Our Privacy Policy
for mYields Kft. and Services
Last updated: 2024 January 6.
mYields Kft., as the data controller, provides information on its data processing activity in relation to its services provided through www.myard.eu, www.mydentification.eu and www.myields.com (hereinafter referred to as the “Website”) by means of this Privacy Policy (hereinafter referred to as the "Privacy Policy"). When using our services, you provide us with information that constitutes personal data. We will only process your personal data in accordance with the purposes of the processing, to the extent, in the manner and for the duration necessary for the processing, and in accordance with the legal requirements, in particular Regulation (EU) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”).
Please note that only persons over the age of 18 are entitled to create an account and place an order on our Website!
For details on data processing, please read the following Privacy Policy.
Please do not hesitate to contact us at any of our below contact details if you have any further question regarding this Privacy Policy or the processing of personal data.
I. DATA CONTROLLER
The controller of the processing described in this Privacy Policy is:
name: mYields Korlátolt Felelősségű Társaság
registered seat: HU-1223 Budapest, Nagytétényi út 180-196.
company registration number: 01-09-372629
registered by: the Court of Registration of the Metropolitan Court of Budapest
tax number: 28756288-2-43
(hereinafter referred to as “We” or “mYields”)
Our contact details for queries relating to data processing:
postal address: HU-1223 Budapest, Nagytétényi út 180-196.
e-mail address: info@myields.com
phone: +36304072917
website: http://www.myard.eu
II. OUR DATA PROCESSING ACTIVITY
2.1 DATA PROCESSING RELATED TO USER ACCOUNTS
You may register an account at the Website. If you want to create a user account, you shall provide the information below when registering. You may then enter other details in your account to make future orders easier. . Account registration is not required to place an order/make a booking for our services at the Website.
What personal data do we process?
Data you provide during registration:
e-mail address
password
when registering by using a Facebook account we receive the following data from Facebook:
profile image
first name last name
e-mail address
when registering by using a Google account, we receive the following data from Google:
profile image
first name last name
e-mail address
You shall provide this information in order to register a user account, if you do not provide us with any of the above information we will not be able to create a user account for you.
Other data you may enter in your user account:
phone number
first and last name
additional e-mail address
You may record this data in your user account at any time. You are not required to record this information in your account, but if you wish to place an order, you shall provide us with this information in the ordering interface (see Section 2.2).
Other data we process in relation to your user account:
details of previous orders: order ID number; date of order (year, month, day, hour, minute); comment; name, quantity and price of the services ordered; total amount
date of account registration (year, month, day, hour, minute)
date of last activity (year, month, day, hour, minute)
saved payment details, payment type and provider.
Addresses used for previous orders on the website
Chat logs with our site members
Forum post and comments in the website
Bookings of previous and future consultations
What is the purpose of the processing?
The purpose of data processing is to identify the user and thus to enable the user to use the services provided on the Website (e.g. to make easier to place online orders, easy retrieval of previous ordersto place online orders; view order history, share use cases with the Website’s community, write comments on forum posts, chat with other site members, etc.), to keep records of user accounts and, if necessary, to send system messages in connection with the service.
On what legal grounds do we process your personal data?
We process your personal data for the purpose of using the Website’s services based on your freely given, informed consent (GDPR Article 6 (1) (a)). Without consent, the user account will not be created, and it will not be available to you. You may give your consent by ticking the relevant box in the registration interface.
How long do we process your personal data?
You shall confirm your registration in the confirmation email sent to you. If you fail to do so, your personal data provided during registration will be deleted after 48 hours, after which the registration confirmation link will become inactive. You may re-initiate your registration by re-filling the registration form.
The personal data processed in connection with the user account will be deleted from our database if
you request the deletion of the data (deletion of your user account);
you delete your user account;
you withdraw your consent to the processing;
you have not logged in to your user account for 5 years;
we terminate the Website.
If you forget your password, setting the new password will delete the previous one.
2.2 DATA PROCESSING RELATED TO ORDERS/BOOKINGS AND THEIR FULFILMENT
You may send us orders as it is set out in our Terms of Service.
What personal data do we process?
Data you provide when placing your order for Geospatial Services:
first and last name
e-mail address
billing address and / or shipping addresses
delivery method
payment type
Data you provide when booking Consultation Services:
first and last name e-mail address
phone number
payment type
When you place an order/book a consultation, we will only ask you to provide data that we need to record the order/booking and fulfil and deliver the service, so providing these data is a precondition for placing the order/booking a consultation. If you do not provide any of the requested data, your order/booking may not be sent and we will not be able to accept it.
Other data we process in relation to the orders placed:
order number
date of order (year, month, day, hour, minute)
order content
total price
order status (new order; completed; cancelled)
whether payment has been made
data contained in the invoice (name, address, tax number, invoice number, date, date of execution, payment deadline, gross and net amount, VAT amount, etc.)
Other data we process in relation to the bookings sent:
date of booking (year, month, day, hour, minute)
the booked session
booking schedule
total price
status (new booking; completed; cancelled)
whether payment has been made
data contained in the invoice (name, address, tax number, invoice number, date, date of execution, payment deadline, gross and net amount, VAT amount, etc.)
In the following “order” shall mean the order for Geospatial Services and the booking for Consultation Services as well.
What is the purpose of the processing?
We process data for the following purposes:
to record, confirm, register and fulfil the order, to deliver the order and to contact you during the fulfilment or delivery of the order,
enforcing claims and rights arising from the order as a contract,
the purpose of processing the data relating to the invoice issued is to fulfil the statutory accounting obligations.
On what legal grounds do we process your personal data?
By placing the order and its confirmation by us, a contract is concluded between you and mYields for the fulfilment of the order. In this regard, the legal basis for processing the above data is the conclusion and performance of the contract pursuant to Article 6 (1) (b) of the GDPR, and after the performance of the contract - pursuant to Article 6. (1) (f) of the GDPR - our legitimate interest in ensuring the settlement of any disputes arising in connection with the performance of the contract. The interest assessment test is attached hereto as Annex No 1.
We are legally obliged to process the data contained in the invoice pursuant to Section 169 of Act C of 2000 on Accounting (hereinafter referred to as “Accounting Act”). (Article 6 (1) (c) of the GDPR.)
How long do we process your personal data?
We process all data for 5 years after the order has been fulfilled in accordance with Section 6:22 of Act V of 2013 on the Civil Code (hereinafter referred to as “Civil Code”), in order to enforce the claims and rights arising from the order as a contract.
We shall keep the invoices issued and the data contained therein for a period of 8 years pursuant to Section 169 (2) of the Accounting Act.
2.3 DATA PROCESSING RELATED TO COMPLAINT HANDLING
What personal data do we process?
In case of written complaint:
your name;
your mailing address or e-mail address;
the subject and content of your complaint, the data contained in the documents you have provided to us in connection with your complaint.
In case of oral complaint, if you are in disagreement with the way the complaint is handled, or if the compliant cannot be investigated immediately, we record the complaint containing the following information:
your name, address,
place, date and manner in which the complaint was lodged,
detailed description of your complaint, the list of the documents and other evidence you have provided,
our position on your complaint, if an immediate investigation of the complaint is possible,
the signature of the person who took the report and - except in the case of oral complaint by phone - your signature,
place and date when the complaint was recorded,
in the case of an oral complaint made by telephone, the unique identification number of the complaint.
If you do not provide us with any data necessary to resolve your complaint, we will consider your complaint on the basis of the information available, unless the missing information does not allow us to consider your complaint.
What is the purpose of the processing?
The purpose of data processing is to record, manage and document complaints made by consumers orally, by phone, in writing or by electronic mail and to contact the complainant during the complaint handling process, in accordance with the provisions of Article 17/A of Act CLV of 1997 on Consumer Protection (hereinafter referred to as „Consumer Protection Act”).
On what legal grounds do we process your personal data?
The content of the record of the complaint and the other obligations on businesses in relation to complaint handling are specified in Section 17/A of the Consumer Protection Act. We - in accordance with Article 6 (1) (c) of the GDPR - process the above data in order to fulfil these legal obligations.
How long do we process your personal data?
We keep the complaint (record of the complaint, written complaint), the response to the complaint (or a copy thereof), as well as the documents related to the investigation of the complaint and thus the data contained therein for 5 years pursuant to Paragraph (7) of Section 17/A of the Consumer Protection Act.
2.4 PROCESSING RELATED TO CONTACTING PURPOSES
What personal data do we process?
In case of enquiries by e-mail:
· name
· e-mail address
· any other personal data you have provided (including in particular your contact details and the circumstances of the case with which you contacted us)
In case of letters sent by post:
· name of sender
· sender's address
· date of delivery of the letter
· any other personal data you have provided (including in particular your contact details and the circumstances of the case with which you contacted us)
In case of enquiries by telephone:
· name
· phone number
· date of conversation
· any other personal data you have provided (including in particular your contact details and the circumstances of the case with which you contacted us)
If you do not provide us with any data necessary to respond to your enquiry, we will respond on the basis of the information available, unless the missing information does not allow us to do so.
What is the purpose of the processing?
If you contact us with a query (e.g. to enquire about our products or services), we will process the personal data you provide or that we obtain for the purpose of responding to your query and contacting you in this regard.
On what legal grounds do we process your personal data?
The legal basis for processing the above data is our legitimate interest to record and respond to the enquiries pursuant to Article 6 (1) (f) of the GDPR. The interest assessment test is attached hereto as Annex No 2.
How long do we process your personal data?
We will delete the personal data (including e-mails) processed in connection with enquiries after the purpose of the processing has ceased. Accordingly, if the request and the response are no longer necessary for the purposes of further administration, they will be deleted immediately, otherwise they will be deleted after the handling of the request has been completed.
2.5 PROCESSING RELATED TO NEWSLETTERS
What personal data do we process?
· name
· e-mail address
In lack of any of the personal data, we are not allowed to accept your newsletter subscription.
What is the purpose of the processing?
If you subscribe to our newsletter, we process your personal data disclosed to us through your subscription for the purpose to send newsletters to your e-mail address from time to time. In our newsletters we inform you of our products, services, special offers, and you can read news and be informed of events related to our activities and our company (processing for direct marketing purposes).
On what legal grounds do we process your personal data?
We process your personal data based on your freely given, informed consent (Article 6 (1) (a) GDPR). Without consent, we cannot accept your subscription and therefore we will not send you our newsletters.
You can give your consent by filling in the subscription form and your subscription shall be confirmed by clicking on the link you will find in the email sent to you.
How long do we process your personal data?
If you do not confirm your subscription within 24 hours via the link in the subscription confirmation email, we will immediately delete the personal data you provided at your subscription. In this case, if you wish to subscribe, you have to repeat your subscription by filling out the form again.
Your personal data processed in connection with the newsletters will be deleted, if
you ask us to do so,
you withdraw your consent,
you unsubscribe.
You can unsubscribe from our newsletter at any time, free of charge, without justification or restriction:
by clicking on the "Unsubscribe" link in the footer of the newsletters;
by a request for unsubscription sent via e-mail to info@myields.com;
by a request for unsubscription sent by post to mYields Kft. at HU-1223 Budapest, Nagytétényi út 180-196.
2.6 INFORMATION COLLECTED IN CONNECTION WITH THE USE OF THE WEBSITE
2.6.1 LOG FILES
When you visit the Website, your web browser sends certain data to our web server. Our web server records automatically these data and stores them in log files. These data may include information such as your IP address, country code, city, browser name, type and version of device, Internet service provider, entry/exit pages, operating system, language settings, time of visit, clickstream data.
We use this information to operate the Website properly and safely, to track the operations on the Website in order to detect possible abuses, errors, and to improve and develop the functionality of the Website. We do not use these information to personally identify you.
The legal basis for processing these data - pursuant to Article 6. (1) (f) of the GDPR - is our legitimate interest to ensure the proper functioning of the Website, to optimize the Website and guarantee the security of our information technology systems. The collection and storage of the data in log files is absolutely necessary for the operation of the Website. The scope of the data processed and collected is not significant and we only use these data for the purposes mentioned above. We do not collect behavioural preferences and do not make automated decisions based on these data, nor do we send personalised offers to users on this basis. For all these reasons, data processing does not affect the fundamental rights and freedoms of the user disproportionately, our legitimate interest is not overridden by the rights and freedoms of the users.
The log files are stored for 24 months and then automatically deleted.
2.6.2 COOKIES
What are cookies?
A cookie is a small text file that may be placed on your computer or other browsing device when you visit a website. The cookie is placed on your device by the website, which stores it for a set period of time.
First party cookies are cookies set by the website you are visiting. Only that website can read them. In addition, a website might potentially use external services, which also set their own cookies, known as third-party cookies.
Persistent cookies are cookies saved on your computer and that are not deleted automatically when you quit your browser, unlike a session cookie, which is deleted when you quit your browser.
Cookies may store or search information on your browser. They may, for example, allow the website you visit to remember your actions for a certain period of time, e.g. to remember your individual preferences (e.g. login, language and other display settings), or they may also allow the website owner to obtain aggregate traffic data about the use of the website.
The cookies used on the Website do not collect or process any personal data about you in a way that could personally identify you, this data is not linked to other personal user data, i.e. we cannot identify you on the basis of this data.
The data recorded by the cookies is only accessible to the third party service providers who manage the cookies and by our company.
What cookies do we use and what do we do with the information they collect?
Types of cookies used on the Website:
- Cookies essential for the functioning of the Website (necessary cookies): these cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website, therefore these are essential for the proper functioning of the Website. The use of these cookies is solely for the purpose of ensuring the functioning of the Website and its essential functions, and therefore the legal basis for the processing of such cookies is our legitimate interest in the operation of the Website in accordance with Article 6 (1) (f) of the GDPR. The website cannot function properly without these cookies.
- Statistic cookies: these cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. The legal basis for the processing of these cookies is the consent of the user pursuant to Article 6 (1) (a) of the GDPR.
- Marketing cookies: these cookies collect information about the user's activity on websites in order to measure the user's interest and thus display ads on the websites that match the user's interest. These cookies also do not identify the user personally, but collect information such as which page the user has visited, which part of the website the user has clicked on, how many pages the user has viewed, etc. For these cookies, the legal basis for processing is the consent of the user pursuant to Article 6 (1) (a) of the GDPR.
With the exception of cookies strictly necessary for the functioning of the Website, the use of cookies is based on your consent. If you accept the use of all cookies, you can give your consent by clicking on the "Accept" button in the cookie notification bar, otherwise you can click on the "Settings" button to set your cookie preferences. Cookies will only be used if you have given your consent. You can change your settings (withdraw your consent) at any time.
Detailed list of cookies used on the Website.
How can you turn off cookies?
Most browsers automatically enable cookies by default. If you do not want the information described above to be collected about you in connection with your use of the Website, you can disable cookies in your Internet browser settings, in whole or in part, or otherwise change your cookie settings.
Please note that because some of the cookies used by the Website are intended to facilitate or enable you to use the Website, if you disable the use of these cookies, you may not be able to use the full functionality of the Website or the Website may not function as intended in your browser.
You can set cookies in each browser by proceeding as follows:
Internet Explorer:
https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Firefox:
https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
Google Chrome:
https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform%3DAndroid
Safari:
https://Fsupport.apple.com/en-hk/guide/safari/sfri11471/mac
III. WHO MAY HAVE ACCESS TO YOUR PERSONAL DATA?
Your personal data may be accessed by our employees involved into the data processing, by our data processors and their staff and by other persons as set out in this Privacy Policy. All of them are required to process the personal data available to them as confidential. The data will not be disclosed to third parties who are not entitled to know them.
Personal data may be disclosed within the company to the following persons in the course of processing activities described in Section II: managing director, members of the company.
PLEASE NOTE THAT YOU USER PROFILE IS PUBLIC BY DEFAULT WHICH MEANS THAT OTHER REGISTERED USERS MAY SEE YOUR PROFILE PAGE, YOUR POSTS, COMMENTS AND MAY CONTACT YOU VIA THE CHAT FUNCTION. If you want to hide your profile page and social aspects of your account, you can make your profile private in My Account > Account settings > Profile visibilty. If private, your profile will not be visible to other registered users, you cannot comment or like posts and you cannot follow other users. Also, you will leave the groups, you have joined.
A. PROCESSORS
We engage processors to perform certain operations on personal data listed above.
The processors shall act in accordance with the legal regulations and our instructions during performance of their operation. The processors may process the personal data only in accordance with the instructions of the controller, may not process the data for his/her own purposes, and shall store and retain the personal data in accordance with the instructions of the controller.
We reserve the right to engage further processors in the future. Any change in processors will be announced through updating of this Privacy Policy.
Our data processors and their tasks
B. DATA TRANSFER TO RECIPIENTS NOT CONSIDERED AS PROCESSORS
We disclose personal data to courts, prosecutor's offices and other authorities in accordance with our legal obligations or in the case of enforcement of claims for legitimate interest, to the extent and in the manner necessary or prescribed by law.
In case we need to raise any legal claims against you, your personal data may be disclosed to our legal partners and our debt collection partners on the basis of our legitimate interest, to the extent necessary for their services.
In case of online payment by credit card the system redirects you to the online payment interface provided by our financial service provider …………… (seat:……………, contact: ……………..). The payment is made through this interface. In order to ensure the successful processing of the payment and the traceability of the transaction, the following data will be provided to the financial service provider: ……………….. The data provided on the online payment interface are only seen and processed by the financial service provider, we shall not see or store your credit card data. The financial service provider shall only notify us of the success of the payment. Privacy Policy of the financial service provider is available on the following website: …………………..
IV. SECURITY OF PERSONAL DATA
We are committed to implement appropriate measures to ensure the security of personal data. As part of this, we adopt and develop as well as regularly review all technical and organisational measures and procedural rules, which ensure that the personal data processed by us is secured. We will do our best to prevent the destruction, unauthorized use or alteration of the data. We ensure that the personal data processed cannot be accessed, disclosed, transferred, modified or erased by any unauthorized person.
We advise all those to whom we transfer personal data to comply with the data security requirements, and we also require this from our employees involved in data processing operations.
Within the framework of the above we design and select information technology solutions to ensure exclusivity for authorised person in the access to the personal data and to guarantee authenticity and integrity of personal data. We implement and apply, among others, password-protected access systems, logging of activity and regular backups.
We monitor the technological developments at any time, and apply the available technical, technological, organizational solutions that meet the level of protection justified by our data processing.
V. PERSONAL DATA BREACH
All cases are classified as personal data breach when an unauthorized person has access to personal data or the data is destroyed, lost, altered, e.g. the database is destroyed or the media on which the data was stored get lost.
In the event of personal data breach, we assess its effects and risks (what kind of data are affected, in what quantity, can they be restored, etc.) and take immediate action for remedy. Within 72 hours of becoming aware of the data breach, we will report it to the Hungarian Data Protection Authority unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will give information about it on our Website or notify the affected people directly as far as possible.
We also keep records of data breaches as required by law.
VI. YOUR RIGHTS
Withdraw of consent: Where we process your data on the basis of your consent, you have the right to withdraw your consent at any time without giving any reason. Once your consent has been withdrew your personal data will be deleted unless there is another legal ground for processing. Withdrawal of consent shall not affect the lawfulness of any prior processing.
Right of access: You shall have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:
the purposes and the legal ground of the processing, your personal data processed by us and their categories, the recipients or categories of recipients (including the processors) to whom the personal data have been or will be disclosed (where personal data are transferred to a third country, you shall have the right to be informed of the appropriate safeguards relating to the transfer), the legal ground of the data transfer, period for which the personal data will be stored, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing, the right to lodge a complaint with the Hungarian Data Protection Authority, the source of the data, the circumstances and effects of the possible data breach and the measures implemented for their prevention.
Simultaneously we shall also provide a copy of the personal data undergoing processing The first copy is free of charge, but we are entitled to charge a reasonable fee for each additional copy. The amount of such fee will be notified to you in advance.
Right to rectification and supplementation: You have the right to ask us to correct your inaccurate personal data or to complete your incomplete personal data (indicating the correct data). We will make the correction or completion without undue delay and will notify you in writing when we have done so.
Therefore, if you notice that any of your personal data is incorrect, inaccurate or incomplete, or if your personal data has changed in the meantime (name change, change of address, etc.), please let us know.
You can also modify the information recorded in your user account after logging in to your account in the My Account menu.
Right to erasure (‘right to be forgotten’): You are entitled to request the erasure of your personal data. Please note that erasure of data may be refused, especially if we need or may need the data in order to fulfil our legal obligation or enforce a claim.
Withdrawal of your consent to the processing also entails the deletion of the data if there is no other legal ground for the processing.
In the case of data processing based on consent, the withdrawal of your consent also implies the deletion of the data. If we process your data on the basis of our legitimate interests and you have objected to the processing, we will delete your data, unless we have overriding legitimate grounds for the processing.
Furthermore, erasure takes place if
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation out of EU law or national law.
You can also delete your user account by sending an e-mail to info@myields.com with your account registered e-mail address.
Right to restriction of processing: You shall have the right to obtain from us restriction of processing where one of the following applies (i) the accuracy of the personal data is contested by you, in which case the restriction applies for the period enabling us to verify the accuracy of the personal data; (ii) the processing is unlawful and you opposes the erasure of the personal data and requests the restriction of their use instead; (iii) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (iv) you has objected to processing, in which case the restriction applies until it is established whether our legitimate grounds prevail over your legitimate grounds.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
In case of restriction of processing you shall be informed by us before the restriction of processing is lifted.
Right to object: Regarding data processing based on our legitimate interest or that of a third party, you may object to our data processing if you feel that the data processing is prejudicial to you.
If you object, your personal data will be deleted, unless there are compelling legitimate grounds for the processing which override your interests or rights, or for the establishment, exercise or defence of legal claims.
Right to data portability: You shall have the right to receive the personal data concerning you, which you has provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, where the processing is based on consent or on a contract and the processing is carried out by automated means.
VII. SUBMISSION OF REQUESTS AND ANSWERING THEM
Please send us your requests regarding your above rights in writing to info@myields.com or by post to mYields Korlátolt Felelősségű Társaság at HU-1223 Budapest, Nagytétényi út 180-196. In the letter, please provide information necessary to confirm your identityalong with your correspondence address. If we have any doubts about your identity or the data provided for identification is insufficient, we are entitled to request the provision of additional information necessary to confirm your identity.
We provide information on action taken on your request to you within one month of receipt of the request. That period may be extended by two further months where necessary. We inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
We provide any communication and any action free of charge. However, where requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either charge a reasonable fee or refuse to act on the request.
We shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed unless this proves impossible or involves disproportionate effort. We shall inform you about those recipients if you request it.
VIII. DAMAGES AND RESTITUTION
Should we cause any damage to you or to a third person through unlawful or unsecure processing of your personal data, you or the person suffered damage is entitled to require damages from us. If, in this regard, we infringe your privacy, you are entitled to claim restitution.
Please note that we shall be exempt from liability if the damage is proven to be caused by an unavoidable external cause outside the scope of the data processing or if the damage comes from your deliberate or grossly negligent behaviour.
IX. REMEDIES
9.1. Contacting the controller
If you consider that we are processing your personal data unlawfully, please advise us, as the controller, of your observations or claims first, at any of our contact details listed in paragraph I so that we can process and handle your remarks as quickly and efficiently as possible.
9.2. Submitting a complaint at the data protection authority
In the event of unlawful processing, you also have the right to turn to the National Authority for Data Protection and Freedom of Information (NAIH) and initiate their proceedings.
Contact details of the authority:
website: http://www.naih.hu/
address: 1055 Budapest, Falk Miksa utca 9-11.
postal address: 1363 Budapest, Pf.: 9.
e-mail: ugyfelszolgalat@naih.hu
9.3. Going to court
Please note that you are entitled to lodge a claim at court. You may file the lawsuit at the county court having jurisdiction based on our seat or your permanent as well as temporary place of residence.
9.4. Complaints regarding newsletters
You can turn also to the National Media and Communications Authority regarding advertisements sent by electronic means (newsletter).
Detailed list of cookies used on the Website:
debug
Provider: engage.wixapps.net
TYPE: HTTP, Necessary
EXPIRY: Persistent
Cookie purpose description:
This cookie is used to detect errors on the website - this information is sent to the website's support staff in order to optimize the visitor's experience on the website.
firebase:host:#.firebaseio.com
Provider: engage.wixapps.net
TYPE: HTTP, Necessary
EXPIRY: Persistent
Cookie purpose description: Use for system effectiveness.
hs
Provider: myard.eu
TYPE: HTTP, Necessary
EXPIRY: Session
Cookie purpose description:
Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the
security of the website and visitor
ssr-caching
Provider: myard.eu
TYPE: HTTP, Necessary
EXPIRY: 1 minute
Cookie purpose description:
This cookie is necessary for the cache function. A cache is used by the website to optimize the response ti me between the visitor and the website. The cache is usually stored on the visitor’s browser.
TS#
Provider: myard.eu
TYPE: HTTP, Necessary
EXPIRY: Session
Cookie purpose description: Used for security and anti-fraud reasons.
XSRF-TOKEN
Provider: myard.eu
TYPE: HTTP, Necessary
EXPIRY: Session
Cookie purpose description: Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.
XSRF-TOKEN
Provider: wix.com
TYPE: HTTP, Necessary
EXPIRY: Session
Cookie purpose description:
Ensures visitor browsing-security by preventing cross-site request forgery. This cookie is essential for the security of the website and visitor.
_ga
Provider: Google Analytics
TYPE: HTTP, Statistic
EXPIRY: 2 years
Cookie purpose description: Used to distinguish users. Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
_gat
Provider: Google Analytics
TYPE: HTTP, Statistic
EXPIRY: 1 minute
Cookie purpose description: Used to throttle request rate.
_gid
Provider: Google Analytics
TYPE: HTTP, Statistic
EXPIRY: 1 day
Cookie purpose description: Used to distinguish users. Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
collect
Provider: Google Analytics
TYPE: Pixel, Statistic
EXPIRY: Session
Cookie purpose description: Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.
fedops.logger.sessionId
Provider: myard.eu
TYPE: HTML, Statistic
EXPIRY: 12 months
Cookie purpose description: Used for stability/effectiveness measurement. Registers statistical data on users' behaviour on the website. Used for internal analytics by the website operator.
firebase:previous_websocket_failure
Provider: engage.wixapps.net
TYPE: HTML, Statistic
EXPIRY: Persistent
Cookie purpose description: This cookie is used to detect errors on the website - this information is sent to the website's support staff in order to optimize the visitor's experience on the website.
ec
Provider: frog.wix.com
TYPE: Pixel, Marketing
EXPIRY: Session
Cookie purpose description: Registers data on visitors from multiple visits and on multiple websites. This information is used to measure the efficiency of advertisement on websites.
svSession
Provider: myard.eu
TYPE: HTML, Marketing
EXPIRY: 2 years
Cookie purpose description: Used in connection with user login. Tracks a visitor across all wix.com sites. The information collected can be used to make advertisement more relevant for the visitor.
capsule|#|##wix-visitor-data-key-#
Provider: myard.eu
TYPE: HTML, Necessary
EXPIRY: Persistent
Cookie purpose description: Generate a random key for visitors for better user experience.
fedops.logger.defaultOverrides
Provider: engage.wixapps.net
TYPE: HTTP, Functional
EXPIRY: 1 day
Cookie purpose description: mark website development status.
platform_app_#-#-#-#-#_#-#-#-#-#
Provider: myard.eu
TYPE: HTML, Functional
EXPIRY: Persistent
Cookie purpose description: enabling external apps functional records.
Our data processors and their tasks:
Wix.com, Inc
seat: 500 Terry Francois Blvd., 6th Floor, San Francisco, CA 94158 USA,
website: www.wix.com
e-mail: abuse@wix.com
Task: providing website hosting in relation to the operation of the Website and the databases related to the Website
Obtained personal data: personal data listed in Section 2.1, 2.2, 2.5.
Task: providing website hosting (storing personal data) in relation to the operation of the Website and the databases related to the Website
Obtained personal data: personal data listed in Section 2.1, 2.2, 2.5., 2.6.
We use the services of Wix.com, Inc to operate our Website. The Wix.com, Inc is a company incorporated in Israel who stores the personal data in data centers located in the USA, Ireland, South Korea, Taiwan and Israel. It means that – in case of transfer to USA, South Korea, Taiwan and Israel - your personal data will be transferred to countries that are considered third countries under the GDPR.
The European Commission has recognised Israel as providing adequate protection and on 16 June 2021, the Commission launched the procedure for the adoption of an adequacy decision for transfers of personal data to South Korea under the GDPR. In relation to USA and Taiwan no adequacy decision has been adopted and no procedure for the adoption has been launched.
Currently, concerning the transfer of data to USA, Taiwan and South Korea, Wix.com, Inc ensures an adequate level of protection for personal data by accepting Standard Contractual Clauses adopted by the European Commission. Data processing agreement of Wix.com, Inc is available on the following website: www.wix.com/about/privacy-dpa-users
Microsoft Ireland Operations Ltd
seat: One Microsoft Place, South County Business Park Leopardstown Dublin 18, D18 P521 Ireland
Task: operating the SharePoint and Cloud Service we use to store data, and share files in the collaboration with our customers; storing personal data,
Obtained personal data: personal data listed in Section 2.1-2.5. which are stored electronically
Billingo Technologies Zártkörűen Működő Részvénytársaság
Task: Invoice preparation and send out.
Obtained personal data: the invoices issued and thus the data contained in the invoices
Acounto Magyarország Kft.
seat: 7630 Pécs, Koksz utca 13. Hungary
contact: info@acounto.com
Task: accounting and bookkeeping
Obtained personal data: the invoices issued and thus the data contained in the invoices
Stripe Payments Europe, Ltd.
seat: The One Building, 1, Lower Grand Canal Street, Dublin 2, Ireland
contact: info@stripe.com
Task:manage credit card payments
Obtained personal data: credit card details and online payment logs
ANNEX
Last updated: 2021 Sept 15
No. 1.
Interest assessment test
– on data processing for law enforcement purposes –
Subject of data processing: processing of certain personal data of natural persons (hereinafter referred to as "Data Subjects") who place an order with mYields. “Order” shall mean the order for Geospatial Services and the booking for Consultation Services as well.
Legitimate interest as legal basis: having examined the provisions of Article 6 of the GDPR, we have concluded that the lawfulness of the processing of data is based on the legitimate interest of the controller pursuant to Article 6 (1) (f) of the GDPR.
Personal data to be processed: the data listed under "What personal data do we process?" in Section 2.2 of the Privacy Policy (including the data provided by the Data Subject when placing the order and other data processed by us in connection with the placed order).
Purpose of data processing: to enforce the claims and rights arising from the order as a contract, to ensure that any disputes arising in connection with the performance of the contract can be settled.
Legitimate interest: the possibility of evidence in the event of a dispute.
Rights of the data subject that may be affected: the data subject's right to information self-determination
Interest assessment: In the event of a dispute about an order as a contract and its performance, whether in or out of court, it is in our vital interest to be able to prove the content of the contract and that it has been properly performed. In order to do so, we need to keep the order data to be able to establish the contractual position of the parties, their rights and obligations under the contract.
Claims arising from the contract can be enforced within the 5-year limitation period under the Civil Code. We keep the data within this period because there is a real chance of enforcement within this period. Although it is not foreseeable at the beginning of data processing whether a dispute will arise in connection with the order, if we do not retain the data, we would not be able to prove our claims in the event of a dispute, which would make it impossible to enforce the claim and would most likely lead to the loss of the dispute in a specific case.
We have examined whether there is another way to achieve our legitimate interest objective with fewer restrictions on the Data Subject's right to information self-determination. In doing so, we found that the data recorded in relation to the order is limited to the data strictly necessary for the conclusion and performance of the contract relating to the order, and therefore we have not found any means that would be less restrictive of the Data Subject's right to information self-determination. For example, not retaining all data related to orders, but deleting some data after the order has been fulfilled, could jeopardise the reconstruction of the specific content of the order (contract) at a later stage.
The Data Subject will be duly informed by means of the Privacy Privacy prior to placing the order that his/her data will be processed for the above purposes, and the Data Subject should also be aware that the data relating to his/her order may be retained after the order has been fulfilled and may be used in the event of a dispute. In view of this and the above, the Data Subject will not be disadvantaged by the processing, and his/her right to information self-determination will only be infringed to the extent that it is considered acceptable in terms of the necessity and proportionality of the processing.
Guarantees: We process the data solely for the purpose detailed above and the processing is limited to the data strictly necessary for the conclusion of the contract and thus for the proof of the contract. The technical and organisational measures detailed in the Privacy Policy ensure the prevention of any possible adverse effects on the Data Subjects. In our Company, access to data is restricted to persons whose knowledge of the data is strictly necessary for the performance of their work. We do not collect special data and do not use the data for purposes other than those for which they were originally collected.
Conclusion: On the basis of the above, we consider that we have a legitimate interest in the processing of order data for law enforcement purposes, and that this legitimate interest is not overridden by the rights and freedoms of the Data Subject.
No. 2.
Interest assessment test
– concerning the data of natural persons who contact mYields –
Subject of data processing: processing of certain personal data of natural persons who contact us by telephone, postal mail or e-mail (hereinafter referred to as "Data Subjects").
Legitimate interest as legal basis: having examined the provisions of Article 6 of the GDPR, we have concluded that the lawfulness of the processing of data is based on the legitimate interest of the controller pursuant to Article 6 (1) (f) of the GDPR.
Personal data to be processed: the data listed under "What personal data do we process?" in Section 2.4 of the Privacy Policy.
Purpose of data processing: responding to enquiries received and contacting the Data Subject in this regard.
Legitimate interest: to respond efficiently and promptly to enquiries received by mYields.
Rights of the data subject that may be affected: the data subject's right to information self-determination; identification of a natural person on the basis of other data
Interest assessment: It is in our interest to perform our activities professionally and as efficiently as possible and, in this context, to respond efficiently and promptly to enquiries and questions received. Processing, recording of certain personal data of the Data Subject and contacting the Data Subject is indispensable in order to respond properly, professionally, efficiently and promptly to the incoming enquiries. In the cases examined in the context of this interest assessment, the contact is initiated by the Data Subject, who contacts our company by telephone or other means, and it is therefore also in the Data Subject's interest to respond to the enquiry promptly. By contacting us, the Data Subject voluntarily provides his or her personal data and it must be clear to the Data Subject that the data he or she has provided will be used by us to respond to the enquiry. In addition, the Data Subject decides the channel through which he or she contacts us and thus the data he or she makes available to us. In addition to the data provided by the Data Subject, we may only ask the Data Subject to provide such additional data as is strictly necessary to respond to the request.
Guarantees: We will process the Data Subject's data solely for the purpose of responding to the enquiry received and will process only the information necessary for this purpose (as reasonably required by the Data Subjects). The technical and organisational measures detailed in the Privacy Policy ensure the prevention of any possible adverse effects on the Data Subjects. In our Company, access to data is restricted to persons whose knowledge of the data is strictly necessary for the performance of their work. We do not collect special data and do not use the data for purposes other than those for which they were originally collected.
Conclusion: On the basis of the above, we consider that we have a legitimate interest in processing the data of the Data Subjects in relation to the enquiries we receive from them, and that this legitimate interest is not overridden by the rights and freedoms of the Data Subject.