more about what cookies your browser uses, please visit one of the following websites appropriate for your browser:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: http://support.apple.com/kb/PH5042
Windows Internet Explorer: http://support.microsoft.com/kb/196955
If you are using a mobile device, you can find information on the following pages:
Android: http://developer.android.com/reference/android/webkit/CookieManager.html
Blackberry: http://docs.blackberry.com/en/smartphone_users/deliverables/3200 /Turn_off_cookies_in_the_browser_60_1072866_11.jsp
Opera: http://www.opera.com/help/tutorials/security/privacy/
iOS: http://support.apple.com/kb/PH5042
Documents used:
Act CXII of 2011 – on the right to informational self-determination and freedom of information (hereinafter: Infotv.)
Act CVIII of 2001 – on certain issues of electronic commerce services and services related to the information society (mainly Section 13/A)
Act XLVII of 2008 – on the prohibition of unfair commercial practices against consumers;
Act XLVIII of 2008 – on the basic conditions and certain limitations of economic advertising activities (especially Section 6)
Act XC of 2005 on Electronic Freedom of Information
Act C of 2003 on Electronic Communications (specifically Section 155)
Opinion No 16/2011 on the EASA/IAB Recommendation on best practice in online behavioural advertising
Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation)
Szeged, April 16, 2025
Gooliversum Ltd.
Disclaimers
Illustrations, images, media content placed on the website
The images, illustrations and media content on the website are the creations of artificial intelligence (Gemini), the sole owner of which is Gooliversum Kft. If an image or illustration from an external source is used on the website, the source will always be indicated next to the given image or illustration.CC0 Creative Commons
Other visual content, images, illustrations related to the appearance of the site (logo, category images, etc.) were used under the terms of https://pixabay.com/ - CC0 Creative Commons - (Free for commercial use, no need to indicate the attributes).Page updated
Report abuse