Data management policy

The HeavenFace.com website (hereafter referred to as the Website), hereinafter referred to as "Data Controller", is particularly concerned with the protection of personal data, compliance with mandatory legal provisions and safe data management.

In all cases, the Data Controller handles the personal data made available to you in compliance with applicable Hungarian and European legislation and ethical requirements, and in all cases, takes the technical and organizational measures necessary for the proper security of data management.

This policy is based on the following effective laws:
• CVIII of 2001 TV. on certain issues of electronic commerce services and information society services
• Act CXII of 2011 on Information Self-Determination and Freedom of Information
• 2016/679 / EU Regulation (April 27, 2016) natural persons handling personal data
and the free movement of such data and repealing Regulation 95/46 / EC.

The Data Controller undertakes to abide by these Rules unilaterally and asks its customers to accept the provisions of the Code. The Data Controller reserves the right to change the Privacy Policy, in which case the revised Policy will be made publicly available.
Interpretative provisions

Personal data: any data that can be associated with a specified (identified or identifiable) natural person (hereinafter referred to as "affected"), a deduction from the data, and a conclusion on the data subject. Personal data retains its quality during data management until its relationship with the affected person can be restored. A person is considered to be identifiable, in particular, if he or she can be identified, directly or indirectly, by a name, identification mark, or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

Contribution: A voluntary and determined expression of the will of the data subject, based on appropriate information and with unambiguous consent to the processing of personal data relating to him or her, wholly or in part.

Protest: a statement by the data subject to object to the processing of his / her personal data and requests the termination of the data management and the deletion of the data processed.

Data Controller: a natural or legal person, or an entity without legal personality, who either independently or with others determines the purpose of data management, makes and implements decisions relating to data management (including the device used), or implements it with the Data Processor.

Data management: any operation or operation performed on the data, irrespective of the procedure used, including, in particular, collection, recording, recording, systematization, storage, alteration, use, query, transmission, disclosure, alignment or interconnection, blocking, deletion and destruction; preventing further use of the data, taking photographs, sound or images, and recording physical characteristics suitable for identifying the person.

Data transfer: making the data available to a specific third party.

Disclosure: Making data available to anyone.

Deleting data: making data unrecognizable in such a way that recovery is no longer possible.

Data blocking: to limit the further processing of the data to an identifier for a definitive or definite period of time.

Data Destruction: The complete physical destruction of data media containing data.

Third party: any natural or legal person or organization without legal personality which is not the same as the data subject, data controller or data processor.

EEA State: a Member State of the European Union and another State party to the Agreement on the European Economic Area and a State of which the European Economic Community is a party under an international treaty between the European Union and its Member States and a non-member State of the European Economic Area. Enjoy the same status as a national of a State party to the Agreement.

Third Country: Any State that is not a EEA State.

Data Protection Incident: Illegal handling or processing of personal data, in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction and damage.

Principles of data management

Personal data may be handled if the data subject agrees or is ordered by law or, under the authority of the law, within the limits set by the local government decree.

Personal data may only be processed for a specific purpose, for the purpose of exercising rights and fulfilling an obligation. Data management must meet this objective at all stages.

Only personal data that is essential for the purpose of data management, suitable for the purpose, only to the extent and for the time necessary to achieve the purpose, can be managed.

Personal data can be transmitted and the various data processing can be linked if the data subject has given consent or is permitted by law, and if the conditions of data management are met for each personal data.

Personal data may be transferred to a data controller or data processor in a third country, irrespective of the medium or the mode of data transmission, if the data subject has explicitly given his consent or is permitted by law, and in the processing or processing of the data transferred in the third country. adequate protection of personal data is ensured.

In the case of mandatory data management, the purpose and conditions of data management, the scope and availability of the data to be processed, the duration of the data management, and the identity of the data controller are determined by the Data Management Act or the Local Government Decree.

The law may require the disclosure of personal data from the public interest, by explicitly indicating the scope of the data. In all other cases, the consent of the data subject, written consent of the data subject, is required for disclosure. In case of doubt, it must be presumed that the data subject has not given his consent.

The consent of the data subject shall be deemed to have been given with regard to the data which he / she has provided or which he / she has provided for the purpose of disclosure.

In proceedings initiated at the request of the data subject, his / her consent to the processing of his / her necessary data shall be presumed. The attention of the data subject should be drawn to this fact.

The data subject may submit his / her consent to the Data Controller in a written agreement to fulfill the contract. In this case, the contract must contain all the information that the data subject must know about the processing of personal data, in particular the definition of the data to be processed, the duration of the data management, the purpose of the use, the transmission of the data, the use of the data processor. The contract must include unambiguously the consent of the data subject to the processing of his or her data as specified in the contract.

The right to the protection of personal data and the privacy of the data subject! - if there is no exception to the law - other interests related to data management, including publicity of data of public interest, should not be infringed.

The power of the Website

Website Service

The Website provides an interface for two or more people to communicate (chat) online in real time, based on mutual consent. Conducting internal correspondence.
Use of services

The use of the Services of the Website requires a one-time connection (registration), in which the user specifies the information on the registration form.
Storing personal data

No personal data is stored on the Website, as we do not verify the authenticity of the data provided upon registration. By using the remaining data, it is not possible to connect users to a real person.
Data provided at registration

Nickname Fictitious fantasy name. In addition to simplifying login, it is designed to distinguish users.

E-mail address: The e-mail address is only used to identify the user at login. Not for anyone.

Password: The password is only used to identify the user at login. Not for anyone. Passwords are handled with special protection and stored in a database only in encrypted form. It is recommended that you create a password specifically designed for this Website.

Date of birth: Used to indicate age from birth date. Age is a public data for all users, but the date of birth can be limited at the discretion of each user.

Gender: The user's gender is publicly available to all users.

Data provided in the datasheet

The user can decide on the provision of the data in the user data sheets. By completing the data, the User agrees that the data he / she has provided will be made public to the registered users. If the user does not want to share any data, you can leave the fields there blank.

Location: Users have the option to set a location. Here you can enter a city name, county, or country. This can be fictitiously approximate. By filling in, the user agrees that his / her stay will appear on the map with other users.
Background data

The Data Manager records the user's IP address, browser type, operating system, and language. They are not related to user-defined data. Their recording is for statistical purposes only.
Duration of data management

Data management lasts until the registration is canceled.

Registration will be canceled if:
- the user deletes their own registration at their own discretion.
- The Controller finds any irregularities.
- a Moderator considers this to be justified.
- it is ordered by an authority or court.

User Responsibility

Users may disclose each other's data only with the consent of the other party.
Your consent is not required in the case of a public public act or if you have already made your data public.


The Data Controller provides the data security of the users as expected. It cannot be held responsible if the user's own negligence has resulted in his profile becoming unauthorized and resulting in damage.

Rights of stakeholders

The data subject may request information on the management of his or her personal data and may request the rectification of his / her personal data, or, except for the data processing provided by law, the deletion of the registration on the link in the settings or on any of the Data Controller's availability.

At the request of the data subject, the Data Controller shall provide information on the data it manages, the purpose of the data processing, its legal basis, duration, the name, address (seat) of the data processor and its activities related to data management, as well as who and for what purposes the data are received or received.

The Data Controller shall provide the information in writing, in a comprehensible form, free of charge, in the shortest possible time from the submission of the application, but not later than within 25 days.

The Data Controller is obliged to correct personal data that does not correspond to reality.

Personal data is deleted by the Data Controller if its management is unlawful, the data subject requests it, the incomplete or erroneous - and this state cannot be legally corrected - provided that the cancellation is not precluded by law if the purpose of the data management ceased, the statutory deadline for storing the data expired or ordered by the court or data protection commissioner.

It informs the data subject and all those who have previously forwarded the data for data management. The notification may be omitted if it does not violate the legitimate interest of the data subject with respect to the purpose of the data management.

The data subject may object to the processing of his or her personal data if the processing (transfer) of personal data is solely for the purpose of enforcing the right or legitimate interest of the data controller or the data recipient, unless the data management is prescribed by law, the use or transmission of personal data is direct marketing, opinion polling or for scientific research, the exercise of the right of objection is otherwise permitted by law.

The Data Controller - with the simultaneous suspension of data management - is obliged to examine the protest within the shortest possible time from the submission of the application, but within a maximum of 15 days, and to inform the applicant in writing of its outcome. If the objection is justified, the data controller is obliged to terminate the data management, including further data collection and data transfer, and to block the data, and to inform all those to whom the personal data affected by the protest has previously been forwarded and about the measures taken on the basis of the objection. they must take action to enforce the right of protest.

User agrees to use COOKIE! We apply them in certain areas of the Website.