Privacy Policy

Privacy And Data Security Policy

The MULTISOFT Information Technology Services Limited Liability Company (seat: 1115 Budapest, Bartók Béla út 105-113.; whose records are held at the Budapest Municipal Court as Court of Registration under No. 01-09-161858) – hereinafter: Company – under Section (6)(1) of Act CXIX of 1995 on the Use of Names and Addresses for Purposes of Research and Direct Marketing, as well as for the purposes of ensuring protection and security of client data collected during its software development activity formulated the following internal data protection and data security policy – hereinafter: Data Privacy Policy – forming the unseparable Schedule 1 of the Company’s Data Processing Policy (hereinafter: Data Processing Policy).
I. GENERAL PROVISIONS
1. The Company provides among others direct marketing within the framework of activities, – including promotional activities (sending newsletters and advertisement newsletters, calls to participate in giveaways, offering products/services) and telemarketing/telesales activities – to that end handling company names and residential address data (contact details), as well as personal data.
2. Computer programming (software development) is also an activity of the Company, during which client data may be transferred to the Company in relation to carrying out this activity.
3. Data processing is carried out in compliance with the General Data Protection Rule No. (EU) 679/2016 of the European Parliament and the Council, Act CXII of 2011 on the Informational Self-determination and Freedom of Information (hereinafter: Info Act), as well as the provisions of Act CXIX of 1995 on the Use of Name and Address Information Serving the Purposes of Research and Direct Marketing, in addition to this Privacy Policy and Data Processing policy established within the framework of these regulations
4. Pursuant to the Data Privacy Policy data shall mean exclusively personal information, and Client Data shall mean data information forwarded by the contractual partners of the company in the course and for the purposes of the software development activity to the Company. Terms not defined in the data privacy policy should be interpreted according to the provisions of the regulations referred to in above Section I (3).
5. The Company ensures that data are collected and used in a fair and lawful manner.
6. The Company shall process such data
• for the purpose specified in the Data Processing Policy, thus for marketing or direct marketing activities,
• and the Client Data in the course of their software development activity performed for their contractual partners exclusively in the interest of carrying out software development activity (hereinafter jointly: activity or activities) in accordance with them, in addition to be allowed to process only data, which are required and suitable for such respective activities. Data processing is allowed exclusively to the extent required for the purposes of carrying out the respective activity and in the case of Client Data with respect to the software development activity
specified in the respective contract for the duration necessary for performing the software development activity under the respective contract.
7. The Company will ensure that no unauthorized persons have access to the data. The Company will handle the data confidentially, – with regard to Client Data not including the contractual partners in the respective contract concluded in the subject matter of the software development activity -, may not divulge any details of or allow them to be seen by third persons, furthermore they can make copies of them exclusively under the provisions of this privacy policy.
8. Access to data will be granted by the Company exclusively to employees, or persons working under any other arrangement who by virtue of their duties are authorized and obligated to
• carry out activities, and/or
• operate the server hosting data.
9. During data handling attention should be paid to data integrity.
10. In the event the process of activities changes or otherwise warranted by circumstances influencing the performance of activities, the company will – as required – amend this data protection and the data processing policy accordingly.
II. TECHNICAL MEASURES FOR DATA PROTECTION
1. The Company shall store data on password protected servers or also in password protected CRM databases ensuring that they are displayed only on password protected work stations.
2./a. The Company shall provide for the physical protection of the data-hosting server by using premises equipped with security locks (server rooms). The entrance of the premise dedicated to safeguard the server (server room) can only be accessed after entering the building of the company’s seat, any other doors and windows will prevent forced entry using generally accepted methods. The seat of the company is located in an office building with 24-hour concierge and equipped with an alarm system. There is one designated person at the company authorized to use the keys to the server room. At the same time, the Company designates a substitute person to use the keys should the person in care of the keys be unable to perform this duty for any reason. The keys can be handed over exclusively in this latter case, to the identified substitute person with the purpose of handling the keys.
2. b. In addition to this, the Company uses cloud services to store data, where access is also password-protected.
3. To prevent any unauthorized person from accessing the IT assets storing data accessible through networks all IT/information technology tools available at all times should be utilized.
4. Data may only be accessed or displayed by the persons specified in above Section 1(8) of this data privacy policy using the IT devices provided for their personal use by the company.
5. The Company shall provide the conditions of anti-virus protection regarding the IT assets referred to in Section II (4) of this data privacy policy. The persons identified in above Section I (8) of this data privacy policy are obligated to continuously take care of the anti-virus protection of the IT devices for their personal use.
6. The Company by sustaining and maintaining the actually available IT asset park shall ensure their availability and load capacity required for the software development activity as per contract.
7. The erasure of electronically stored data will be performed by final deletion.
III. ORGANISATIONAL MEASURES FOR DATA PROTECTION AND SECURITY
1. The Company will grant data access exclusively for employees, or who work for them under any other arrangement and who due to their duties are authorized and obligated to have access to such data
• to perform their respective activities, they need to have access to data pertaining to given activity, as well as to persons, who
• operate the server hosting data.
2. Persons specified under Section I (8) of this data privacy policy are obligated to take all expectable measures to ensure data security.
3. Persons specified under Section I (8) of the data privacy policy are obligated to take all expectable measures to prevent any unauthorized person accessing the devices listed under Section II (4) above. Within this framework the protection of these devices should be specifically ensured with password, furthermore these assets should be stored in a safe, closed place. It is expressly forbidden to leave such devices in an unattended vehicle even in case the vehicle is securely locked.
4. Displaying data is only allowed during the work when such activity is performed and only for that purpose, only for the time period necessary to carry out given activity.
5. Furthermore, it is expressly forbidden to print or display the data by any other physical means (hard copy) for any other purpose than performing the activity, or to take the hard copy of the document from the premises designated to carry out such tasks. It should also be ensured that while displaying data, no such data is lost, damaged or destroyed and their content does not become known to, or accessed by any unauthorized person. Should the storage of the hard copy of data become inevitable, it should be kept for the time period absolutely necessary to normally carry out the activity and only in closed premises and in lockable filing cabinets. Any hard copy of the data, when the purpose of printing the hard copy ceased to exist, should be immediately destroyed.
6. In addition to complying with the provisions of this data privacy policy and apart from taking other aspects into account for data protection considerations, the rooms and the premises, where IT devices suitable for producing hard copies are operated (computer, work stations), should be used in accordance with the data protection and IT security requirements.
7. Client Data forwarding is only permitted strictly in accordance with the provisions of the software development contract, unless otherwise stated in the relevant contract exclusively for the contractual partners under the respective contract of the Company.
8. By making the persons specified under Section I (8) of this Data Privacy Policy available, the Company ensures the completion of the services required to perform the software development as per the relevant contract.
9. The persons specified under Section I (8) of this Data Privacy Policy shall immediately notify their superiors about any data protection issue encountered in their duties, especially about security breaches resulting in accidental or unlawful destruction, loss, change, unauthorised disclosure or access (data protection incident) of the forwarded, stored or otherwise processed data.
10. The Company keeps records of the data handled ensuring control over data handling, as well as over the provisions on data protection and data security, and to trace the database path. The records include the name of the database, the date of each phase and the end of data handling, as well as the name and signature of persons handling the data along with their superiors.
IV. MISCELLANEOUS PROVISIONS
1. The Company shall inform its employees along with all other workers providing services in a different employment status about this data privacy policy and data processing policy prior to starting their activities that would affect data handling, furthermore advising them about the ramifications of the respective regulations, the procedures specified in the provisions of such regulations, as well as the mandatory compliance therewith.
2. The scope of this data privacy policy applies to all Company employees and those employed under any other legal relationship.
3. The Company reserves the right to unilaterally amend this data privacy policy.
Budapest, 29 November 2019
MULTISOFT Information Technology Services Limited Liability Company

Data Privacy Policy

Pursuant to the effective Hungarian regulations as well as Regulation No 2016/679 of the European Parliament and the Council (hereinafter: Regulation) you are voluntarily consenting to MultiSoft Ltd. (seat: 1115 Budapest, Bartók Béla út 105-113.; Company Registration Number: 01-09-161858; Data Protection Register Number: NAIH-83380/2015., NAIH-129040/2017., NAIH-112080/2017; email address: adatkezeles@multisoft.hu) – hereinafter: “MultiSoft Ltd.” or “Data Controller”, upon registering on their website, submitting a Contact form, or subscribing to the newsletter of MultiSoft Kft. (hereinafter: newsletter), to handle your personal data for data processing purposes specified under section 5 in compliance with the referred legal provisions.
This privacy policy and information (hereinafter: “Privacy Policy”) contains the rules for data processing in compliance with the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter: “Info Act”) regarding the personal data processing of natural person users of websites operated by the data controller, at http://www.multisoft.hu, and at the addresses specified therein (hereinafter: “User”), specified in this Privacy Policy, as well as the data privacy information for Users.
Please note that legal ground for data processing is your voluntary consent to such data processing. You have the right to revoke your consent to your data being processed at any time, to request information on your data being processed at any time, as well as to request rectification or deletion of your data, (cessation of data processing) for the purposes, or for some of the purposes outlined below in writing in a letter sent to “1115 Budapest, Bartók Béla út 105-113.“ or to the email address adatkezeles@multisoft.hu.
You should be especially aware that the User has the right to object to processing his or her data for direct marketing purposes in a letter sent to “1115 Budapest, Bartók Béla út 105-113.“ or to adatkezeles@multisoft.hu.
While registering on the webpage of Data Controller, submitting the Contact form, or signing up for the newsletter, the personal data entered by the User will be processed by the Data Controller until such consent is revoked by the User.
Detailed information on Users’ rights is provided under Section 9 of this Data Privacy Policy, whilst on the options of enforcing rights Section 10 of this Data Privacy Policy contains detailed explanation.
Withdrawing consent to data processing will not affect the legality of data processed until that time.
The Data Controller will not be liable for the authenticity of the data you provided.
Data Protection Register Numbers: NAIH-83380/2015., NAIH-129040/2017., NAIH-112080/2017;
1. GENERAL PROVISIONS
The Data Controller shall process the personal information of Users based on this Privacy Policy, taking into account all information by the authority in charge of data privacy (currently: National Data Protection and Freedom of Information Authority, seated at 1125, Budapest, Szilágyi Erzsébet fasor 22/C, and its website: www.naih.hu,) as well as the published judicial approach in this subject matter. By
submitting the Contact form or signing up for the newsletter, User expressly and voluntarily consents to data processing by Data Controller in compliance with the Data Privacy Policy. Please also see Section 4; (User’s Declaration) to familiarise yourself with your declarations made upon accepting this Privacy Policy.
2. AMENDMENT
Data Controller maintains the right to make unilateral amendments to this Privacy Policy by providing notice thereof to Users through their Website. The updated Privacy Policy will be posted on the website by the Data Controller no later than five (5) days before such updated Privacy Policy comes into force. The Data Controller may send a notice about the changes to this Privacy Policy to registered users of the Website through the user account available on the Website (hereinafter: User Account) or for both registered or unregistered Users via any of the options provided upon registration or upon using the website no later than five (5) days before the updated Privacy Policy comes into force. User declares to consent to keeping contact using the User Account, or the options provided by him/her, upon registration or upon using the Website.
3. PURPOSE OF DATA PRIVACY POLICY
The purpose of this Data Privacy Policy is
– to facilitate the enforcement of regulations on data protection;
– to specify the User’s scope of personal data processed by the Data Controller under Section 6, the method of data handling, respecting the privacy of natural person Users in compliance with other regulations, fulfilling the requirements of data protection and data safety.
– before starting data processing to inform Users on the identity of the Data Controller, the purpose, the duration and legal ground for data collection, as well as the options and ways to enforce User rights relating to data management, and;
– to prevent any unauthorised access to, alteration or unlawful disclosure or use of User’s personal data.
4. DECLARATION BY USER
User, by giving consent upon registering and/or signing up for the newsletter and/or submitting the Contact form, confirms having fully read this Privacy Policy, as well as to acknowledge the provisions thereof to be binding on him or herself, and voluntarily, in full awareness and definitively consents to the Data Controller managing the personal data specified in the Privacy Policy for data processing purposes specified therein – i.e. for all purposes outlined in the Privacy Policy – in compliance with the provisions of this Privacy Policy.
By registering and/or signing up for the newsletter and/or submitting the Contact form, User consents to the Data Controller managing the personal and other data voluntarily provided for the purposes outlined in Section 5, at the same time, consents to the use of his or her name and access data (email address, telephone number, residential address) for continuous, as well as for repeated contact.
The User declares that the information provided during registration is true and that it does not constitute a breach of personal or other rights, nor legally protected rights of third parties.
5. DATA PROCESSING OBJECTIVES
Management of the Users’ personal information will be carried out for:
– the use, provision, maintenance, protection of services offered through the website by the Data Controller (hereinafter: “Services”);
– further development of Services, as well as the development of new services;
– protection of the Data Controller and the User;
– for the preparation and completion of activities by the Data Controller with regard to the Services, specifically including the display of contents posted on the Website, as well as providing support for such activities by the Data Controller;
– promotional purposes related to above activities (to sending newsletters, or promotional mails, to participate in giveaways, to send product/service offers, for direct marketing and telemarketing/telesales activity, promotion of functions)..
6. SCOPE OF PERSONAL DATA MANAGED
The provisions related to handling and the protection of User’s personal data are applicable exclusively to natural persons given that personal information may only be interpreted in the context of natural persons.
The Data Controller will only register personal data that had been voluntarily provided by the User. By providing personal data, the User consents to having such personal entered in the database of the Data Controller in accordance with this Privacy Policy.
6.1. Personal information processed for the purposes of user identification, or any other activities
The Data Controller processes the following personal data of Users for identification:
(1) Natural personal identification data of user: first and surname, date of birth;
(2) User’s email address;
(3) User’s residential and mailing address;
(4) User’s direct telephone and fax number;
(5) Any personal information provided voluntarily by the User (such as address, position, interests) and other information.
The Data Controller may ask for other personal information about the User on the webpage for different activities, upon submitting such data the Users also give their express and voluntary consent to processing the personal information provided and the Data Controller may only manage the personal information provided for purposes outlined in Section 5 and only until reaching the purpose related to the activity. Any such data processing shall also be governed by this Privacy Policy.
6.2. Information processed in order to use the Services
(1) The IP address of User’s computer;
(2) Information on User’s activity related to the use of the webpage (such as tracking metrics of banner ad clicks).
Such data will be automatically logged by the Data Controller’s system. These data are not suitable for personal identification, the Data Controller shall not link the data in the log file to other personal data in order to use such data for trend analysis, for preparing statistics of site use, for administering the services, analysing and satisfying user demands, to contribute to developing the level of service.
6.3. Services /
Registration forms: on these pages the Data Controller may ask for personal data required to use the services, these are submitted also voluntarily.
Contact forms: on these pages the Data Controller may ask for personal data required to keep contact, these are submitted also voluntarily.
Newsletter: The Data Controller may also operate a newsletter sending service on the Website. If the User wishes to receive newsletter regarding the use of Services and novelties related to the Services, the Data Controller will ask only for the email address from the User for use for an indeterminate period of time, where the newsletter is expected to be received. The email address is also provided voluntarily. The newsletter may also include advertising deals or promotional offers. Pursuant to this Data Privacy Policy, the User gives his or her express consent upon signing up for the newsletter to Data Controller to send offers in its newsletters at the contact details provided. Users, who at any time after signing up for a newsletter that may be offered on the Website, decide that they no longer wish to receive the newsletters, may withdraw their consent to receiving such newsletters without justification using the method indicated in the newsletter or on the Website, or by sending an email or postal message to any of the contact details of Data Controller indicated in Section 1 of this Policy. Withdrawal of the consent to receiving the newsletters will also result in terminating data processing for this purpose.
Direct marketing: Upon registering on the website and/or signing up for the newsletter and/or submitting the Contact form, User voluntarily and expressly consents to Data Controller using the User’s personal information for the purpose of direct marketing. The consent is provided voluntarily and may be withdrawn without providing a reason at any time during the User relationship using any of the contact details posted on the Website or specified in section 1 of this Data Privacy Policy. The Data Controller may send out informational materials to Users from time to time relating to certain Services to inform Users about novelties related to such Services. Users who do not wish to receive such letters may cancel this informational service in the future at any time by mail about their intent via postal service or by using the postal address or the email address specified in section 1 of this Privacy Policy.
Sending promotional offer, direct marketing: The Data Controller may periodically send informational circulars to Users about their new services and special offers to which User under this Data Privacy Policy gives his or her voluntary and express consent upon registering on the website and/or signing up for the newsletter and/or submitting the Contact form. For these purposes, the Data Controller processes the email address, the name and the postal address of Users. In the event the User no longer wishes to receive such promotional letters, he/she may object to receiving the promotional newsletters or his/her consent to such data management may be withdrawn using the contact details of the Data Controller specified under section 1 of this Privacy Policy.
7. LEGAL GROUNDS AND METHODS OF DATA PROCESSING
The Data Controller shall collect and process the Users’ personal information exclusively for the purposes outlined in this Privacy Policy and shall ensure compliance with the purpose of data processing throughout every phase. Being aware of the provisions of this Data Privacy Policy, the User declares that giving consent to data processing and any subsequent data in each case will be provided under Article 5. (1) a) of the Info Act, as well as Article 6(1) a) of the Regulation based on a voluntary, informed and express consent by User. This voluntary, adequately informed and definitive consent provides the legal grounds of data processing by the Data Controller specified in this Privacy Policy.
In the event the User places an order on the webpage, until delivering the order pursuant to Article 6(1) b) of the Regulation and Article 6(4) of the Info Act the lawful basis for data processing is the legal interest of Data Controller in the fulfilment of the contract – in case they are needed to fulfil the contract.
8. DATA SECURITY
In compliance with Article 7 of the Info Act and Articles 32-34 of the Regulation, the Data Controller shall make every effort to ensure the security of your personal data. In addition, the Data Controller will take all necessary technical and organisational measures and establish the operational rules required to enforce the Info Act and other data and privacy regulations.
In the event there is any change to details provided by the User the corresponding updates should also be indicated This may be carried out by mailing a letter to the “1115 Budapest, Bartók Béla út 105-113.” address, or to adatkezeles@multisoft.hu email address, in the event User has a user account on the webpage, updates may also be performed on the webpage.
Cloud computing also forms a part of the Services. Cloud computing is typically international, or cross border in nature and serves the purposes of data storage, for example, where the host is not the computer/corporate IT centre of Data Controller, but a server centre located anywhere in the world. The primary advantage of cloud computing is that it is essentially moves beyond geographical location, it provides a high security and a flexible, extendable IT storage and processing capacity. The Data controller will choose partners offering cloud computing with the highest level of consideration, and shall take all reasonably expected measures to enter into agreements that prioritize the data security of Users, to make their data processing principles transparent to Users and to support data security by conducting regular reviews. By accepting this Privacy Policy, the User expressly consents to data transfer required for employing cloud computing solutions.
Links: The Website of Data Controller may also include some reference or link to certain webpages maintained by other service providers (such as buttons, logos to login or sharing options), over which Data Controller has no control with respect to personal data processing practices, or where the Data Controller is not involved in data sharing/data transfer. Users are hereby informed that by clicking on such links, they will be forwarded to the websites of other service providers. In such cases consulting the applicable data processing rules for using such websites is recommended. This Privacy Policy applies only to the website operated by the Data Controller. In the event any data is modified, deleted by the User on an external website, it will not impact the data processing by the Data Controller and such modifications must be implemented on the Website as well.
9. USER RIGHTS
The User may request information on the data processing, and if processing his or her personal information is in progress, and if during data processing in progress he/she may receive a copy of his or her personal information processed and may request access to his or her personal information, their rectification, cancellation (cessation of data processing), or restricting data handling and may also object to the handling of such personal information. The User is entitled to exercise his or her right with regard to personal data processing by sending notifications to any of the contact options specified in Section 1 of this Data Privacy Policy.
In the case of a User request outlined in this Section 9 (b)-(f) and in Section 10 of this Data Privacy Policy, the Data Controller will advise the User within one month following receipt of the request about the measures taken following up on the request at the email address submitted by User upon registration, unless a different way of advisement has been indicated in the request by the User. Based on the complexity and the number of requests, the Data Controller may extend this deadline by up to two months. The Data Controller will advise the User about the deadline extension by specifying the causes of delay within one month following receipt of the request at the most.
In the event the Data Controller fails to take measures as a follow up on the User’s request, then within one month following receipt of the request they will advise the User as to the reason of failing to take measures, as well as of User’s option to lodge a complaint at the National Agency for Data Protection, or he or she may seek judicial redress.
Any such request will be addressed by the Data Controller free of charge, except, if the request is clearly unfounded, excessive or excessive due to repetitive occurrences, in which case the Data Controller may charge a reasonable fee or may deny taking measures based on the request.
(a) Information, access
Information may be requested about personal data processing based on Article 14. A), as well as Article 15(1) of the Regulation. Upon request the Data Controller may give information to the User if his or her personal information is processed by the Data Controller or a Data Processor, who is commissioned or assigned by the Data Controller. If the information is processed by the Data Controller or by a Data Processor commissioned for processing or assigned by the Data Controller, then the Data Controller will make the personal information processed by the Data Controller or the Data Processor commissioned for processing or assigned by the Data Controller available to User and within the framework of or depending on the request will inform User about
– the source of the personal data processed and;
– the purpose and the legal ground, the duration of data processing,
– the scope of personal data,
– in case of forwarding the personal information processed the scope of recipients of data forwarding including recipients in third countries and international organisations,
– the duration of storing the personal information managed, the viewpoints in determining this time frame,
– the rights User is entitled to under the Info Act, as well as advising about the ways of enforcing such rights,
– in case of profiling, this fact itself, furthermore
– the circumstances of any eventual data protection incidents in handling User’s personal information, their impact and the measures taken to manage and mitigate them,
in addition to advising the User about their activities in relation to data processing.
Please send your request for information on data processing by mail or email to the address specified in section 1 of this Privacy Policy, which will be answered in twenty-five (25) days in writing sent to the User.
(b) Rectification
The Data Controller may rectify a personal data if requested by a User, in case some of the personal information is inaccurate and the accurate data is made available to the Data Controller. Besides, the User is entitled to ask for any missing personal data.
In compliance with the provisions in this Section 8(b) if the information processed by the Data Controller or by the Data Processor commissioned or assigned by the Data Controller is incomplete, incorrect or missing, then they will immediately be rectified or corrected by Data Controller especially so if requested by the User, or if it is compatible with the purpose of data processing, it will be complemented with the additional personal data made available by the User or with User’s comment on the personal information handled. The Data Controller will be exempted from the liability described in the previous sentence, if no correct, true and complete personal information is available and they are not provided by the User, or the truthfulness of the personal information provided by the User cannot be assessed beyond any doubt.
(c) Deletion
The Data Controller shall delete the personal information, if this or the cessation of data processing is requested by a User.
The Data Controller may only refuse a request to erase personal information in the following cases:
a) Additional processing of information is required for the freedom of expression and to exercise the right for information; or
b) additional processing of information is required to comply with the EU or member state rights stipulating the procession of personal information applicable to the Data Controller; or
c) additional processing of information is required to submit, enforce or protect legal rights. The User may request the deletion of any of his or her personal data on the Website by mail or email sent to the postal or email address provided under Section 1 of this Privacy Policy to the Data Controller. Based on User’s voluntary decision and request, the Data Controller shall delete the data requested to be deleted within twenty-five (25) days following the receipt of such a deletion request By withdrawing consent to the processing of personal data, as well as by requesting the deletion of data, the User will relinquish the right to participate in the activities related to the registration Deletion is cost-free in all cases.
(d) Restriction of data processing
The Data Controller will restrict data processing, if
– the User disputes the accuracy, truthfulness or completeness of the personal data processed by the Data Controller or by the Data Processor commissioned or assigned by the Data Controller, and the accuracy, truthfulness and completeness of the personal data processed cannot be established beyond any doubt, or
– as a result of unlawful data processing the information should be deleted due to the unlawfulness of data processing, but based on the written statement by the User or based on the information available for the Data Processor there are grounds to believe that deleting the information would harm legitimate user interests, for the duration of legitimate interests giving grounds for not deleting data or
– due to unlawful data processing the information should be deleted, but for examinations or procedures carried out by the Data Controller or by or with the participation of other bodies with public service mission set forth in regulations – thus especially in criminal proceedings – the information should be retained as evidence until closing such examination or procedure.
Personal data restricted in this fashion will be handled by the Data Controller only until the time the purpose of data handling that excluded the deletion of the personal data continues to exist. Restricted personal information, except for storage, may only be processed for enforcing legitimate User interests, or with User’s consent, or for litigation, enforcement of to defend legal claims, or in the defence of other natural or legal entity or on the grounds of an important public interest of the European Union or a member state. The Data Controller will notify the User if restriction is imposed. The Data Controller will give advance notice to User on the withdrawal of restriction, in the case restriction was necessary for verifying data accuracy, truthfulness or completeness.
(e) Objection
The User may at any time object to processing his or her personal information. In the event the User objects to data processing, then his or her personal data should not be further processed, unless the Data Controller proves that there is a compelling justification for data processing which outweigh User interests, rights and freedoms, or which are linked to litigation, enforcement of defence of legal claims.
In the event the User objects to processing personal information for direct marketing efforts, then the personal information may not be further used for such purpose.
To object to data processing for direct marketing, the User has options ranging from other communications to selecting the appropriate checkbox on the website of the Data Controller.
(f) Right to Data Portability
Within the scope of right to data portability the User is entitled to ask for a structured, widely used, machine-readable copy of his or her personal information processed by the Data Controller, as well as to ask the Data Controller to directly forward his or her personal information to another data controller.
10. RIGHTS TO LEGAL REDRESS
(a) Judicial Enforcement
The User may turn to court in relation to the Data Controller or – to the data processing operations falling within the Data Controller’s activities – against the Data Controller, if in his or her view the Data Controller or the Data Processor commissioned or assigned by the Data Controller handles his or her personal information contravening the provisions outlined in the regulations on personal data processing or in any mandatory EU legislative act.
Demonstrating compliance with the requirements outlined in regulations or in the mandatory EU legislative acts on processing personal information is the responsibility of Data Controller or Data Processor commissioned by the Data Controller.
The case may be brought before the court competent according to his or her residence or place of stay at his or her discretion. Persons with no legal capacity may also be party to the case.
If the Data Controller or the Data Processor commissioned or assigned by the Data Controller breaches the provisions set forth in the regulations or mandatory EU legislative acts on processing personal information, thus causing damage to others is liable to compensate for.
If the Data Controller or the Data Processor commissioned or assigned by the Data Controller breaches the provisions set forth in the regulations or mandatory EU legislative acts on processing personal information, infringing personality rights of somebody else, the person whose personality rights suffered harm by the Data Controller or the Data Processor commissioned or assigned by the Data Controller may claim compensation in tort.
The detailed means of enforcement, as well as the detailed legal provisions on the responsibilities of the Data Controller are set out in the Info Act.
The rights of incapacitated Users, or Users with limited legal capacity regarding data processing – including giving consent to personal data processing – will be exercised by their legal representative, or guardian and the User’s responsibilities will be fulfilled by such representative or guardian. No consent or post factum approval by the legal representative or guardian is required for the validity of a consent provided by a minor under the age of 16.
(b) Public Enforcement
The User
– may initiate an investigation by the National Agency for Privacy Protection to examine the legality of measures by the Data Controller, if before starting data processing the Data Controller failed to inform the User or failed to inform in accordance with the provisions of the Info Act, or hindered the User in
enforcing his or her rights outlined in Section 9 of this Data Processing Policy or refused the application to enforce such rights, or
– may initiate a procedure by the National Agency for Privacy Protection if in his or her view during processing his or her personal information the Data Controller or the Data Processor commissioned or assigned by the Data Controller breaches the provisions specified in the Regulation or in the mandatory EU legislative acts on data processing.
11. CLOSING PROVISIONS
The Internal Data Protection and Data Security Policy of Data Controller forms a not severable Schedule I of this Policy that specifies all technical and organisational measures ensuring the protection of data processed for direct marketing.
Budapest, 29 November 2019