Please note that legal ground for data processing is your voluntary consent to such data processing. You have the right to revoke your consent to your data being processed at any time, to request information on your data being processed at any time, as well as to request rectification or deletion of your data, (cessation of data processing) for the purposes, or for some of the purposes outlined below in writing in a letter sent to “1112 Budapest, Kőérberki út 36.“ or to the email address firstname.lastname@example.org.
You should be especially aware that the User has the right to object to processing his or her data for direct marketing purposes in a letter sent to “1112 Budapest, Kőérberki út 36.“ or to email@example.com.
While registering on the webpage of Data Controller, submitting the Contact form, or signing up for the newsletter, the personal data entered by the User will be processed by the Data Controller until such consent is revoked by the User.
Withdrawing consent to data processing will not affect the legality of data processed until that time.
The Data Controller will not be liable for the authenticity of the data you provided.
Data Protection Register Numbers: NAIH-83380/2015., NAIH-129040/2017., NAIH-112080/2017;
1. GENERAL PROVISIONS
4. DECLARATION BY USER
By registering and/or signing up for the newsletter and/or submitting the Contact form, User consents to the Data Controller managing the personal and other data voluntarily provided for the purposes outlined in Section 5, at the same time, consents to the use of his or her name and access data (email address, telephone number, residential address) for continuous, as well as for repeated contact.
The User declares that the information provided during registration is true and that it does not constitute a breach of personal or other rights, nor legally protected rights of third parties.
5. DATA PROCESSING OBJECTIVES
Management of the Users’ personal information will be carried out for:
6. SCOPE OF PERSONAL DATA MANAGED;
The provisions related to handling and the protection of User’s personal data are applicable exclusively to natural persons given that personal information may only be interpreted in the context of natural persons.
6.1. Personal information processed for the purposes of user identification, or any other activities
The Data Controller processes the following personal data of Users for identification:
(1) Natural personal identification data of user: first and surname, date of birth;
(2) User’s email address;
(3) User’s residential and mailing address;
(4) User’s direct telephone and fax number;
(5) Any personal information provided voluntarily by the User (such as address, position, interests) and other information.
6.2. Information processed in order to use the Services
(1) The IP address of User’s computer;
(2) Information on User’s activity related to the use of the webpage (such as tracking metrics of banner ad clicks).
Such data will be automatically logged by the Data Controller’s system. These data are not suitable for personal identification, the Data Controller shall not link the data in the log file to other personal data in order to use such data for trend analysis, for preparing statistics of site use, for administering the services, analysing and satisfying user demands, to contribute to developing the level of service.
Registration forms: on these pages the Data Controller may ask for personal data required to use the services, these are submitted also voluntarily.
Contact forms: on these pages the Data Controller may ask for personal data required to keep contact, these are submitted also voluntarily.
7. LEGAL GROUNDS AND METHODS OF DATA PROCESSING
In the event the User places an order on the webpage, until delivering the order pursuant to Article 6(1) b) of the Regulation and Article 6(4) of the Info Act the lawful basis for data processing is the legal interest of Data Controller in the fulfilment of the contract – in case they are needed to fulfil the contract.
8. DATA SECURITY
In compliance with Article 7 of the Info Act and Articles 32-34 of the Regulation, the Data Controller shall make every effort to ensure the security of your personal data. In addition, the Data Controller will take all necessary technical and organisational measures and establish the operational rules required to enforce the Info Act and other data and privacy regulations.
In the event there is any change to details provided by the User the corresponding updates should also be indicated This may be carried out by mailing a letter to the “1112 Budapest, Kőérberki út 36.” address, or to firstname.lastname@example.org email address, in the event User has a user account on the webpage, updates may also be performed on the webpage.
9. USER RIGHTS
In the event the Data Controller fails to take measures as a follow up on the User’s request, then within one month following receipt of the request they will advise the User as to the reason of failing to take measures, as well as of User’s option to lodge a complaint at the National Agency for Data Protection, or he or she may seek judicial redress.
Any such request will be addressed by the Data Controller free of charge, except, if the request is clearly unfounded, excessive or excessive due to repetitive occurrences, in which case the Data Controller may charge a reasonable fee or may deny taking measures based on the request.
(a) Information, access
Information may be requested about personal data processing based on Article 14. A), as well as Article 15(1) of the Regulation. Upon request the Data Controller may give information to the User if his or her personal information is processed by the Data Controller or a Data Processor, who is commissioned or assigned by the Data Controller. If the information is processed by the Data Controller or by a Data Processor commissioned for processing or assigned by the Data Controller, then the Data Controller will make the personal information processed by the Data Controller or the Data Processor commissioned for processing or assigned by the Data Controller available to User and within the framework of or depending on the request will inform User about
in addition to advising the User about their activities in relation to data processing.
The Data Controller may rectify a personal data if requested by a User, in case some of the personal information is inaccurate and the accurate data is made available to the Data Controller. Besides, the User is entitled to ask for any missing personal data.
In compliance with the provisions in this Section 8(b) if the information processed by the Data Controller or by the Data Processor commissioned or assigned by the Data Controller is incomplete, incorrect or missing, then they will immediately be rectified or corrected by Data Controller especially so if requested by the User, or if it is compatible with the purpose of data processing, it will be complemented with the additional personal data made available by the User or with User’s comment on the personal information handled. The Data Controller will be exempted from the liability described in the previous sentence, if no correct, true and complete personal information is available and they are not provided by the User, or the truthfulness of the personal information provided by the User cannot be assessed beyond any doubt.
The Data Controller shall delete the personal information, if this or the cessation of data processing is requested by a User.
The Data Controller may only refuse a request to erase personal information in the following cases:
a) Additional processing of information is required for the freedom of expression and to exercise the right for information; or
b) additional processing of information is required to comply with the EU or member state rights stipulating the procession of personal information applicable to the Data Controller; or
c) additional processing of information is required to submit, enforce or protect legal rights.
(d) Restriction of data processing
The Data Controller will restrict data processing, if
Personal data restricted in this fashion will be handled by the Data Controller only until the time the purpose of data handling that excluded the deletion of the personal data continues to exist. Restricted personal information, except for storage, may only be processed for enforcing legitimate User interests, or with User’s consent, or for litigation, enforcement of to defend legal claims, or in the defence of other natural or legal entity or on the grounds of an important public interest of the European Union or a member state. The Data Controller will notify the User if restriction is imposed. The Data Controller will give advance notice to User on the withdrawal of restriction, in the case restriction was necessary for verifying data accuracy, truthfulness or completeness.
The User may at any time object to processing his or her personal information. In the event the User objects to data processing, then his or her personal data should not be further processed, unless the Data Controller proves that there is a compelling justification for data processing which outweigh User interests, rights and freedoms, or which are linked to litigation, enforcement of defence of legal claims. In the event the User objects to processing personal information for direct marketing efforts, then the personal information may not be further used for such purpose.
To object to data processing for direct marketing, the User has options ranging from other communications to selecting the appropriate checkbox on the website of the Data Controller.
(f) Right to Data Portability
Within the scope of right to data portability the User is entitled to ask for a structured, widely used, machine-readable copy of his or her personal information processed by the Data Controller, as well as to ask the Data Controller to directly forward his or her personal information to another data controller.
10. RIGHTS TO LEGAL REDRESS
(a) Judicial Enforcement
The User may turn to court in relation to the Data Controller or – to the data processing operations falling within the Data Controller’s activities – against the Data Controller, if in his or her view the Data Controller or the Data Processor commissioned or assigned by the Data Controller handles his or her personal information contravening the provisions outlined in the regulations on personal data processing or in any mandatory EU legislative act.
Demonstrating compliance with the requirements outlined in regulations or in the mandatory EU legislative acts on processing personal information is the responsibility of Data Controller or Data Processor commissioned by the Data Controller.
The case may be brought before the court competent according to his or her residence or place of stay at his or her discretion. Persons with no legal capacity may also be party to the case.
If the Data Controller or the Data Processor commissioned or assigned by the Data Controller breaches the provisions set forth in the regulations or mandatory EU legislative acts on processing personal information, thus causing damage to others is liable to compensate for.
If the Data Controller or the Data Processor commissioned or assigned by the Data Controller breaches the provisions set forth in the regulations or mandatory EU legislative acts on processing personal information, infringing personality rights of somebody else, the person whose personality rights suffered harm by the Data Controller or the Data Processor commissioned or assigned by the Data Controller may claim compensation in tort.
The detailed means of enforcement, as well as the detailed legal provisions on the responsibilities of the Data Controller are set out in the Info Act.
The rights of incapacitated Users, or Users with limited legal capacity regarding data processing – including giving consent to personal data processing – will be exercised by their legal representative, or guardian and the User’s responsibilities will be fulfilled by such representative or guardian. No consent or post factum approval by the legal representative or guardian is required for the validity of a consent provided by a minor under the age of 16.
(b) Public Enforcement
11. CLOSING PROVISIONS
The Internal Data Protection and Data Security Policy of Data Controller forms a not severable Schedule I of this Policy that specifies all technical and organisational measures ensuring the protection of data processed for direct marketing.
This Policy will take effect on 25 May 2018.
Budapest, 24 May 2018