PRIVACY POLICY
I. Legal Basis and Purpose of this Privacy Policy; Data Controllers
For the drafting of this policy, special consideration was given to the provisions of Act CXII of
2011 on the Right to Informational Self-Determination and Freedom of Information
(Infotv.), the provisions of Act VI of 1998 regarding the promulgation of the “Convention for
the Protection of Individuals with Regard to Automatic Processing of Personal Data” of 28
January 1981, enacted in Strasbourg, the provisions of Regulation (EU) 2016/679 of the
European Parliament and of the Council (hereinafter: GDPR), and the recommendations of
the ‘ONLINE PRIVACY ALLIANCE’.
This Privacy Policy and all data protection issues therein shall be governed by Hungarian
law, and any legal disputes arising in any data protection context shall fall under the
jurisdiction of Hungarian courts of law, stipulating the exclusive jurisdiction of Hungarian
courts of law that have competence for the relevant area according to the postal code of
the Data Controller’s or Controllers’ registered seat.
The purpose of this Privacy Policy is to secure in the territory of each Party for every
individual, whatever his nationality or residence, respect for his rights and fundamental
freedoms, and in particular his right to privacy, with regard to automatic processing of
personal data relating to him (“data protection”) for the full range of our services.
Data Controllers:
Ntice Kft.
Registered seat: H-1135 Budapest, Reitter Ferenc utca 50.
Company registration number: 01-09-202441
Contact information of the data protection officer: adatvedelem@dace.hu
(hereinafter: Data Controller)
Data Processors:
Dating Central Europe Zártkörűen Működő Részvénytársaság
Registered seat: H-1135 Budapest, Reitter Ferenc utca 50.
Company registration number: 02-10-060413
II. Definition of personal data related terms
personal data means any information relating to an identified or identifiable natural person
(hereinafter: data subject); an identifiable natural person is one who can be identified, directly
or indirectly, in particular by reference to an identifier such as a name, an identification number,
location data, an online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that natural person;
sensitive data means personal data revealing racial or ethnic origin, political opinions, religious
or philosophical beliefs, or trade union membership, and genetic data, biometric data for the
purpose of uniquely identifying a natural person, data concerning health or data concerning a
natural person’s sex life or sexual orientation;
data processing means any operation or set of operations which is performed on personal data
or on sets of personal data, whether or not by automated means, such as collection, recording,
organization, structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction;
data transfer means making data accessible to a third party; publication means making data
accessible to anyone;
data controller means the natural or legal person, public authority, agency or other body which,
alone or jointly with others, determines the purposes and means of the processing of personal
data; where the purposes and means of such processing are determined by Union or Member
State law, the controller or the specific criteria for its nomination may be provided for by Union
or Member State law;
processor means a natural or legal person, public authority, agency or other body which
processes personal data on behalf of the controller; erasure of data means rendering data
unrecognizable by making it unrecoverable; automated data file means any set of data
undergoing automatic processing;
automatic processing includes the following operations if carried out in whole or in part by
automated means: storage of data, carrying out of logical and/or arithmetical operations on
those data, their alteration, erasure, retrieval or dissemination.
III. Basic Principles of Data Processing
In line with Article 5 of the GDPR, the Data Controller shall ensure that personal data are
a) processed lawfully, fairly and in a transparent manner in relation to the data subject
(‘lawfulness, fairness and transparency’);
b) collected for specified, explicit and legitimate purposes and not further processed in a manner
that is incompatible with those purposes; further processing for archiving purposes in the
public interest, scientific or historical research purposes or statistical purposes shall not be
considered to be incompatible with the initial purposes (‘purpose limitation’);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they
are processed (‘data minimization’);
d)accurate and, where necessary, kept up to date; every reasonable step must be taken to
ensure that personal data that are inaccurate, having regard to the purposes for which they
are processed, are erased or rectified without delay (‘accuracy’);
e)kept in a form which permits identification of data subjects for no longer than is necessary for
the purposes for which the personal data are processed; personal data may be stored for
longer periods insofar as the personal data will be processed solely for archiving purposes
in the public interest, scientific or historical research purposes or statistical purposes in
accordance with Article 89(1) subject to implementation of the appropriate technical and
organizational measures required by this Regulation in order to safeguard the rights and
freedoms of the data subject (‘storage limitation’);
f) processed in a manner that ensures appropriate security of the personal data, including
protection against unauthorized or unlawful processing and against accidental loss,
destruction or damage, using appropriate technical or organizational measures (‘integrity and
confidentiality’).
IV. Additional Safeguards for Data Subject
All persons shall have the right to
1. receive information on his/her data and on processing (right of access by the data
subject),
2. The data subject shall have the right to obtain from the controller restriction of
processing where one of the following applies: (a) the accuracy of the personal data is
contested by the data subject, for a period enabling the controller to verify the accuracy
of the personal data; (b) the processing is unlawful and the data subject opposes the
erasure of the personal data and requests the restriction of their use instead; (c) the
controller no longer needs the personal data for the purposes of the processing, but
they are required by the data subject for the establishment, exercise or defense of legal
claims; (d) the data subject has objected to processing pursuant to relevant legislation
pending the verification whether the legitimate grounds of the data controller override
those of the data subject.
3. establish the existence of an automated personal data file, its main purposes, as well
as the identity and habitual residence or principal place of business of the controller of
the file;
4. obtain at reasonable intervals and without excessive delay or expense, confirmation of
whether personal data relating to him are stored in the automated data file as well as
communication to him of such data in an intelligible form;
5. have such data corrected or erased for reasonable cause without delay (‘right to be
forgotten’); The Data Controller shall communicate any rectification or erasure of
personal data or restriction of processing to each recipient to whom the personal data
have been disclosed, unless this proves impossible or involves disproportionate effort.
The data controller shall inform the data subject about those recipients if the data
subject requests it;
6. receive, in the case of automated processing in consent-based processing, the
personal data concerning him or her, which he or she has provided to Ntice Kft, in a
structured, commonly used and machine-readable format and shall have the right to
have Ntice Kft transmit those data to another data controller. This right shall not violate
the right to be forgotten and shall not adversely affect the rights and freedoms of others.
7. object, on grounds relating to his or her particular situation, at any time to processing
of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1)
of the GDPR, including profiling based on those provisions;
8. not to be subject to a decision based solely on automated processing, including
profiling, which produces legal effects concerning him or her or similarly significantly
affects him or her, except in the cases under Article 22 of the GDPR (automated
decision-making);
9. obtain legal remedy if a request for confirmation or, as the case may be, communication,
rectification or erasure as referred to by relevant legislation is not complied with. At data
subject’s request, data controller shall provide information on the data managed by data
controller or processed by data controller’s authorized data processor, on the purpose,
legal grounds, time period of the data processing, on data processor’s name, address
(registered seat) and data processing activities, and on the identity of the person(s)
receiving the data and on the purpose such data were received. Data Controller shall
provide the requested information in writing in intelligible form at the earliest possible
time upon receipt of data subject’s request, but within no later than 30 days. In case of
any violation of its rights, data subject may lodge a formal complaint against the data
controller in a court of law. Data Controller is liable to pay compensation for any damage
caused to another party by its unlawful handling of data relating to data subject or by
breaching technical data protection requirements. Data Controller is also liable to pay
compensation to data subject for any damage caused by its data processor. Data
Controller is exempt from liability if it can prove that the damage resulted from
unavoidable causes outside the scope of data processing. No compensation is payable
if damage is caused by the injured party’s deliberate or grossly negligent conduct.
V. The Legal Basis, Purpose, Sphere, and Duration of Processing
1. The Legal Basis for Processing
Policies regarding data processing and protection of personal data of visitors apply only to
natural persons having regard to the fact that personal data can be interpreted in relation only
to natural persons (in accordance with Act CXII of 2011 on the Right to Informational
SelfDetermination and Freedom of Information); therefore, this Data Protection Policy has a
binding force strictly to the processing of personal data of natural persons registering on the
website.
a) The legal basis for the processing referred to in point V.2. a) is the consent of the data
subjects and the Data Controller’s rightful interest in performing the contract concluded
between the data subject and the Data Controller (Article 6(1)(b) of the GDPR).
b) The legal basis for the processing referred to in points V.2. c), d), e), f), and g) (ii)-(iii) is
the consent of the data subjects. Data subjects shall provide their consent during the
registration process by checking separate check boxes for each of the various processing
purposes and subsequently providing their personal data (e.g. subsequently uploading
photographs).
c) The basis of the processing referred to in point V.2. b) is, in particular, Sections 169 and
202 of Act CXXVII of 2017 on Value Added Tax, as well as Section 167 of Act C of 2000 on
Accounting. The Website’s users accept the use of cookies by clicking on the “I understand”
button on the Website. If the user accepts the use of cookies, information and consent shall
extend to using cookies at later times when the user’s device is connected to the Website.
d) The legal basis for the processing referred to in point V.2. g) (i) is the Data Controller’s
rightful interest in performing the contract concluded between the data subject and the Data
Controller (Article 6(1)(b) of the GDPR).
2. The Purpose of Processing and the Sphere of Processed Data
Personal data can be processed strictly only for a specific purpose, to exercise a right and to
meet an obligation. Data processing shall meet this objective in every step of the procedure.
Personal data can be processed only insofar as it is essential for satisfying the purpose of data
processing, it is adequately suited to satisfying that purpose, and its scope and duration is
limited to achieving the objective.
a) Purpose: providing the dating service, exercising the connected copyright, and fulfilling the
connected obligations.
Data: name, home address, email address, sex, the sex of the sought partner, place and date
of birth, place of residence.
b) Purpose: fulfilling the tax and accounting obligations required by law (bookkeeping,
taxation).
Data: the personal data defined by law, thus especially invoicing name, company name, tax
number, invoicing address, email address and payment (transfer) details.
c) Purpose: preparation of usage statistics, providing the service in the highest possible quality
and the most possible effective manner, and sending system messages in connection with
operating the website and providing the services.
Data: the data under point V.2. a) above, and furthermore the data that can be entered under the
tabs “Introduction”, “Photos”, “Data”, and “Who are you looking for?” The exact list of such data
is attached as Annex 1 to this document. Sensitive personal data are marked with bold in the
list of data.
d) Purpose: use for marketing and direct marketing purposes, and for sending newsletters
(business offers). Data: email address.
e) Purpose: informing other users
Data: name, home address, email address, and the data found on the Website’s “Introduction”
and “Photos” tabs.
f) purpose: providing the flower delivery service, exercising the connected copyright, and
fulfilling the connected obligations
Data: name, delivery address, phone number
g) Cookie: cookies contain information automatically logged by our servers. The Manager
uses the following cookies:
(i) Session cookies
(ii) Functional cookies
(iii) Third-party cookies
The processing purposes, legal basis, duration, and other information pertaining to cookies can
be found in a separate document (https://www.puncs.com/en/cookie).
3. The period of processing starts at the completion of registration and ends at the time when
the data is erased. Unless provided for otherwise by law or requested by the data subject, the
Data Controller shall erase the data on the day after the expiry of the following periods (as the
end of the purpose of processing).
a) The Data Controller shall delete the data used for the processing under point V.2. a), c), d),
e), and f) on the 730
th
day after the inactivity of the given user (which period will always be
extended by the period of hibernation requested by the user), if the conditions required by law
are met and the user’s membership will be terminated in line with the conditions of the contract
concluded between the parties.
b) The Data Controller shall process the data under point V.2. b) for the time set out by law (the
end of the 8
th
year following the termination of the contract concluded between the parties).
a) The Data Controller shall process the data under the processing referred to in point V.2. g)
until the time set out in the separate document.
VI. Automated Decision-Making
The Data Controller shall apply automated decision-making (profiling) in the following cases.
1. Development of discount subscription offers
We offer discount packages on the basis of the time that has passed since registration or the
expiration of the previous subscription and based on the user’s sex.
2. Development of partner recommendation system
Depending on the result of automated decision-making, the website prioritizes certain users in
its displays for other users.
a. Based on the user’s clicks and favorites, we recommend users whom the user might like.
b. similarity is determined with the use of the following logic: “the persons who liked the users
you like also liked the following users”
c. the system only decides whether we will prioritize the display of certain users.
VII. Data Security:
Data Controller and, within its own scope of operations, Data Processor shall keep the data
they process secure, and adopt technical and organizational measures and formulate
procedural policies as may be necessary to enforce the provisions of the Data Protection Act
as well as other data and confidentiality regulations. Data shall be protected especially against
unlawful access, alteration, publication, or erasure, as well as against damage or destruction.
VIII. Data Protection Principles
Data Controller shall give its users clear, noticeable and unambiguous warning before
capturing, recording or handling any of their data (privacy statement) to provide them with
information on the method used for capturing their data, for what purposes and in accordance
with what principles. Furthermore, Data Controller shall call user’s attention to the voluntary
nature of data disclosure. Data Subject shall be informed about the purpose of data processing,
as well as the identity of the person(s) who manage and process the data.
Data Controller’s entire staff and senior officers are entitled to the access data processed by
Data Controller. The requirement to provide information on data processing is also deemed
fulfilled when applicable laws govern data to be captured by transfer from an already existing
data processing pool or by linking existing databases.
Whenever Data Controller intends to use provided data for purposes other than determined
when the data was originally captured, it shall inform User of those purposes accordingly and
obtain User’s prior express consent; Data Controller shall also ensure that User may opt to
prohibit use of its data for such other purposes.
Data Controller shall, without fail, adhere to the restrictions stipulated under Basic Principles
when capturing, recording, and processing data, and it shall keep Data Subject informed of its
activities via electronic correspondence, at Data Subject’s request. Data Controller shall refrain
from imposing any sanctions against users who decline to provide requested non-mandatory
information.
Data Controller shall keep the data it processes secure and adopt technical and organizational
measures and formulate procedural rules as may be necessary for ensuring that the data
captured, stored, and processed is protected; Data Controller shall prevent destruction,
unlawful use and unlawful alteration of the data it processes. Data Controller shall notify any
third party to whom it may transfer or disclose data, as the case may be, of their obligations to
the above.
Whereas Ntice Kft. does not offering any services designed for individuals aged under 18, it
represents and warrants that it does not collect or handle personal data on individuals aged
under 18.
As a general rule, users visiting our website are not obligated to disclose their identity and
provide personal data of any kind. When providing their name and email address, users may,
as a matter of course, opt not to enter their real name but provide an alias instead.
Data and information suitable for personal identification shall be construed as personal data of
natural persons that can be used to identify an individual, to communicate with them, or to
identify their physical location, including but not limited to their name, residential address,
postal address, phone number, fax number, and e-mail address.
Anonymous information collected by eliminating personal traceability does not constitute
personal data as it cannot be linked to a natural person, neither does demographic data
constitute personal data when it is collected without linking it to personal data of identifiable
individuals, and therefore no connection can be made to natural persons.
As a general principle, whenever we ask our visitors for personal information, they are free to
decide whether they want to provide the requested information after having read and
interpreted the necessary written information. However, it must be noted that, if an individual
decides not to share their personal data, they may not be able to use a service that is
conditional on the disclosure of personal data.
This Privacy Policy is in regard to protecting the personal data of visitors provided to the Data
Controller, i.e. not in regard to their data intended for the public domain. Should an individual
voluntarily decide to make all or some of his or her personal data public, then such information
shall not be covered by the scope of this Privacy Policy.
We always make it clear which information fields are ‘mandatory’ to complete during the
registration process, and for what purpose and under what terms and conditions such
information will be used. The term ‘mandatory’ in this case refers not to the mandatory nature
of providing the requested data but indicates that there are certain records without the
completion of which registration will not be successful, in other words, leaving certain fields
blank or not completing them properly may lead to rejected registration.
Without authorization, under no circumstances shall we transfer to third parties any personal
data provided by our users.
If the service provider is requested by any competent authority to provide any personal data in
line with applicable laws (e.g. in connection with a suspected crime, or under an official court
resolution ordering the confiscation of data), the Data Controller will hand over the requested
and available information in accordance with its statutory obligation.
Whenever our users make available their personal data to us, we shall take all necessary
measures to keep those personal data safe both during the course of network communication
(i.e. online data processing) and during the course of data storage and safekeeping (i.e. offline
data processing).
It is Data Controller’s responsibility to ensure that visitors can access, correct and supplement
their own personal data through the same communication channels and by using the same
means through which they shared their personal data with us in the first place. This is meant
to ensure that the personal data of our users are always up-to-date, accurate and current.
Should any of our users ask us to remove their personal data from our systems, we shall
promptly oblige (on the understanding that thenceforth that user will, in some cases, no longer
be able to use the service to which the data was relevant, or not in the same way as before).
By registering and by using the service, users grant their consent for Ntice Kft. to view the
conversations carried out on the communication channels it provides (chat) and to know the
conversations and statements made by users therein.
In case of online payment, the Data Controller may, for the purpose of providing customer
service assistance to users, confirming transactions, and to analyze cases of fraud, disclose
the email address, name, and telephone number linked to the user profile to the payment
service provider.
IX. Within this framework, Data Controller shall apply the following rules during the
course of data collecting:
Data suitable for contacting individual users. We shall use data suitable for contacting individual
users (e.g. email addresses) strictly for purposes authorized by the user in advance and we
shall, under no circumstances, disclose them to third parties without the user’s prior written
consent, unless stipulated otherwise by applicable laws.
Data suitable for physically contacting individual users. We shall use data strictly for the
purposes authorized by user in advance and we shall, under no circumstances, disclose them
to third parties, unless stipulated otherwise by applicable laws. Open communication options.
Open communication channels that are part of our service (e.g. forums) may be used at each
individual user’s own risk. Individual users are the copyright owners of their own posts but Ntice
Kft is entitled to quote and circulate multiple copies of such posts without limitation. Third
parties may print, download and disseminate postings strictly for their own personal use only,
and may use them exclusively with Ntice Kft’s written consent. Users are reminded that
comments posted on open communication channels are governed by separate laws regulating
public communications. We are committed to handling data suitable for individually contacting
users accessing communication services with outmost care and in the strictest of confidence;
no unauthorized access to those data is possible, and such data will not be disclosed to third
parties, unless stipulated otherwise by applicable laws.
Links. Our services include a large number of links to the websites of other service providers.
Data Controller shall not accept liability for the data and information protection practices of
such service providers.
X. Information, Legal Remedy
At User’s request, Data Controller shall provide information on the data processed by Data
Controller, on the purpose, legal grounds and time period of the data processing, on the data
processor’s name, address (registered seat) and data processing activities, and on the identity
of the person(s) receiving the data and on the purpose such data were received. Information
may be requested at info@puncs.com or under the ‘Customer Service’ menu point.
Should our users have any reason to believe that we have breached their personal data
protection rights, they may file a formal complaint with a court of law, or may seek assistance
at the Hungarian National Authority for Data Protection and the Freedom of Information (H1125
Budapest, Szilágyi Erzsébet fasor 22/c, www.naih.hu).
Such legal cases are reviewed by courts of law in expeditious procedures. Rulings fall under
the jurisdiction of tribunals. Legal cases may also be brought before the tribunal that has
jurisdiction over User’s (Data Subject’s) domicile or residence at User’s (Data Subject’s)
discretion.
Detailed statutory provisions pertaining to legal redress and Data Controller’s obligations are
stipulated by Act CXII of 2011 on the Right to Informational Self-Determination and Freedom
of Information.
Data Protection ID: Ntice Kft.: NAIH-83283/2015. Data protection
officer address:
Ntice Kft. – H-1135 Budapest, Reitter Ferenc utca 50.
Contact information: email: info@puncs.com
Annex - list of personal and sensitive data provided during registration
Data
Locaon
Email address
main page
Password
main page
What is your sex?
registraon/datasheet
Who are you?
registraon/datasheet
Who are you looking for?
registraon/datasheet
Home address (county)
prole/general informaon
Home address (city)
prole/general informaon
Date of birth
prole/general informaon
Expectaon as regards
standard of living
prole/general informaon
Annual income
prole/general informaon
Assets
prole/general informaon
Height
prole/personal data
Weight
prole/personal data
Physique
prole/personal data
Eye color
prole/personal data
Hair color
prole/personal data
Occupaon
prole/personal data
Educaon
prole/personal data
Relaonship status
prole/personal data
Do you have children
prole/personal data
Smoking
prole/personal data
Alcohol consumpon
prole/personal data
Spoken languages
prole/personal data
Username
prole/introducon
Moo
prole/introducon
About me
prole/introducon
Who I am looking for
prole/introducon
Select the adventures you
would like to parcipate in
prole/bucket list
