Effective: from 21 April, 2023

1. Who are we?
   1.1 We are Queen Code. We own and operate this site. Our contact details are on the site. Please contact us if you have any questions or feedback about this policy. 
2. What’s the point of this policy?
   2.1 This policy tells you how we deal with your “personal data” (i.e. technical term for information about any identified or identifiable living person). Please read on to find out what kinds of personal data we collect, how we use and protect it, to whom we disclose it and how you can access and rectify it.
   
   2.2 Please do not use our site unless you are completely happy with this policy. If you do use our site, we will assume that you do accept it.

1. Might the policy change?
   3.1 It may well do and so you should check it whenever you visit our site. We will assume you agree to the revised policy if you use the site after the effective date shown at the top of the policy. 

1. What personal or other data do we collect? 
   4.1 We collect and store the information which you give us via forms on our site – such as your name, address, email address, phone number and so on – or when communicating with us by email or in some other way.
   
   4.2 We may receive and store certain information automatically when you interact with us. Examples include the internet protocol (IP) address used to connect your computer to the internet, connection information such as browser type and version, your operating system and platform, device-type, a unique reference number linked to the data you enter on our system, login details, the full URL clickstream to, through and from our site (including date and time), cookie number, activity on our website including the pages you visited andsearches you made.
2. What about cookies?
   5.1 We use cookies. A cookie is a small file of letters and numbers that we put on your computer.  Our site’s functionality will be limited if you do not accept cookies. 
   
   5.2 Cookies are widely used to make websites work, or work more efficiently, as well as to provide information to the site owner or others. Session cookies are temporary cookies that remain in the cookie file of your browser only until you leave the site. They allow websites to link your actions during a browser session. Persistent cookies stay in the cookie file of your browser for longer (though how long will depend on the lifetime of the specific cookie). For further information on cookies, including how to use your browser to block them, visit: www.allaboutcookies.org.
   
   5.3 Cookies are used on this site for the following purposes:
   
   a) Session cookies: We use session cookies to enable the website to keep track of your movement from page to page and store your selections so you do not get asked repeatedly for the same information. These cookies allow you to proceed through many pages of the site quickly and easily without having to authenticate or reprocess each new area you visit. 
   
   b) Google Analytics (“GA”) cookies:  Google sets persistent cookies (up to two years) to recognize and count the number of site visitors as well as providing other information about the visit such as duration, route through the site and what sites the visitor came from. This information helps us to improve the way our site works, for example by making sure users find what they need easily. Click here for more information about GA cookies. Click here to opt out of Google Analytics. 
3. How do we use your personal data? 
   6.1 We use your personal data to provide our services e.g., send service messages, process payments and/or fulfil orders. 
   
   6.2 We use your personal data to help us communicate with you effectively should you try to contact us via our site. 
   
   6.3 If you have given permission on our site, we may use your personal data to send you emails (or other communications such as mail, phone or SMS) with details of our or third-party goods or services which may be of interest to you including information about special offers or promotions.
   
   6.4 We may use personal data to recognize you when you visit or return to our site to track anonymized traffic and usage patterns, to prevent or detect fraud or abuses or to help us improve our site. We may use cookies to do this. See above.
   
   6.5 We retain personal data from closed accounts in order to comply with legal obligations, enforce our terms and conditions, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations and take other actions as permitted by law.
   
   6.6 We may access, remove, alter, store or otherwise use any personal data if we have reason to believe that it breaches our terms and conditions, or that such steps are necessary to protect us or others, or that a criminal act has been committed, or if we are required to do so by law or appropriate authority.
4. How do we protect personal data? 
   7.1 Security is a high priority. We take appropriate precautions to protect personal data.
   
   7.2 Email and other electronic communications are not secure if they have not been encrypted. Your communications may pass through servers in a number of countries before they reach us. So, we donot accept responsibility for any unauthorised access to or loss of personal data that stems from a cause beyond our control. Nor can we be held responsible for the actions or omissions of other users or third parties who may misuse your personal data which they collect from the site.
5. To whom do we disclose personal data? 
   8.1 Payment details including credit card numbers are supplied direct to our payment partner, Stripe, Inc. We do not receive such information. To ensure your details are not being used without consent, your personal data may be supplied by our payment partners to relevant third parties including credit reference and fraud prevention agencies, who may keep a record of that information.
   
   8.2 We may allow access to your personal data by third parties who supply us with a service.  Examples include e-commerce platform providers, website hosts and businesses which assist us in undertaking communications or monitoring our site.
   
   8.3 We do not provide your personal data to third parties for marketing purposes.
   
   8.4 Very important: Any information which you include with your enquiry including name, email address, phone number, etc. may be passed to the restaurant or other entity in respect of which the enquiry was made.
   
   8.5 We may disclose personal data so far as reasonably necessary:
   a) if we have reason to believe that it breaches our terms and conditions, or that such steps are necessary to protect us or others, or that a criminal act has been committed, or if there has been a complaint about content posted by you, or if we are required to do so by law or appropriate authority; or
   b) in the case of an actual or proposed (including negotiations for a) sale or merger or business combination involving all or the relevant part of our business.
   
   8.6 We may store or transfer personal data outside the European Economic Area (EEA) for the purposes stated in this policy. If so, we will of course comply with the applicable laws relating to data transfer outside the EEA.
   
   8.7 Except as otherwise specifically included in this policy, this document addresses only the use and disclosure of information we collect from you. If you disclose your information to third parties, whether they are other users of our site or other websites, different rules may apply to their use or disclosure of your information.

How can you access and rectify personal data? 
9.1 You can access and rectify your personal data by contacting us by the means shown on our website. We may charge an administration fee in line with data protection laws.

10. What are the basic principles for data management?

10.1 Personal data must be handled in accordance with the following principles:

1. a) legality, fair procedure and transparency; the data must be handled legally and fairly, as well as in a transparent manner for the data subject;
2. b) purpose limitation: data may only be collected for specific, clear and legitimate purposes, and they may not be handled in a manner incompatible with these purposes;
3. c) data economy: they must be appropriate and relevant from the point of view of the purposes of data management, and must be limited to what is necessary;
4. d) accuracy: the data must be accurate and, if necessary, up-to-date; all reasonable measures must be taken in order to immediately delete or correct personal data that is inaccurate in terms of the purposes of data management;
5. e) limited storability: the data must be stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management;
6. f) integrity and confidentiality: the data must be handled in such a way that, by applying appropriate technical or organizational measures, the appropriate security of personal data is ensured, including protection against unauthorized or illegal processing, accidental loss, destruction or damage of the data;
7. g) accountability: the data controller is responsible for compliance with the above, and must also be able to prove this compliance.

The data management of our company is carried out in accordance with the provisions of this section.

11. What are the rights of the data subjects?

11.1. The right of access - The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is in progress, he is entitled to access the personal data and GDPR (Articles 13-15) Article) (in particular: data manager and his/her contact information; purpose and legal basis of data management; recipients of personal data or categories of recipients; criteria for determining the time or duration of data storage).

11.2. Right to rectification - The data subject has the right to have inaccurate personal data concerning the data subject corrected without undue delay upon request. Taking into account the purpose of the data management, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

11.3. Right to erasure - The data subject has the right to request that the data controller delete the personal data concerning the data subject without undue delay, and the data controller is obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:
a) personal data are no longer needed for the purpose for which they were collected or otherwise processed;
b) the data subject withdraws the consent that forms the basis of the data management pursuant to point a) of Article 6 (1) or point a) of Article 9 (2) of the GDPR, and there is no other legal basis for the data management;
c) the data subject objects to the data processing based on Article 21 (1) of the GDPR and there is no overriding legal reason for data processing, or the data subject objects to the data processing based on Article 21 (2);
d) personal data were handled unlawfully;
e) personal data must be deleted in order to fulfill the legal obligation prescribed by EU or Member State law applicable to the data controller;
f) the collection of personal data took place in connection with the offer of information society-related services referred to in Article 8 (1) of the GDPR.

11.4. The right to be forgotten - If the data controller has disclosed personal data and is obliged to delete it, taking into account the available technology and the costs of implementation, it will take reasonably expected steps - including technical measures - in order to inform the data controllers that process the data that the data subject requested the deletion of the links to the personal data in question or the copy or duplicate of this personal data.

11.5. The right to restrict data processing - The data subject has the right to request that the data controller restrict data processing if one of the following conditions is met:
· the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period that allows the data controller to verify the accuracy of personal data;
· the data processing is illegal and the data subject opposes the deletion of the data and instead requests the restriction of its use;
· the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims;
· the data subject objected to data processing; in this case, the limitation for that period applies until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.

11.6. The right to data portability - The data subject has the right to receive the personal data concerning the data subject provided to the data controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller without being hindered by the the data controller to whom the personal data was made available.

11.7. The right to protest - In the case of data processing based on legitimate interest or public authority as legal grounds, the data subject has the right to object to the processing of his personal data at any time for reasons related to his own situation, including profiling based on the aforementioned provisions.

11.8. Objection in the event of direct business acquisition - If personal data is processed for the purpose of direct business acquisition, the data subject has the right to object at any time to the processing of personal data concerning the data subject for this purpose, including profiling, if it is related to direct business acquisition. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, then the personal data may no longer be processed for this purpose.

11.9.Automated decision-making in individual cases, including profiling - The data subject has the right not to be covered by the scope of a decision based solely on automated data management - including profiling - which would have legal effects for the data subject or similarly significantly affect the data subject would affect to an extent.

 

12. Remedies

The data subject has the following legal remedies in relation to our Company's data management:

12.1. Request for further information - At any time, you may request information about the management of your personal data, as well as request the correction of your personal data, and with regard to data processed on the legal basis of consent, you may request the deletion of personal data or withdraw your consent.

Upon request, we provide information about the data managed by us or processed by the processor commissioned by us, the purpose, legal basis, and duration of the data management. The User's personal data will be deleted if its processing is illegal, if he requests it, if the purpose of the data management has ceased, if it is incomplete or incorrect and this state cannot be legally corrected - provided that the deletion is not excluded by law - or if the storage of data is defined by law the deadline has expired, it was ordered by the court or the data protection commissioner.

12.2. Notification to the National Data Protection and Freedom of Information Authority (NAIH) - The data subject has the right to make a notification to the NAIH and to initiate an NAIH investigation or official procedure regarding our Company's data management. NAIH contact details: Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c., Tel.: +36-1-391-1400, Fax: +36-1-391-1410, Internet: www.naih.hu, E- mail: ugyfelszolgalat@naih.hu

END