1. Identification of the data controller

The website, available at https://lionstack.hu/, is hosted by

Lion Stack Korlátolt Felelősségű Társaság

Abbreviated name: Lion Stack Kft.
Company registration number: 03-09-138099 - Company Court of Kecskemét General Court
Tax number: 32483002-2-03
Headquarters: 6500 Baja, Kölcsey Ferenc utca 102. 4th floor door 10.
Place of business: 6500 Baja, Péter-Pál utca 7. bell 1
E-mail address: info@lionstack.hu
Website: https://lionstack.hu/

(hereinafter referred to as the "Data Controller").

2. Legislation applicable to data processing, scope of the information notice

2.1. The Data Controller shall primarily process Users' data

- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (The EU General Data Protection Regulation), (hereinafter referred to as GDPR),
- Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Act on electronic commerce services)
- and Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activities (Act XLVIII of 2008).

on the basis of the provisions of.

2.2 This notice applies to the processing of data during the use of the website https://lionstack.hu/ (hereinafter referred to as the "Website") and the services available there.

2.3 For the purposes of this Policy, User means: natural persons browsing the Website, using the services of the Website and ordering products from the Data Controller.

3. Legal basis for processing

3.1 The legal basis for the processing carried out by the Data Controller is the consent of the User pursuant to Article 6(1)(a) of the GDPR for certain processing, and Article 6(1)(b) of the GDPR for processing relating to an order, which states that the processing is necessary for the performance of a contract to which the User is a party.

3.2 In the case of processing based on consent, the User gives his/her consent by ticking the box in front of the data processing statement in the relevant places. The User may read the privacy notice at any time by clicking on the "Privacy Notice" at the bottom of each page of the website or by clicking on the link marked "Privacy Notice" in the privacy notice referred to in this point, whereby the Data Controller ensures that the User is provided with clear and detailed prior information. By ticking the checkbox in front of the Privacy Statement, the User declares that he/she has read the Privacy Statement and, being aware of its contents, consents to the processing of his/her data as described in this Privacy Statement.

3.3 In certain cases, the Data Controller may be required by law to carry out certain processing operations or may have a legitimate interest as a legal basis for processing the data. You can read more about these below in the chapters on specific processing operations.

4. Data processing related to the provision of an IT service

4.1 The Data Controller uses cookies for the operation of the website and to collect technical data about visitors to the website.

4.2 The Data Controller provides a separate information on the data management implemented by cookies: information on the use of cookies.

5. Processing of data related to the receipt and reply to a message

5.1.Data subjects: Users who send messages to the Data Controller using the messaging interface available from the "Contact Us" section of the website or by e-mail using the e-mail address(es) indicated on the website.

5.2 Legal basis for processing: the User's consent pursuant to Article 6(1)(a) of the GDPR.

5.3. Definition of the scope of the data processed:

The User sending the message:
- name,
- your e-mail address,
- phone number,
- subject of the message,
- any additional information that the User may provide in the message.

With regard to any additional data that the User may provide in the message, the Data Controller only processes the data in relation to the content of the message sent, but does not request the User to provide any personal data that may be provided there. When such unexpected personal data is provided, the Data Controller shall not store the unexpected personal data and shall delete it from its IT system without delay.

5.4 Purpose of processing: to enable the User to exchange messages with the Data Controller.

Related services:
- write a message on the website,
- receive messages sent by e-mail (using the e-mail address(es) indicated on the website),
- reply to messages sent to the Data Controller by the above means, which the Data Controller will do within 2 working days.

5.5 Duration of data processing: until the message is answered or the User's request is fulfilled. The Data Controller shall delete the data processed for this purpose after the message has been replied to/ the request has been fulfilled. If the exchange of information takes place through several messages on related subjects, the Data Controller shall delete the data after the exchange of information has ended or the request has been fulfilled.

If the exchange of messages leads to the conclusion of a contract and the content of the messages is relevant to the contract, the legal basis and duration of the processing is as described in point 10 (processing in relation to an order).

5.6. Method of storage of data: in a separate processing list in the IT system of the Data Controller.

6. Data processing related to the sending of newsletters

6.1.Data subject: the User who subscribes to the newsletter by entering his/her e-mail address in the field next to the "Subscribe and don't miss anything" sign on the website or by clicking on the checkbox next to the text to subscribe to the newsletter during the ordering process.

6.2. Legal basis for processing: article 6 (1) (a) GDPR and Art. Article 6 (1) and (2) of the GDPR. Voluntary consent is given by the User by reading this Privacy Policy and by filling in the fields for subscribing to the newsletter and ticking the consent form provided therein. By doing so, the User declares that he or she consents to the processing of his or her data in accordance with the processing set out in the privacy policy and to the sending of the newsletters.

In addition to sending useful information, the newsletter service also aims at direct marketing by the Data Controller. The User may subscribe to this service independently of the use of other services. The use of this service is voluntary and based on the User's decision, after having been duly informed. If the User does not use the newsletter service, he/she will not be disadvantaged in using the website and its other services. The Data Controller does not make the use of its direct marketing service a condition for the use of any of its other services.

6.3. Definition of the scope of the data processed:

- name,
- e-mail address,

6.4 Purpose of processing: sending newsletters by the Data Controller to the User by e-mail. The sending of newsletters means sending information about the Controller's services, news and updates, attention-grabbing offers, advertising and promotional content.

6.5 Duration of data processing: the Data Controller shall process the data processed for the purpose of sending the newsletter until the User's consent is withdrawn (unsubscribe) or the data is deleted at the User's request.

6.6. Method of storage of data: in a separate processing list in the IT system of the Data Controller.

7. Use of a data processor

The Data Controller uses the following entities as data processors.

7.1. Shared space provider

7.1.1.1 The data subjects concerned by the processing: the Users visiting the Site, regardless of their use of the services provided by the Site.

7.1.2. The Data Controller uses as a data processor

Rackforest Ltd.

Address: 1132 Budapest, Victor Hugo utca 11. 5. floor B05001.
Postal address: 1132 Budapest, Victor Hugo utca 11. 5th floor B05001.
Phone: +36 1 211 0044
E-mail: info@rackforest.hu
Website: https://rackforest.com/

as a web hosting provider (hereinafter referred to as the "Data Processor").

7.1.3.Definition of the data subject of the processing: the processing concerns all the data specified in this notice.

7.1.4. Purpose of the processing: to ensure the information technology operation of the website.

7.1.5 Duration of processing: the same as the processing periods indicated for the processing operations governed by the purposes of the processing for each of the categories of data covered by this notice.

7.1.6 Nature of the processing: the processing of data is limited to the provision of the hosting necessary for the operation of the website in the IT sense.

7.2. Processing of data related to the sending of newsletters

7.2.1.Data subjects concerned by the processing: users who subscribe to the newsletter on the website, regardless of the use of other services provided by the website.

7.2.2.2. The Data Controller uses as data processors the following

THE ROCKET SCIENCE GROUP LLC (MailChimp)

Company registration number: 20161685162
Tax number: 20161685162
Location: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
Telephely: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
Postacím: 675 Ponce de Leon Ave NE, Suite 5000 Atlanta, GA 30308 USA
Telephone: +1 678 999 0141
E-mail: privacy@mailchimp.com
Website: https://mailchimp.com/

a company as the developer and maintainer of the newsletter sending software used by the Data Controller (hereinafter referred to as the "Data Processor").

7.2.3.Definition of the data subject of the processing: the processing concerns the name and e-mail address of the User subscribing to the newsletter.

7.2.4.Purpose of data processing: to ensure the operation of the software used by the Data Controller for sending newsletters in the information technology sense, by means of data processing in the technical operations necessary for the secure operation of the software.

7.2.5. Duration of data processing: until the User's consent to receive the newsletter is withdrawn (unsubscribe) or until the data is deleted at the User's request.

7.2.6.Nature of the processing: the processing of the data consists exclusively of the technical operations necessary for the operation of the newsletter sending software in the IT sense.

7.3. Processing of data related to accounting services

7.3.1. The data subjects concerned by the processing: the Users placing the order.

7.3.2. The Data Controller uses as a data processor

Graffiti Language School, Educational, Commercial and Service Company Limited Liability Company

Abbreviated name: Graffiti Language School Ltd.
Company registration number: 03-09-126979
Tax number: 24772534-1-03
Registered office: 6528 Bátmonostor, Mátyás király utca 50.
Postal address: 6528 Bátmonostor, Mátyás király utca 50.

a company as the accountant of the economic activity of the Data Controller (hereinafter referred to as the "Data Processor").

7.3.3.3 Definition of the scope of the data processing: the data processing concerns the name and address of the User placing the order, the identification of the ordered item(s), the date of purchase and the data contained in the receipts containing the purchase price, delivery charges and any other charges.

7.3.4 Purpose of the processing: to fulfil the statutory accounting obligations relating to the economic activity carried out by the Data Controller by using the services of the above mentioned Processor.

7.3.5 Duration of data processing: for the maximum period necessary to fulfil the obligation to keep supporting documents under the Accounting Act, until the deletion of the invoice in the year following the 8th year after its issue.

7.3.6. Nature of data processing: data processing shall consist exclusively of operations necessary for the fulfilment and verification of accounting obligations.

7.4. Data processing related to the production of invoices

7.4.1.The data subjects concerned by the processing: users who place an order on the website, regardless of the use of other services provided by the website.

7.4.2. The Data Controller uses as a data processor

KBOSS.hu Trading and Service Provider Limited Liability Company

Abbreviated name: KBOSS.hu Kft.
Company registration number: 01-09-303201
Tax number: 13421739-2-41
Registered office: 1031 Budapest, Záhony utca 7.
Postal address: 1031 Budapest, Záhony utca 7.
Phone: +36 30 3544 789
E-mail: info@szamlazz.hu
Website: https://www.szamlazz.hu/

a company as the developer and maintainer of the billing software used by the Data Controller (hereinafter referred to as the "Data Processor").

7.4.3.Definition of the scope of the data processing: the data processing concerns the name and address of the user placing the order, the identification of the ordered good(s) and/or service(s), the date of purchase and the receipts containing the purchase price, delivery charges and any other charges.

7.4.4.4 Purpose of processing: to ensure the operation of the software used by the Data Controller for issuing invoices in the information technology sense, by means of data processing consisting of technical operations necessary for the secure operation of the software.

7.4.5 Duration of data processing: for the period necessary to fulfil the obligation to keep supporting documents under the Accounting Act, i.e. for 8 years from the date of issue of the invoice.

7.4.6 Nature of the processing: the processing of the data is limited to the technical operations necessary for the operation of the software used to issue the invoice in an IT sense.

7.5 No other processing of data takes place.

7.6 The Data Controller does not use any other data processor than the Data Processors indicated above.

8. User's rights in relation to data management

8.1. Right of access: Upon the User's request, the Data Controller shall provide information about the data processed by the User or by the Data Processor, the source of the data, the purpose, legal basis and duration of the processing, the name and address of the Data Processor and its activities related to the processing, the circumstances and effects of any data breach and the measures taken to remedy the data breach, and, in the case of the transfer of the personal data of the data subject, the legal basis and the recipient of the transfer. The Controller shall provide the information without undue delay and at the latest within one month of receipt of the request.

In the context of the right of access, the Data Controller shall provide the User with a copy of the personal data subject to processing, at the latest within one month of receipt of the request. For any additional copies requested by the User, the Controller may charge a reasonable fee based on administrative costs (as referred to in point 14).

8.2.Right to data portability: the User has the right to receive personal data concerning him/her which he/she has provided to the Data Controller in a structured, commonly used, machine-readable format, and the right to transmit such data to another data controller without hindrance from the data controller to which he/she has provided the personal data, if:

a) the processing is based on the consent of the User or on a contract; and
(b) the processing is carried out by automated means.

In exercising the right to data portability as set out above, the User has the right to request, where technically feasible, the direct transfer of personal data between data controllers.

8.3.Right to rectification: the User may request the rectification of his/her processed data, which the Data Controller shall carry out without undue delay, but no later than one month from the receipt of the request. Taking into account the purposes of the processing, the User shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

8.4 Right to restriction of processing: the Controller shall designate the personal data it processes for the purpose of restricting the processing. The Data Controller shall designate the personal data which the User has provided to the Data Controller for processing:

a) the User contests the accuracy of the personal data, in which case the limitation shall apply for the period of time that allows the Controller to verify the accuracy of the personal data;
b) the processing is unlawful and the User opposes the deletion of the data and instead requests the restriction of their use;
(c) the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
(d) the User has objected to processing based on the legitimate interests of the Controller; in this case, the restriction shall apply for the period until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the data subject.

8.5 Right to erasure: The Controller shall erase personal data if:

(a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
b) the User withdraws his or her consent on the basis of which the processing is based and there is no other legal basis for the processing;
c) the User objects to the processing and there are no overriding legitimate grounds for the processing or the User objects to the processing for direct marketing purposes;
d) the personal data have been unlawfully processed;
e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the controller; f) the User requests erasure or objects to the processing and the personal data have been collected in connection with the provision of information society services directly to children.

The Data Controller shall notify the User concerned of the rectification, restriction and erasure, as well as all data controllers to whom the data were previously transmitted. Notification may be omitted if it proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the User of these recipients.

8.6 Right to object: the User has the right to object to the processing of his/her personal data based on the legitimate interests of the Data Controller at any time on grounds relating to his/her particular situation. In such a case, the controller may no longer process the personal data, unless the controller proves that the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the data subject or are related to the establishment, exercise or defence of legal claims.

9. Responding to User requests

9.1 The Controller shall provide the information and take the measures referred to in point 8 free of charge. If the request of the User concerned is manifestly unfounded or excessive, in particular because of its repetitive nature, the Data Controller shall, taking into account the administrative costs of providing the requested information or information or of taking the requested action:

a) charge a reasonable fee; or
(b) refuse to act on the request.

9.2 The Data Controller shall inform the User of the measures taken in response to the request, including the provision of copies of the data, without undue delay, but no later than one month from the receipt of the request. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. The Data Controller shall inform the User of the extension of the time limit, stating the reasons for the delay, within one month of receipt of the request. Where the User concerned has submitted his request by electronic means, the information shall be provided by the Data Controller by electronic means, unless the User concerned requests otherwise.

9.3 If the Data Controller does not take action on the request of the User concerned, the Data Controller shall inform the User concerned without delay, but no later than one month from the receipt of the request, of the reasons for the failure to take action and of the right to lodge a complaint with the supervisory authority referred to in point 16 and to exercise the right to judicial remedy as provided for in the same point.

9.4. The User may submit requests to the Data Controller by any means that allows the identification of the User. The identification of the User submitting the request is necessary because the Data Controller can only grant requests to those who are entitled to do so. If the Data Controller has reasonable doubts about the identity of the natural person submitting the request, it may request additional information necessary to confirm the identity of the User concerned.

9.5. User's requests may be sent by post to the Data Controller at the address at 102 Kölcsey Ferenc Street, 4th floor, 6500 Baja, door number 10, or by e-mail to the e-mail address info@lionstack.hu. Requests sent by e-mail shall be considered as authentic by the Data Controller only if they are sent from the e-mail address provided by the User to the Data Controller and registered there, however, the use of another e-mail address shall not imply that the request is ignored. In the case of e-mail, the date of receipt shall be deemed to be the first working day following the sending of the request.

10. Data protection, data security

10.1 The Data Controller shall ensure the security of data in its data processing and data handling activities, and shall ensure the enforcement of legal provisions and other data protection and confidentiality rules by technical and organisational measures and internal procedural rules. In particular, it shall take appropriate measures to protect the processed data against unauthorised access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction or accidental damage and against inaccessibility resulting from changes in the technology used.

10.2 The data on which the measurement of the number of visits and the mapping of the habits of using the website are based are initially recorded by the Data Controller's IT system in such a way that they cannot be directly linked to any individual.

10.3 The processing of data will only be carried out for the legitimate purposes set out in this notice, to the extent necessary and proportionate for those purposes, in accordance with the applicable laws and recommendations, and with appropriate security measures.

10.4 To this end, the Data Controller uses the http protocol "https" to access the website, which allows web communication to be encrypted and uniquely identified. In addition, as described above, the Data Controller stores the processed data in encrypted data files, which are stored in separate processing lists for each processing purpose and to which access is granted to specific employees of the Data Controller, who are responsible for the tasks related to the activities indicated in this Policy and whose job responsibility is to protect the data and to handle them responsibly in accordance with this Policy and the applicable legislation.

11. Enforcement

Data subjects may exercise their rights before the courts and may also apply to the National Authority for Data Protection and Freedom of Information:

National Authority for Data Protection and Freedom of Information

Address: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, Pf. 9.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu/

In the event of a court proceeding, the action may be brought before the court of the User's domicile or residence, at the choice of the User concerned, as the court has jurisdiction to hear the case.

2024. 02. 10.