Personal data shall be:
The controller shall be responsible for, and be able to demonstrate (‘accountability’).
Controller declares that data management is carried out in accordance with the principles set out in this section.
1. The fact of data collection, the range of data processed and the purposes of data processing:
Personal Data | Purpose of data processing |
Name | Identification |
Phone number | Contact, coordination |
Contact, needs for sending the offer (answer) | |
Message | It is necessary for the customization of the offer |
Date of request | Performing a technical operation |
IP address of request | Performing a technical operation |
The email address does not need to contain personal information.
2. Affected: every person who requested an offer
3. Duration of data processing, deadline for deletion of data: If any of the conditions of Article 17 (1) of the GDPR exists, the data subject shall be deemed to have been canceled. The controller shall inform the data subject electronically of the deletion of any personal data provided by the data subject pursuant to Article 19 of the GDPR. If the data subject’s cancellation request also covers the e-mail address given by him / her, the data manager will also delete the e-mail address after the notification.
4. Identity of potential data controllers authorized to access the data, recipients of personal data: Personal data may be handled by authorized personnel of the Controller in accordance with this Policy.
5. Description of the data subjects’ rights to data processing: • The data subject may request from the controller access, rectification, erasure or restriction of personal data relating to him or her, and • the data subject has the right to data storage and the withdrawal of consent at any time. 6. Data subjects may initiate access, deletion, modification, or limitation of the handling of personal data, and the portability of data in the following:
7. Legal basis for data processing: Article 6 (1) (b) of the GDPR.
8. Please note that:
1. The fact of data collection, the range of data processed and the purposes of data processing:
Personal Data | Purpose of data processing |
Name | Identification |
E-mail address | Contact, sending answer messages |
Phone number | Contact |
Content of the message | It is necessary for answering |
Date of contact | Performing a technical operation |
IP address at contact date | Performing a technical operation |
The email address does not need to contain personal information.
2. Affected: All concerned who are sending a message to the email address specified on the website.
3. Duration of data processing, deadline for deletion of data: If any of the conditions of Article 17 (1) of the GDPR exists, until the request for cancellation of the data subject.
4. Identity of potential data controllers authorized to access the data, recipients of personal data: Personal data may be handled by authorized personnel of the Controller in accordance with this Policy.
5. Description of the data subjects’ rights to data processing: • The data subject may request from the controller access, rectification, erasure or restriction of personal data relating to him or her, and • the data subject has the right to data storage and the withdrawal of consent at any time.
6. Data subjects may initiate access, deletion, modification, or limitation of the handling of personal data, and the portability of data in the following:
7. Legal basis for data processing: consent of the data subject, Article 6 (1) (a) (b) and (c). If you contact us, you agree that we will treat your personal data (name, phone number, email address) as provided in this Policy.
8. Please note that
1. The fact of data collection, the range of data processed and the purposes of data management:
Personal data | Purpose of data processing |
Name, e-mail, phone number | Contact, identification, fulfillment of contracts, business purpose. |
2. Affected: All those involved in contact with the data controller by phone / e-mail / personally or in contractual relationship.
3. Duration of data processing, deadline for deletion of data: Data processing lasts until the legal relationship between the data controller and the data subject is terminated, or in the case of a contractual relationship, until the expiry of the civil law limitation period. 4. Identity of potential data controllers authorized to access the data, recipients of personal data: Personal data may be handled by authorized personnel of the Controller in accordance with this Policy. 5. Description of the data subjects’ rights to data processing: • The data subject may request from the controller access, rectification, erasure or restriction of personal data relating to him or her, and • the data subject has the right to data storage and the withdrawal of consent at any time.
6. Data subjects may initiate access, deletion, modification, or limitation of the handling of personal data, and the portability of data in the following:
7. Legal basis for data processing: 7.1. GDPR Article 6 (1) (b) and (c). 7.2. In the event of the claim arising from the contract, Act V of 2013 on the Civil Code 6:21. § 5 years. 6:22. § [Limitation] (1) Except as otherwise provided in this Act, claims shall expire in five years. (2) The limitation period begins when the claim becomes due. (3) An agreement to change the limitation period shall be in writing. (4) The limitation period is null and void.
· Data management is necessary for the performance of the contract and the offer.· is obliged to provide personal information so that we can fulfill your order / other request.· Failure to provide data has the consequence that we are unable to process your order / request.
DATA PROCESSORS Hosting provider 1. Activity performed by data processor: Hosting service 2. Name and contact details of the data processor: Name: DotRoll Kft. Address: 1148 Budapest, Fogarasi út 3-5. Availability: support@dotroll.com, + 36-1-432-3232 3. The fact of data management, the range of data processed: All personal data provided by the data subject.
1. Activity performed by data processor: Bookkeeping services 2. Name and contact details of the data processor:
Name: Arany Marna Könyvelde Kft.
Address: 1118 Budapest, Radóc u. 15.
VAT number: 12902686-2-43
E-mail: konyvelde@aranymarna.hu
3. The fact of data management, the range of data processed: name, billing name, billing address
7. Legal basis for data processing: Article 6 (1) (f) of the GDPR, and CVIII of 2001 on certain aspects of electronic commerce and information society services Act 13 / A. (3).
Name: PayPal
Address: 2211 North First Street, San Jose, California, USA
Web: www.paypal.com
Privacy Policy: https://www.paypal.com/hu/webapps/mpp/ua/privacy-full
7. Legal basis for data processing: Article 6 (1) (b) of the GDPR. The legal basis is required for online payment at the request of the data subject. 8. Rights of the concerned:
4. The fact of data collection, the range of data processed and the purposes of data management:
Personal data | Purpose of data management |
Name, e-mail address | Identification, enabling subscription to newsletter. |
Time of subscription | Performing a technical operation |
IP address of the subscription | Performing a technical operation |
· The data subject may request from the controller access, rectification, erasure or restriction of personal data relating to him or her, and · protest against the processing of personal data and· the data subject has the right to data storage and the withdrawal of consent at any time.
10. Data subjects may initiate access, deletion, modification, or limitation of the handling of personal data, and the portability of data in the following:
The advertiser, the advertising service provider, or the publisher of the advertisement, keeps a record of the personal data of the persons making the declaration that contributes to them, as defined in the consent. The data contained in this register, relating to the recipient of the advertisement, may only be handled in accordance with the consent statement until it is revoked and transferred to third parties only with the prior consent of the person concerned.
1. The fact of data collection, the range of data processed and the purposes of data management:
Personal Data | Purpose of data management |
Surname and last name | Identification, contact |
E-mail address | Contact |
Phone number | Contact |
Billing name and address | Identification, handling of complaints, issues and questions about the ordered products. |
· The data subject may request from the controller access, rectification, erasure or restriction of personal data relating to him or her, and· the data subject has the right to data storage and the withdrawal of consent at any time. 6. Data subjects may initiate access, deletion, modification, or limitation of the handling of personal data, and the portability of data in the following:
RIGHTS OF INTERESTED PARTIES
You are entitled to receive feedback from the Data Controller about whether your personal data is being processed and, if such data is being processed, to have access to the personal data and information listed in the Regulation.
You have the right to rectify the inaccurate personal data relating to it without undue delay upon request. Taking into account the purpose of data management, you are entitled to request the supplementation of incomplete personal data, including by means of a supplementary declaration.
You are entitled to delete the personal data relating to it from your controller at your request without undue delay, and the Data Controller is obliged to delete your personal data without undue delay under certain conditions.
If the controller has disclosed personal data and is obliged to delete it, it will take reasonable steps, including technical measures, to take into account the technology and implementation costs available to inform data controllers that you have requested the delete of links contained personal data or duplums of these personal data.
You are entitled to limit, upon request, the processing of data by the controller if any of the following conditions is met:
You are entitled to receive the personal data relating to it from a data controller, in a distributed, widely used, machine-readable format, and is entitled to forward this data to another data controller without being hampered by the controller whose provided personal information to you (…)
In the case of data processing based on legitimate interest or on grounds of public authority, you have the right to object (at any time) to the processing of your personal data, including profiling based on those provisions, for reasons related to your own situation.
If personal data is processed for the purpose of direct marketing, you are entitled to protest at any time against the processing of personal data relating to it, including profiling, if it is related to direct marketing. If you object to the processing of personal data for the purpose of direct marketing, then personal data may no longer be processed for this purpose.
You are entitled to exclude from the scope of a decision based solely on automated data management, including profiling, that would have legal effect on it or would be substantially affected by it.
The previous paragraph does not apply if the decision:
The controller shall inform you without undue delay, but in any case within 1 month of receipt of the request, of the action taken on those requests.
If necessary, it can be extended by 2 months. The controller shall inform you of the extension of the deadline by indicating the reasons for the delay within 1 month of receipt of the request.
If the data controller fails to take action following your request, he or she will inform you without delay, but at the latest within one month of receipt of the request, of the reasons for not taking the action, and whether you may lodge a complaint with a supervisory authority and have the right of appeal.
SECURITY OF DATA MANAGEMENT
The controller and data processor shall implement appropriate technical and organizational measures to take account of the state of science and technology and the costs of implementation, taking into account the nature, scope, circumstances and objectives of data management and the risk to the rights and freedoms of natural persons. to guarantee a level of data security appropriate to the level of risk, including, inter alia, where applicable:
(a) the personalization and encryption of personal data;
(b) ensuring the continuing confidentiality, integrity, availability and resilience of the systems and services used to process personal data;
(c) in the event of a physical or technical incident, the ability to recover access to and availability of personal data in a timely manner;
(d) a procedure for the regular testing, assessment and evaluation of the effectiveness of technical and organizational measures taken to ensure the security of data management.
If the personal data breach is likely to pose a high risk to the rights and freedoms of natural persons, the data controller shall inform the data subject of the personal data breach without undue delay.
The information provided to the data subject shall clearly describe the nature of the personal data breach and the name and contact details of the data protection officer or other contact person providing further information; the likely consequences of a personal data breach must be explained; the measures taken or planned by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences arising from the personal data breach.
The data subject need not be informed if any of the following conditions are met:
If the data controller has not yet notified the data subject of the personal data breach, the supervisory authority, after considering whether the personal data breach is likely to pose a high risk, may order the data subject to be informed.
NOTIFICATION OF A PERSONAL DATA BREACH TO THE AUTHORITY
The personal data breach shall be notified by the controller without undue delay and, if possible, not later than 72 hours after the personal data breach has come to the attention of the supervisory authority pursuant to Article 55, unless the personal data breach is unlikely to pose a risk to the rights of natural persons. and freedoms. If the notification is not made within 72 hours, it shall be accompanied by the reasons justifying the delay.
COMPLAINT OPPORTUNITY
Complaint against a possible violation of data controller by the National Authority for Data Protection and Freedom of Information:
National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mail address: 1530 Budapest, Postafiók: 5.
Phone: +36-1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
This policy based on the following :
– Protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (2016) April 27)
– CXII of 2011 Act on Information Self-Determination and Freedom of Information (hereafter: Infotv.)
– CVIII of 2001 Act on certain aspects of electronic commerce services and information society services (in particular Section 13 / A)
– 2008 XLVII. Act on the Prohibition of Unfair Commercial Practices against Consumers;
– 2008 XLVIII. Act – on the basic conditions and certain limitations of economic advertising (in particular Section 6)
– 2005 XC. Act on Electronic Information Freedom
– Act C of 2003 on Electronic Communications (specifically §155)
– 16/2011. s. Opinion on the EASA / IAB Recommendation on Best Practice for Behavioral Online Advertising
– Recommendation of the National Authority for Data Protection and Freedom of Information on Preliminary Information Privacy Requirements
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46