PRIVACY POLICY
on the rights of the data subject natural person
During the performance of the Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information and the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (GDPR, 27 April 2016) on the protection of natural persons with regard to the processing of personal data, we hereby inform you about the data processing of our Company:
1. Definitions in the privacy policy:
2. ‘personal data’ : means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
3. ‘processing’: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
4. ‘controller’ : means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
5. ‘processor’ : means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
6. ‘consent’ : of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
7. ‘personal data breach’ : means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
8. ‘right to preliminary information’ means that the data subject shall have the right to receive information with regard to the facts and information related to the processing prior to the commencement of the processing.
9. ‘Right of access of the data subject’ means that the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the related information defined in the Regulation.
10. ‘Right to rectification’ means that the data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement
11. ‘Right to erasure (‘right to be forgotten’)’ means that the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds determined in the Regulation applies.
12. ‘Right to data portability’ means that with the conditions stipulatd by the Regulation, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
13. ‘Communication of a personal data breach to the data subject’ means that when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
14. ‘Right to lodge a complaint with a supervisory authority (right to appeal before authority)’ means that every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
2. Legal basis of the data processing related to services contract:
2.1. Data processing based on law
- Data processing regarding registration and data service obligation,
2.2. Data processing based on legitimate interest
- Internal regulation
2.3. Data processing based on consent
- Services agreement
3. Processing of the data of the contractual partners - registry of the customers and suppliers
With the legal title of the performance of a contract, our Company processes the data of its contractual partners (buyers, suppliers) regarding the conclusion, the performance and the termination of the contract or to provide discounts.
3.1. Processing of the data of contractual partners
Scope of data providers, | delivered data |
Period of data processing |
|
|
||||||
Customers, clients |
- Name - Contact person - Home address - Phone number - E-mail address |
|
|
For the performance of the work determined in the contract, until the period open for legal remedy and during the period stipulated by law, |
|
|
||||
Subcontractors, suppliers |
- Name - Registered seat - Bank account number - VAT number - Name of the representative - Contact person - Phone number, fax number - E-mail address |
|
|
For the performance of the work determined in the contract, until the period open for legal remedy and during the period stipulated by law. |
|
|
4. For the processing of the requests of the data subject, intervention obligation
4.1. Measures on the basis of the request of the data subject
Our company, as data controller shall notify the data subject without undue delay, but within one month after the receipt of the request by all means, about the measures taken concerning his/her request on exercising his/her rights. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The data controller shall notify the data subject within one month after the receipt of the request about the prolongation of the deadline, by indicating the reasons of the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
4.2. If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
4.3. Our company, as data controller provides the information according to the articles 13 and 14 of the Regulation, the notification on the rights of the data subject (articles 15-22 and 34 of the Regulation) and the measures free of charge. Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either charge a fee of 6,350 HUF taking into account the administrative costs of providing the information or communication or taking the action requested or refuse to act on the request. The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.
4.4. Where our Company, as the controller has reasonable doubts concerning the identity of the natural person making the request, the controller may request the provision of additional information necessary to confirm the identity of the data subject.
Budapest, 22nd May 2018
RÉVÉSZ Bálint
chief executive officer