I. General Provisions
Your privacy is important to Ad Futurus Foundation (seat: Hungary, 1139 Budapest, Rozsnyai utca 20. B11)– hereinafter referred to as Derigo). This privacy statement provides information about the personal information that Derigo collects, and the ways in which Derigo uses that personal information.
Derigo collect information from you when you register on our site (hereinafter referred to as: derigo.me). When registering on derigo.me, as appropriate, you will be asked to enter your firstname, lastname, username, email address, date of birth, nationality and password in order to enjoy the features of derigo.me and to book on a trip. Trip Provider needs to give additionally an identification number or passport number to provide trips on derigo.me. Please note that you are entitled to request the deletion of your personal data any time from Derigo. If you terminate your account, we delete your personal data immediately. If you do not use your account for over a year, then Derigo may inactivate your account.
The purpose of the data collection is to identify all of the Users who use derigo.me in order to provide and book trips.
For the purpose of the Data Privacy Directive 95/46/EC and Act CXII of 2011 on the Right to Informational Self-determination and Freedom of Information (hereinafter referred to: Act), the data controller is Derigo Travel Ltd. (seat: Hungary, 4032 Debrecen, Patay István utca 34.) Registration number at the National Authority for Data Protection and Freedom of Information is: NAIH:78619/2014
II. The principles of data control
Personal data may exclusively be controlled for a specific purpose to realize rights and fulfill obligations. Data control must at every stage comply with the objective of the data control; data must be recorded and controlled in a fair and legal manner.
Only personal data essentially needed to satisfy the aim of the control, appropriate for achieving the goal may be controlled. Personal data may only be controlled to the extent and for the time required to achieve the goal.
Throughout the data control process, personal data shall be classified as such until its connection with the data subject can be restored.
It has to be ensured during the course of control that the data are accurate, complete and – if required for the data control – updated, and that the data subject is only identifiable for the time required for the data control. After there is no aim to keep the data we may delete them from our system. In case of the deletion of the data, a minutes shall be taken about it that will be made by electronic way and will be stored as an electronic data.
III. The Requirement of Data Protection
Derigo must plan and execute control operations in a way that these ensure the protection of the private sphere throughout the application of the relevant Act and other regulations applicable in connection with data control.
Derigo within its respective scope of activities, is obliged to ensure data security, institute technical and organizational measures and develop procedural rules required to enforce the Act, as well as other data protection and confidentiality rules.
Through the institution of the appropriate measures the data must be particularly protected from unauthorized access, modification, transfer, disclosure, deletion or destruction, accidental destruction and damage as well as disabled access occurring due to changes to the technology applied.
In order to protect data sets controlled electronically in various files it is necessary to ensure that – unless otherwise permitted by law - data stored in files cannot be directly connected and linked to the data subject by ensuring the appropriate technological solutions.
During the course of the automated processing of personal data, Derigo ensures the following by taking additional measures:
a. prevents unauthorized data entry;
b. prevents the use of automatic data processing systems by unauthorized persons by using data transfer devices;
c. ensures the ability to control and determine which bodies the personal data have or can be sent to by using a data transfer device;
d. ensures the ability to control and determine which personal data has been registered in the automatic data processing systems, when this was done and who did it;
e. ensures the ability to restore the systems installed in the event of malfunctions and;
f. compiles a report on errors occurring during the course of automated processing.
Derigo must take account of the current level of development of the relevant technology when determining and applying measures taken to protect the data. The solution which ensures a higher level protection of the personal data must be selected from among several possible control solutions, unless this proves far too difficult for Derigo.
Data are stored in a secured database placed atRackhost Zrt. (seat: Hungary, 6722 Szeged, Tisza Lajos körút 41.). Data can only be accessed by the authorized person of Derigo (who is registered at the Authority). Rackhost Zrt. ensure the data store security. Derigo have implemented security safeguards designed to protect the personal information that you provide in accordance with industry standards. Access to your data on derigo.me is password-protected. We also offer secure https access to the the derigo.me website. To protect any data, you store on derigo.me, we also regularly monitor our system for possible vulnerabilities and attacks. Moreover, Derigo creates backup copies of the MySQL database on a daily basis. However, since the Internet is not a 100% secure environment, we cannot ensure or warrant the security of any information that you transmit to derigo.me. There is no guarantee that information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information. Please note that emails, instant messaging, and similar means of communication with other Users are not encrypted, and we strongly advise you not to communicate any confidential information through these means. Please help keep your account safe by using a strong password.
|session_id||Store login information|
Derigo may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our Users' browsing actions and patterns, and does not identify any individual.
IV. Data Transfer to Other Countries and to third parties
You agree to such cross-border transfers of personal information.
Please note that in case of you as Traveler do not arrive to the booked trip and you do not cancel your booking 24 hours before your arrival, then you must pay the full price of the trip to the Trip Provider. If you fail to pay, only in this case, Derigo is entitled to provide your personal data to the Trip Provider. You also agree to such transfer of the data.
V. Rights and their Enforcement
You are entitled to request:
(i) information on the processing of your personal data;
(ii) modification of your data;
(iii) deletion of your personal data from derigo.me
(iv) that we block access to your personal data stored on derigo.me
Your right of access can be exercised in accordance with the Act. The first access request is free, additional requests however may be subject to a fee of EUR 10 to meet our costs in providing you with details of the information we hold about you.
Pursuant to the request of you, Derigo is entitled to provide information on the subject’s data it controls, its sources, the objective of the control, its legal grounds and duration, in addition to the legal grounds and recipients should the personal data of you not be transferred.
Derigo keeps a record of data transferred to verify the legitimacy of the data transfer and informs you which file details the date on which the personal data Derigo controlled was sent, the legal grounds of this action and its recipients, the specific scope of the personal data sent, as well as other data specified in legislation prescribing control.
Should a request for information be denied, Derigo must notify you of this in writing, by referring to the relevant section of the Act on what grounds the request for information was denied. Should a request for information be denied, Derigo must inform you the means available to facilitate legal redress in court and contact the National Authority for Data Protection and Freedom of Information (hereinafter referred to as: Authority) to seek help.
Derigo keeps the Authority informed about rejected requests each year up to 31 January following the year under review.
Derigo shall correct the personal data should the personal data not be authentic and the Derigo has access to the authentic personal data.
Personal data must be deleted should
a. its control be illegal;
b. it have been requested by you in accordance with point c) of Section 14 of the Act;
c. it be incomplete or incorrect – and this cannot be legitimately changed – on condition that the law does not rule out deletion;
d. the objective of the control have ceased to exist or the period defined in the relevant legislation for storing the data have expired;
e. it have been ordered by the court or the Authority.
Deletion obligations do not apply to personal data which is recorded on a data carrier which must be placed in the archives in accordance with legislation governing the preservation of archival materials.
Instead of deletion, Derigo blocks the personal data should you request this, or in the event that the basis of the information available, deletion would presumably violate the rightful interests of you. Personal data blocked through such means may exclusively be controlled while the control objective remains valid which barred the deletion of the personal data.
Derigo tags the personal data it controls should you dispute its correctness or accuracy, yet it is not possible to explicitly verify the incorrectness or inaccuracy of the disputed personal data.
You, as well as everyone to whom the data was transferred for control purposes, must be notified of any correction, blocking and deletion. Exemptions apply should this not violate the rightful interest of you in respect of the objective of control.
Should the Derigo fails to fulfil the request of you regarding correction, blocking or deletion, Derigo shall provide the reasons and legal grounds for rejecting the request submitted in connection with correction, blocking or deletion within a period of 30 days following the receipt of the request. Should the request for correction, blocking or deletion be rejected, Derigo shall notify you of the opportunities available to seek legal redress via the courts and on the help available from the Authority.
Rights defined for you above, may be restricted by law for reasons pertaining to domestic and external national security, and therefore, to national defense, to ensure national security, prevent or prosecute offences, ensure the security of penal institutions, as well as the economic and financial interests of the state or local governments; to disciplinary and ethical offenses, prevent and expose labour law related and occupational safety infringements – including control and supervision in every case – in addition to protecting the rights of you or others.
VI. The Requirement to Preliminarily Information
You are entitled to object to the control of your personal data
a. should the personal data have to be controlled or transferred to fulfill the legal obligations of Derigo, or validate the rightful interests of Derigo, data recipient or third party except in the case of mandatory data control;
b. should the personal data be used or transferred directly for business benefits, public opinion surveys or scientific research purposes, or
c. other cases defined in relevant legislation.
Derigo shall assess the objection lodged within the shortest possible space of time following the submission of the request; however, he or she shall assess the document within a maximum period of 15 days and make a decision on the grounds of the objection and notify the applicant of the decision in writing.
Derigo shall suspend the control process – including data entry and data transfer – block the data and notify everyone to whom the personal data constituting the object of objection was transferred of the objection lodged, as well as measures taken on the grounds of this, which individuals are obliged to take measures to enforce the right to object, should the Derigo deem that the objection lodged is legitimate and justifiable.
You are entitled to initiate legal proceedings in accordance with the Act, in case of the non-fulfillment of the above.
Derigo is not authorized to delete any data if the control of the data was ordered by law. However, data cannot be transferred to the data recipient, if Derigo agreed with the objection made, or the court deems that the objection is legally justified.
VII. Assertion of Rights in Court
If you believe your rights have been breached, you are entitled to petition the General Court of Hungary for remediation.
Derigo shall be obliged to prove that the data has been controlled in compliance with the relevant legislation. The data recipient shall be obliged to prove the legitimacy of the data transfer.
Persons normally not having the capacity to be a party to legal proceedings may also be parties to the litigation. The Authority is entitled to intervene in the proceeding in favor of you
Derigo shall be obliged to delete the personal data of you within three days following the announcement of the verdict should the court reject the motion. Derigo shall also be obliged to delete the data should the data recipient fail to turn to the courts within the deadline period set in the relevant Act.
The court orders the public disclosure of the verdict – by disclosing Derigo’s ID data – should this be requested in the interest of data protection and the rights of a higher number of you protected within the scope of the Act.
Derigo.me contains links to other websites.
Derigo is not responsible for the privacy policies or practices of any third party, so please read the privacy policies of these sites, before starting to use them.
Oktogon 3. 1st floor apt. 1
Budapest, 25th of July 2016