DATA PROCESSING NOTICE
I. GENERAL INFORMATION, THE DATA CONTROLLER
1.1. Person and activity of the data controller
With regard to the data processing specified in this Notice (“Notice”), the data controller is World Network Media Group (e-mail: info@worldnetworkmediagroup.com ; hereinafter: “Data Controller”).
1.2. Governing Law
The Data Controller carries out its activities under the jurisdiction of the laws of the European Union and Hungary. Data processing is primarily subject to the General Data Protection Regulation of the European Union (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation 95/46/EC; hereinafter referred to as “GDPR”).
In addition, the governing laws are:
• Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities;
• Act CXVII of 1995 on personal income tax and Act CL of 2017 on the tax burden on prizes in the event of possible prize games;
• In the case of services provided for a fee, Section 169 of Act C of 2000 on Accounting (regarding the preservation of documents, “Accounting Act”).
The relevant legislation is available at http://net.jogtar.hu.
1.3. The Data Controller’s activities, the websites
The Data Controller is a business company engaged in the development and maintenance of websites. The Data Controller develops websites that provide services to the data subjects, based on registration. The services are subject to registration and the provision of data. Registration and the use of the basic services of the individual websites are free of charge, however, the Data Controller may make certain services subject to payment of a fee. The Data Controller draws the attention of the data subjects to this in all cases.
The services of the individual websites are different (e.g. news portal, dating site, social network, etc.). The services of the individual websites are always listed precisely on the given website.
The Data Controller operates the following websites (hereinafter referred to as “Website” or “Websites”):
1.4. Scope of the Notice, the data subject
The scope of this Notice covers exclusively the activities of the Data Controller in which data of natural persons are processed. The scope of this Notice covers data processing related to the Websites.
According to the GDPR, personal data is any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
In the case of data processing covered by this Notice, the data subject is the person who contacts the Data Controller, provides his/her data and in doing so consents to the processing of his/her data.
Accordingly, the scope of this Notice does not cover data that do not concern natural persons (e.g. company data) or that cannot be linked to natural persons (e.g. statistical data, data that has been anonymized).
The scope of this Notice covers exclusively the data processing of the Data Controller. Unless otherwise stated, the scope of the Notice does not cover the services and data processing related to the promotions, sweepstakes, services, other campaigns of third parties advertising or otherwise appearing on the Websites, or the content published by them. Unless otherwise stated, the scope of the Notice does not cover the services and data processing of websites and service providers to which a link on the Website leads.
II. PRINCIPLES, PURPOSE, LEGAL BASIS OF DATA PROCESSING
2.1. Principles of data processing
The Data Controller processes data lawfully, fairly and in a manner that is transparent to the data subject. The Data Controller strives to ensure that the data it processes are accurate and up-to-date. The Data Controller ensures that the rights of the data subject are enforced and takes the necessary measures to ensure that data processing is lawful at all stages.
2.2. Purpose of data processing The purpose of the Data Controller’s data processing is to maintain the Websites, provide services, and carry out advertising activities:
• identifying the person concerned, contacting and maintaining contact with the person concerned;
• registration, recording the data provided by the person concerned;
• providing the services of the Websites, making the Websites available;
• sending advertisements to the persons concerned, market research;
• calculating and paying fees in the case of services provided for a fee;
• organizing and conducting a prize game, drawing lots;
• notifying the winners, delivering the prizes to the winners;
• managing and enforcing claims related to the prize game;
• exercising rights arising from a legal relationship, fulfilling obligations;
• fulfilling legal obligations.
2.3. Legal basis for data processing
The data subject’s consent (GDPR Article 6 (1) (a))
The legal basis for data processing is primarily the data subject’s consent. The Data Controller processes the data of the data subjects solely on the basis of the data subject’s data provision, based on the data subject’s consent. The consent is voluntary, the data subject gives his/her consent by registering, providing his/her data, and accepting this information. The data subject may withdraw his/her consent at any time.
Contract concluded between the Data Controller and the data subject (GDPR Article 6 (1) (b))
If the data subject uses the Data Controller’s fee-based service, the purpose of data processing is the payment, collection, and provision of the service. In this case, a contract is concluded between the parties, which is governed by the rules of the Civil Code. In this case, data processing is carried out in order to fulfill the contract and take steps initiated by the data subject, based on the referenced point of the GDPR.
Compliance with legal obligations (GDPR Article 6 (1) (c))
If the data subject wins a prize in a lottery, the data subject is liable to pay tax on the prize. The declaration and payment are subject to the laws specified in point 1.2 above.
III. RECORDING OF DATA, SCOPE OF DATA PROCESSED, DATA PROCESSING PROCESS, PROFILING
3.1. Collection of data
The Data Controller collects data primarily from the data subject. The Data Controller collects data from other sources only if the data subject has consented to it.
On some Websites, it is possible to register with a profile from another website (e.g. Facebook, Google). In this case, data management is always voluntary. If the data subject links their Facebook profile to their registration or registers with their Facebook profile, the profile data is managed by the Data Controller for the purpose of identifying the data subject and ensuring access.
If a recommendation system is in place on the given Website, the data subject can recommend the Website to their friends, and the Data Controller sends the link necessary for the recommendation to the data subject. The data subject can send the link to their friends, and if the friend clicks on it and then registers, the Data Controller records that the given registration was made through the data subject’s recommendation.
3.2. Scope of processed data
The Data Controller processes the following data of the data subjects:
Data necessary for the identification and contact of the data subject. The data processed are username, name, e-mail address. The purpose of the data processing is to identify the data subject, maintain contact, and in the case of a prize game, draw. Providing the data is always voluntary.
Other data provided on the data sheet. The Data Controller uses a data sheet on the Website, which contains the personal data of the data subject. The data sheet may contain different information for each Website, depending on the service provided by the given Website. The purpose of the data processing is primarily to create a profile of the data subject in order to enable him/her to use the services of the Website effectively. In addition, the purpose of the data processing is that the Data Controller can use the data to send the data subject advertisements that may be of interest to the data subject, which are the “target group” of the advertising. Providing the data is voluntary, the data subject is not obliged to provide all data.
Data related to prize games. If the Data Controller organizes a prize game, it processes the data of the draws, the data of the winners, the data related to the prize, the delivery of the prize, and the fulfillment of tax obligations. Registration, and thus participation in the prize game, is voluntary. If the data subject wins and receives his prize, thereby incurring a tax obligation, the data processing related to taxation is legally mandatory data processing.
Data related to sent advertisements. The Data Controller processes the data related to the advertisements sent to the data subject, which advertisements the data subject opens and clicks on. The data processing is related to advertising. The Data Controller uses the data to send further advertisements, to determine what advertisements to send to the data subject, during profiling in accordance with point 3.4.
Data related to fee-based services. In the case of services subject to payment of a fee, the Data Controller processes data relating to the given service, the fee to be paid, and the method of payment for the purpose of providing the service and settlement.
3.3. Data processing process
The data subject may register voluntarily on the Website, registration is not mandatory, and failure to register does not cause any disadvantage to the data subject. If the data subject registers and provides their data, the data controller will process them and will later send advertising to the data subject. The Data Controller will draw prizes during the prize games as specified in the game rules and notify the winners.
Data subjects have the right to prohibit the sending of further advertising or request the deletion of their data at any time.
3.4. Profiling for advertising purposes
According to the GDPR, profiling is any form of automated processing of personal data in which personal data is used to evaluate certain personal characteristics relating to a natural person, in particular to analyze or predict characteristics related to performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movement.
The Data Controller performs profiling on the Website during advertising.
If the data subject registers, the Data Controller is entitled to send advertising to the data subject until his/her consent is withdrawn. When determining the content of the advertisements, the Data Controller uses the data provided by the data subject. The offer that appears in the advertisement is the result of profiling. In this process, the computer program that compiles the advertisements evaluates the data about the data subject that is available to the Data Controller in a closed manner, without human intervention. Based on this data, the program determines whether the data subject belongs to the target group of the advertisement to be sent. After sending the advertisement, the Data Controller deletes the entire profiling.
During profiling, a decision is made solely on what advertisement should be sent to the data subject.
The legal basis for profiling is the data subject’s consent.
The data subject has the right to request information about profiling. The data subject has the right to express his or her point of view. The data subject may prohibit profiling.
IV. INDIVIDUAL DATA PROCESSING
4.1. Provision of services
Description of data management: The data controller manages data related to the services of the Websites and the use of the services. The Data Controller manages the registration and profile of the data subject, ensures access to the Websites and the use of the services.
Scope of data managed: All data of the data subject necessary for the use of the Website.
Purpose of data management:
• identification of the data subject, establishing and maintaining contact with the data subject;
• registration, recording of data provided by the data subject;
• provision of the services of the Websites, making the Websites available;
• sending advertisements to the data subjects, market research;
• calculation and payment of fees in the case of services provided for a fee;
• organization, implementation of prize games, raffles;
• notification of winners, delivery of prizes to the winners;
• management and enforcement of claims related to the prize game;
• exercise of rights arising from a legal relationship, fulfillment of obligations;
• fulfillment of legal obligations.
Legal basis for data processing: The legal basis for data processing is the consent of the data subject.
Duration of data processing: The data will be deleted by the Data Controller if the data subject requests it or objects to the processing of the data.
4.2. Data processing for advertising purposes
Description of data processing: The primary activity of the data controller is advertising. The Data Controller builds its database for the purpose of sending advertising to the data subjects. Participation in prize games organized by the Data Controller is free of charge, so participation is subject to registration and the data subject’s consent to the sending of advertisements. The data subject may withdraw his/her consent at any time.
The Data Controller regularly sends advertisements to the data subject until the data subject withdraws his/her consent.
Profiling takes place during advertising, as specified in point 3.4 above.
Scope of processed data: The data subject’s e-mail address, in the case of advertising sent by post, his/her mailing address, data provided by the data subject on the Website.
Purpose of data processing: The purpose of data processing is advertising.
Legal basis for data processing: The legal basis for data processing is the data subject’s consent.
Duration of data processing: The data will be deleted by the Data Controller if the data subject requests it or objects to the processing of the data.
4.3. Data processing related to prize games
Description of data processing: The Data Controller organizes prize games. Participation in the prize game is not subject to a stake payment or purchase, so the prize game does not qualify as a prize game requiring a permit or notification. In connection with the prize game, the Data Controller processes the data of the participants that are necessary for the draw. During the draw, the Data Controller draws based on the e-mail addresses, as specified in the game rules, and then notifies the winners. The prizes are delivered as specified in the game rules. The Data Controller fulfills the tax obligations related to the prizes.
The Data Controller publishes the names of the winners on the given website, unless the data subject prohibits this. If the data subject provides their photo to the Data Controller, the Data Controller publishes the photo.
Scope of processed data: Data provided by the data subject: gender, surname, first name, e-mail address. If the data subject wins, he/she must also provide the other data necessary for the delivery of the prize.
Purpose of data processing: The purpose of data processing is to conduct the prize game, draw, inform the winners, and deliver the prizes.
Legal basis for data processing: The legal basis for data processing is the consent of the data subject. During registration, the data subject declares that he/she consents to the processing of his/her data, as set out in this Notice. The declaration of acceptance and the provision of data constitute consent.
Duration of data processing: The Data Controller deletes the data if the purpose of data processing has ceased. The Data Controller deletes the data in any case if the data subject requests it.
4.4. Data processing related to fee-based services
Description of data processing: If the data subject uses a fee-based service, the Data Controller processes data related to the given service, the fee to be paid, and the payment of the fee.
Scope of data processed: The data subject’s username, name, e-mail address, data related to the given service and the fee.
Purpose of data processing:
• calculation and payment of fees in the case of services provided against payment;
• exercise of rights arising from a legal relationship, fulfillment of obligations;
• fulfillment of legal obligations.
Legal basis for data processing: The legal basis for data processing is the data subject’s consent, in the case of payment, the Accounting Act.
Duration of data processing: The Data Controller deletes the data if the data subject requests it or objects to the processing of the data. The Data Controller processes data related to receipts for eight years in accordance with the Accounting Act.
V. OTHER INFORMATION RELATED TO DATA PROCESSING
5.1. Data transfer
The Data Controller shall only transfer personal data to a third party if the data subject has clearly consented to this, knowing the scope of the data transferred and the recipient of the data transfer, or if the Data Controller has an appropriate legal basis for the data transfer.
5.2. Data security, access to data
The Data Controller ensures the security of data, takes technical and organizational measures and establishes procedural rules that ensure the enforcement of data security requirements. The Data Controller records the data it processes in accordance with applicable laws, ensuring that the data is only accessible to employees and other persons acting within the scope of the Data Controller who need it to perform their job or tasks. All persons acting within the scope of the Data Controller are only entitled to access the data whose processing is necessary for the performance of the named person’s job. The named persons are obliged to treat the data confidentially.
The Data Controller, within the scope of its tasks related to IT protection, ensures in particular:
• Measures to ensure protection against unauthorized access, including the protection of software and hardware devices, and physical protection (access protection, network protection);
• Measures ensuring the possibility of restoring data files, including regular backups and separate, secure management of copies (mirroring, backup);
• Protection of data files against viruses (virus protection);
• Physical protection of data files and the devices carrying them, including protection against fire damage, water damage, lightning strikes, other natural damage, and the recoverability of damage resulting from such events (archiving, fire protection).
The Data Controller shall take the necessary measures to protect paper-based records, in particular with regard to physical security and fire protection.
Employees, agents, and other persons acting in the interests of the Data Controller are obliged to securely store and protect the data carriers they use or possess that contain personal data, regardless of the method of recording the data.
5.3. Technical data and cookies
When the data subject visits the Website, the system connected to the Website automatically records the IP address of the user’s computer, the start time of the visit, and in some cases – depending on the computer settings – the type of browser and operating system. The data recorded in this way cannot be linked to other personal data. The data is processed solely for statistical purposes.
Cookies enable the Website to recognize previous visitors. Cookies help the Data Controller, as the operator of the Website, to optimize the Website and to adapt the Website’s services to the habits of the users. Cookies are also suitable for
• remembering settings, so that the user does not have to re-enter them when they go to a new page,
• remembering previously entered data, so that they do not have to be re-entered,
• analyzing the use of the website in order to make improvements using the information obtained in this way, so that it works as much as possible according to the user’s expectations, the user can easily find the information they are looking for, and
• monitoring the effectiveness of our advertisements.
If the Data Controller displays various contents on the Website using external web services, this may result in the storage of some cookies that are not supervised by the Data Controller, so it has no influence on what data these websites or external domains collect. Information about these cookies is provided in the regulations applicable to the given service.
The Data Controller uses Google Analytics cookies, which it uses to collect statistics on the number of visitors to the Website.
The Data Controller uses Facebook remarketing code, which allows us to reach visitors to the Website later with remarketing ads on Facebook. The remarketing code uses cookies, which makes it identifiable to Facebook that the given visitor has visited the Website.
The Data Controller uses JuicyAds cookie, which, similarly to the above Facebook remarketing cookie, allows visitors to the Website to be shown advertisements later on the JuicyAds network.
The user can set their web browser to accept all cookies, reject all of them, or notify the user when a cookie arrives on their computer. The setting options are usually found in the browser’s “Options” or “Settings” menu.
The detailed information on the English-language website www.aboutcookies.org also helps with the settings in different browsers.
5.4. Data processing
The Data Controller is entitled to use a data processor to perform its activities. Data processors do not make independent decisions, they are entitled to act only in accordance with the contract concluded with the Data Controller and the instructions received. The Data Controller monitors the work of the data processors. Data processors are entitled to use additional data processors only with the consent of the Data Controller. The Data Controller publishes the data of the data processors it uses. The Data Controller uses the following data processors:
– Websupport Magyarország Kft. (1119 Budapest, Fehérvári út 97-99.),
Hostinger International Ltd. ( Palagan Tentara Pelajar 81, 55581 ) provision of IT services, development;
– Tiger Media Inc. and ETARGET SE, ( Pribinova 25, Bratislava, Slovakia, ID 35 807 113, ) advertising and marketing services;
– PayPal (Europe) S.à.r.l. et Cie, S.C.A.22-24 Boulevard Royal L-2449 Luxembourg, operation of payment systems.
5.5. Duration of data processing
By establishing and complying with the rules on deletion, the Data Controller ensures that the duration of the processing of personal data does not exceed the necessary and lawful extent. The data is deleted in the following cases:
a. The personal data are no longer needed for the purpose for which they were collected or otherwise processed. If the purpose of the data processing has ceased and the processing of the data is not required by law, the Data Controller will delete the data.
b. The data subject withdraws his/her consent. If the data subject withdraws his/her consent or the data subject requests the deletion of the data, the Data Controller will delete the data in all cases. Deletion may only be refused if it is prohibited by law or an official regulation. If tax has been paid in connection with the winnings, the Data Controller will only delete the data relating to taxation if the deadline specified in the law has passed.
c. The data subject objects to the data processing. If the data subject objects to the processing of data for advertising purposes, the Data Controller shall delete the data in question.
d. It becomes certain that the processing of the data is unlawful. If the processing of the data is unlawful, the Data Controller shall delete it in all cases as soon as the fact of unlawful data processing becomes apparent.
e. The deletion of the data is necessary for the fulfillment of a legal obligation, or the deletion has been ordered by a court or the National Authority for Data Protection and Freedom of Information. If the deletion is mandatory under law, or it has been ordered by a court or an Authority, and the order has become final, the Data Controller shall delete the data.
5.5. Duration of data processing
By establishing and complying with the rules on deletion, the Data Controller ensures that the duration of the processing of personal data does not exceed the necessary and lawful extent. The data is deleted in the following cases:
a. The personal data are no longer needed for the purpose for which they were collected or otherwise processed. If the purpose of the data processing has ceased and the processing of the data is not required by law, the Data Controller will delete the data.
b. The data subject withdraws his/her consent. If the data subject withdraws his/her consent or the data subject requests the deletion of the data, the Data Controller will delete the data in all cases. Deletion may only be refused if it is prohibited by law or an official regulation. If tax has been paid in connection with the winnings, the Data Controller will only delete the data relating to taxation if the deadline specified in the law has passed.
c. The data subject objects to the data processing. If the data subject objects to the processing of data for advertising purposes, the Data Controller shall delete the data in question.
d. It becomes certain that the processing of the data is unlawful. If the processing of the data is unlawful, the Data Controller shall delete it in all cases as soon as the fact of unlawful data processing becomes apparent.
e. The deletion of the data is necessary for the fulfillment of a legal obligation, or the deletion has been ordered by a court or the National Authority for Data Protection and Freedom of Information. If the deletion is mandatory under law, or it has been ordered by a court or an Authority, and the order has become final, the Data Controller shall delete the data.
5.6. Handling of data breaches
A data breach is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. The Controller shall notify the National Authority for Data Protection and Freedom of Information of the data breach without undue delay, unless the data breach is unlikely to result in a risk to the rights and freedoms of data subjects. The Controller shall keep records of data breaches, together with the measures taken in relation to the breach. If the breach is serious (i.e. likely to result in a high risk to the rights and freedoms of data subjects), the Controller shall inform the data subject of the breach without undue delay.
VI. RIGHTS OF THE DATA SUBJECTS AND THEIR EXERCISE
6.1. Rights of data subjects
Information (access). The data subject has the right to receive information about the processing of his/her data. The Data Controller informs the data subject about the data processing when collecting the data, and this Information is available to the data subject at any time. The data subject may request full information about the processing of his/her data at any time during the data processing. The data subject may request that the Data Controller provide him/her with a copy of the data.
Correction. The data subject may request that the Data Controller correct inaccurate data concerning him/her and complete incomplete data.
Deletion, withdrawal of consent. The data subject may withdraw his/her consent to the processing of his/her data at any time, or request the deletion of his/her data, which he/she may do by sending a request to the following email address: info@beautifulcelebritygirls.cc . The Data Controller will only refuse deletion if the data processing is based on law or if the data processing is necessary for the establishment, exercise or defence of legal claims.
Restriction. The data subject has the right to request the restriction of processing in the following cases:
a. the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period enabling the controller to verify the accuracy of the personal data;
b. the processing is unlawful and the data subject opposes the erasure of the data and requests the restriction of their use instead;
c. the data controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims;
d. the data subject has objected to the processing; in which case the restriction shall apply for a period of time until it is determined whether the legitimate grounds of the controller override those of the data subject.
Where processing is subject to restriction, such personal data may be processed, with the exception of storage, only with the data subject’s consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for important public interests of the European Union or of a Member State.
Objection. Where processing is based on the legitimate interests of the Controller or a third party, the data subject shall have the right to object at any time to processing of personal data concerning him or her, on grounds relating to his or her particular situation. In such a case, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such purposes.
Data portability. The data subject shall have the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another controller, provided that the processing is carried out by automated means. The data subject shall have the right, where technically feasible, to request the direct transmission of the personal data to another controller.
6.2. Ensuring the rights of the data subject, handling the requests of the data subject
The Data Controller informs the data subject about the processing of the data at the same time as contacting him/her. Upon request, the Data Controller makes this Information available to the data subject and also makes it available on the Company’s website. The data subject is also provided with this, detailed Information, the fact and availability of which the Data Controller draws the data subject’s attention. The Data Controller makes available to the Data Controller the information prepared on the basis of this Information, containing the main data protection rules.
The data subject may submit a request to exercise his/her rights to the Data Controller at one of the contact details specified in point 1.1. The Data Controller shall examine the request immediately, make a decision on the fulfillment of the request, and take the necessary measures. The Data Controller shall inform the data subject of the measures taken within one month. In each case, the information shall include the measures taken by the Data Controller or the information requested by the data subject. If the Data Controller refuses to comply with the request (does not take the necessary measures to comply with the request), the information shall include the legal basis for the refusal, the reasons for it, and the legal remedies available to the data subject.
The Data Controller shall not make the fulfilment of the request subject to payment of a fee or reimbursement of costs.
If, due to the circumstances and manner of submitting the request, it is not certain that the request originates from the data subject, the Data Controller may request that the requester prove his/her entitlement or submit the request in a manner that allows for the entitlement to be clearly established.
The Data Controller shall inform all recipients to whom or with whom the personal data have been disclosed of the rectification, erasure or restriction of data processing, unless this proves impossible or requires a disproportionate effort. The data subject shall be informed of these recipients upon request by the data controller.
6.3. Legal Remedy
In the event of a violation of their rights, the data subject may request that the Data Controller terminate the unlawful data processing, investigate the data processing, and the rejection of the data subject’s request. The Data Controller shall investigate the data subject’s complaint in this regard in all cases and inform the data subject of the result.
Data subjects may report their complaints to the contact details specified in point 1.1.
The data subject may also file a complaint directly with the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; telephone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu).
The data subject has the right to apply to court in the event of a violation of their rights. Upon request, the Data Controller will inform the data subject in detail about the court with jurisdiction and competence to adjudicate the lawsuit, and about the possibility of initiating a lawsuit.
This Privacy Policy is effective as of July 6, 2025.