1. Purpose of this privacy notice
1.1 Balog Fanni Kitti EV. (hereinafter referred to as the “Data Controller”) shall pay particular attention to act in compliance with the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as the “Information Act”) and other applicable legislation governing the protection of personal data, in accordance with the data protection practices established by the National Authority for Data Protection and Freedom of Information (NAIH) and the Data Protection Commissioner, and taking into account the relevant major international recommendations.
1.2. The Data Controller for itself:
- accepts the contents of this legal notice as binding
- undertakes to ensure that any processing of data relating to its activities complies with the requirements set out in this Policy and in the applicable national legislation and European Union acts
- undertakes to provide the Controller with the personal data provided to it when giving its consent to the processing
to treat the data provided to the controller in accordance with the consent to the processing of personal data provided to the controller
- reserves the right to change this information at any time
1.3 The Data Controller may use any personal data received by the Data Controller under this Policy via the contact form on the website www.szerkobudapest.hu, by telephone or by e-mail for customer relationship management.
1.4 The Data Controller shall store the personal data provided for a maximum period of 1 year from the date of disclosure, after which it shall be permanently deleted.
1.5 If, during the period of data processing, a new request is made to the Data Controller by the customer, the period of data processing shall take effect as from that time, as set out above.
2. Data of the Data Controller
Name: Balog Fanni Kitti
Company’s registered office: 1089 Bp. Üllői út 102
Central telephone number: +36 70 932 4203
Central e-mail address: [email protected]
3. Scope of personal data processed
When contacting us and giving your consent to the processing of your personal data, you are required to provide the following personal data (data marked with * are mandatory):
- Telephone number
- E-mail address
4. Purpose, method and legal basis of processing
4.1 The data processing of the Data Controller’s activities is based on voluntary consent or on legal authorisation. In the case of processing based on voluntary consent, data subjects may withdraw their consent at any time during the processing. In certain cases, the processing, storage and transmission of some of the data provided is required by law and we will inform our customers separately. Please note that if you do not provide your own personal data, it is the responsibility of the data provider to obtain the consent of the data subject.
4.2. Persons entitled to access the data:
- The Data Controller’s manager.
- and the relevant staff of the Data Controller
4.3. The personal data provided will be stored and processed exclusively by the Data Controller and will not be disclosed to third parties, except for compelling legitimate reasons which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
4.4. Its data management principles are in accordance with the applicable data protection legislation, in particular:
- Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.)
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation, GDPR)
- Act V of 2013 on the Civil Code (Civil Code) ● Act C of 2000 on Accounting (Accounting Act)
5. Cookie management
5.1 The system serving the website places a small data package, a so-called cookie, on the user’s computer and reads it back during a subsequent visit in order to provide a personalised service. If the browser returns a previously saved cookie, the cookie management service provider has the possibility to link the user’s current visit to previous visits, but only in respect of its own content.
- store technical data about the website visitor and their devices
- remember the individual preferences of website visitors
- facilitate the use of the website
- provide a quality user experience
5.3 The purpose of session cookies is to allow visitors to browse the website and use all its features fully and as smoothly as possible. A cookie stored in the browser will expire after a maximum of 2 hours by default, but depending on the active use of the website, the system serving the website may renew the expiry date of the cookie.
5.4 The website also uses Google Analytics as a third party cookie. Google Analytics collects information about how visitors use the websites by using its statistical service. The data is used to improve the website and the user experience. These cookies will also remain on the visitor’s computer or other browsing device and browser until they expire or until they are deleted by the visitor.
6. Rights of data subjects and means of enforcement
6.1.The data subject may request information about the processing of his or her personal data, and may request the rectification, erasure or withdrawal of his or her personal data, except for mandatory data processing, and may exercise his or her right to data portability and objection in the manner indicated when the data were collected, or by contacting the Data Controller.
6.2 Right to information
Processing may take place only if the data subject gives his or her freely given, specific, informed and unambiguous consent, in a clear affirmative action, such as a written, including by electronic means, or oral statement, to the processing of personal data concerning the natural person. Consent covers all processing activities carried out for the same purpose or purposes. Where processing is carried out for more than one purpose, consent shall be given for all the purposes for which the processing is carried out. In order for consent to be considered informed, the data subject must at least be aware of the identity of the controller and the purposes for which the personal data are processed. The natural person must be informed of the risks, rules, safeguards and rights associated with the processing of personal data and how to exercise the rights that he or she has in relation to the processing. The Controller should not retain personal data solely for the purpose of responding to possible requests.
6.3. Right of access, rectification and deletion
Natural persons should be transparent about how their personal data relating to them are collected, used, accessed or otherwise processed, and in what context the personal data are or will be processed. All reasonable steps must be taken to correct or delete inaccurate personal data. Personal data must be processed in a manner that ensures an adequate level of security and confidentiality, inter alia, in order to prevent unauthorized access to or use of personal data and the means used to process personal data. The data subject should have the right of access to the data collected concerning him or her and the right to exercise that right easily and at reasonable intervals in order to ascertain and verify the lawfulness of the processing. In particular, the data subject shall have the right to have his or her personal data erased and no longer processed where the collection or other processing of the personal data is no longer necessary in relation to the original purposes of the processing, or where the data subjects have withdrawn their consent to the processing of the data, or where the processing of their personal data otherwise does not comply with the law. Where the data subject submits a request for access or rectification to the controller in writing, including by electronic means, the controller shall provide adequate and comprehensible information within a maximum of one month from the date of the request.
6.4. Right to data retention
The data subject has the right to receive the personal data concerning him or her that he or she has provided to the Data Controller in a structured, commonly used, machine-readable format and to transmit such data to another Data Controller.
6.5 Right to object, right of withdrawal
The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling based on those provisions. The data subject shall have the right to withdraw his or her consent at any time. In the event of objection or withdrawal, the Controller may no longer process the personal data, except on compelling legitimate grounds which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
6.6. Enforcement options
The data subject may exercise his or her enforcement rights before the courts under the provisions of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Infotv.) and Act V of 2013 on the Civil Code (Civil Code Act), and may also seek the assistance of the National Authority for Data Protection and Freedom of Information in any matter concerning the processing of his or her personal data. In case of infringement, the data subject also has the right to judicial remedy. In order to exercise his or her right to judicial remedy in connection with processing operations, the Data Subject may bring an action against the Controller before a court if he or she considers that the Controller or a controller acting on his or her behalf or at his or her instructions is processing his or her personal data in breach of the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union.
Translated with www.DeepL.com/Translator (free version)
6.7. Data protection authority procedure
Name: the National Authority for Data Protection and Freedom of Information Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, PO Box 5.
Phone: +36 (1) 391 1400
Fax: +36 (1) 391 1410
E-mail: [email protected]
7. Other provisions
The Data Controller shall inform the data subject of any processing not listed or detailed in this notice at the time of recording the data. We inform our customers that the court, the prosecutor, the investigating authority, the criminal investigation authority, the administrative authority, the National Authority for Data Protection and Freedom of Information, or other bodies authorized by law may request the Controller to provide information, to disclose data, to transfer data or to provide documents and are obliged to cooperate in providing data. The Data Controller shall disclose to public authorities, provided that the public authority has indicated the precise purpose and scope of the data, personal data only to the extent and to the extent strictly necessary for the purpose of the request.
26 July 2021.