choose language:

Privacy policy

II.NAME OF DATA CONTROLLER

 

Data controller

Company name: Professional Roof Limited Liability Company (hereinafter: Company)

Abbreviated name: Profi Tető Kft.

Headquarters: 7400 Kaposvár, MÁV Freight Station

Tax number: 13701787-2-14 ( Community tax number: HU13701787)

Company registration number: 14-09-306815

European unique identifier:

These Regulations contain the internal rules of the Company’s data management activities REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL – on the protection of individuals with regard to the processing of personal data and for the purpose of free compliance with such data is. The data controller publishes the information related to data management on the website www.profiteto.hu.

 

II.NAME OF DATA PROCESSORS

Data controller: any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller; (Article 4 (8) of the Regulation)

 

The use of a data processor does not require the prior consent of the data subject, but requires his or her information. Accordingly, we provide the following information:

 

  1. Our company’s IT service provider

Our company uses a data processor to maintain and manage its website, which provides IT services (hosting services) and, within the framework of our contract with it, handles the personal data provided on the website, the operation performed by which is the storage of personal data on the server.

The name of this data processor is as follows:

Name: József Veres

Address: 4440. Tossavasvári, Kossuth utca 18.

Phone: 06 (30) 939 0943

E-mail: tarhely@netmetro.hu

Tax number: 66136523-1-35

Registration number: 320426687

 

  1. Postal services, delivery, parcel delivery

 

These data processors receive from our Company the personal data required for the delivery of the ordered product (name, address, telephone number of the person concerned) and use it to deliver the product.

These service providers: Magyar Posta

III. WEBSITE – RELATED DATA MANAGEMENTS

  1. Visitor data management on the Company’s website

(1) Cookies are  short data files placed on the user’s computer by the website you are visiting. The purpose of the cookie is to make the given infocommunication and internet service easier and more convenient. There are many varieties, but they can generally be divided into two major groups. One is a temporary cookie that a website places on a user’s device only during a particular session (e.g., during the security authentication of an Internet banking), and the other type is a persistent cookie (e.g., a website’s language setting) that remains on the computer until the user deletes it. According to the guidelines of the European Commission, cookies [unless they are absolutely necessary for the use of the given service] may only be placed on the user’s device with the user’s permission. 

(2) In the case of cookies that do not require the user’s consent, information shall be provided during the first visit to the website. It is not necessary for the full text of the information on cookies to appear on the website, it is sufficient for the operators of the website to briefly summarize the essence of the information and to indicate the availability of the full information via a link.

(3) In the case of cookies requiring consent, the information may also be related to the first visit to the website in case the data processing related to the use of cookies starts already with the visit to the website. If the use of a cookie is related to the use of a function specifically requested by the user, the information may also be displayed in connection with the use of this function. In this case, it is not necessary for the full text of the information on cookies to appear on the website, a short summary of the essence of the information and a link to the availability of the full information is sufficient.

 

  1. Information on the use of cookies

 

(1) In accordance with the general Internet practice, our Company also uses cookies on its website. A cookie is a small file that contains a series of characters that is placed on a visitor’s computer when it visits a website. When you revisit a website, the cookie allows the website to recognize the visitor’s browser. Cookies can also store user settings (eg selected language) and other information. Among other things, they collect information about the visitor and his device, memorize the visitor’s individual settings, they can be used e.g. when using online shopping carts. 

Cookies generally facilitate the use of the website, help the website provide a real web experience for users and provide an effective source of information, and ensure that the website operator monitors the operation of the website, prevents abuse and ensures the smooth and appropriate quality of the website.

(2) The website of our company records and manages the following data about the visitor and the device used for browsing when using the website:
• IP address used by the visitor,
• type of browser,
• operating system characteristics of the device used for browsing (set language) ,
• the date of
the visit, • the (sub) page, function or service you are visiting.

(3) Acceptance and authorization of the use of cookies is not mandatory. You can reset your browser to reject all cookies or to indicate when a cookie is being sent. Although most browsers automatically accept cookies by default, they can usually be changed to prevent automatic acceptance and offer a choice each time.

For information about cookie settings for the most popular browsers, visit the following links
: • Google Chrome:  https://support.google.com/accounts/answer/61416?hl=en
• Firefox:  https://support.mozilla.org/en/kb/sutik -autenelyezese-es-disable-what-web-pages
• Microsoft Internet Explorer 11:  http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11
• Microsoft Internet Explorer 10:  http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
• Microsoft Internet Explorer 9:  http://windows.microsoft. com / en-us / internet-explorer / delete-manage-cookies # ie = ie-9
• Microsoft Internet Explorer 8: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-8
• Microsoft Edge:  http://windows.microsoft.com/en-us/windows-10 / edge-privacy-faq
• Safari:  https://support.apple.com/en-us/HT201265

However, please note that certain website features or services may not work properly without cookies.

(4) The cookies used on the website are not in themselves suitable for identifying the user.

( 5) Cookies used on the company’s website:

  1. Technically essential session cookies

These cookies are necessary for visitors to browse the website, to use its functions smoothly and fully, and to use the services available on the website, including, but not limited to, memorizing the visitor’s actions on those pages during a visit. The duration of the processing of these cookies only applies to the current visit of the visitor, this type of cookies is automatically deleted from your computer when the session is closed or the browser is closed.

The managed data set: AVChatUserId, JSESSIONID, portal_referer.

The legal basis for this data processing is the CVV of 2001 on certain issues of electronic commerce services and information society services. Act (Elkertv.) 13 / A. § (3).

The purpose of data management is to ensure the proper functioning of the website.

 

  1. Cookies requiring consent:

These allow the Company to remember the user’s choices regarding the Website. The visitor may prohibit this data processing at any time before and during the use of the service. This data may not be linked to the user’s identification data and may not be passed on to third parties without the user’s consent.

 2.1. Promotional cookies:

The legal basis for data management is the consent of the visitor.

The purpose of data management: To increase the efficiency of the service, to increase the user experience, and to make the use of the website more convenient.

The duration of data management is 6 months.

2.2. Performance cookies:

Google Analytics Cookies – Learn more here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Google AdWords Cookies – Learn Here:

https://support.google.com/adwords/answer/2407785?hl=en_US

  1. Registration on the Company’s website

1. The natural person registering on the website may consent to the processing of his or her personal data by ticking the appropriate box. It is forbidden to check the box in advance

(2) The scope of personal data that can be processed: the name (surname, first name), address, telephone number, e-mail address and online ID of the natural person.

(3) The purpose of the processing of personal data is:

  1. Fulfillment of the services provided on the website.
  2. Contact by electronic, telephone, SMS, and mail inquiry.
  3. Information about the Company’s products, services, contract terms and promotions.
  4. Advertising items may be sent electronically and by post during the information period.
  5. Website usage analysis.

(4) The legal basis for data processing is the consent of the data subject.

(5) Recipients of personal data and categories of recipients: employees of the Company performing tasks related to customer service and marketing activities, employees of the Company’s IT service provider performing hosting services as data processors.

(6) Duration of storage of personal data: until the registration / service exists or the data subject’s consent is revoked (request for cancellation).

 

  1. Data management related to newsletter service

(1) A natural person who registers for the newsletter service on the website may consent to the processing of his or her personal data by ticking the appropriate box. It is forbidden to check the box in advance. The data subject may unsubscribe from the newsletter at any time by using the “Unsubscribe” application of the newsletter, or by making a written or e-mail statement, which means that the consent has been revoked. In this case, all data of the subscriber must be deleted immediately. The text of the information to be placed on the newsletter subscription page is contained in Annex 7 to these Regulations.

(2) The scope of personal data that can be processed: the name (surname, first name) and e-mail address of the natural person.

(3) The purpose of the processing of personal data is:

  1. Sending a newsletter on the Company’s products and services
  2. Sending advertising material

(4) Legal basis for data processing: consent of the data subject.

(5) Recipients of personal data and categories of recipients: employees of the Company performing tasks related to customer service and marketing activities, employees of the Company’s IT service provider as data processor for the purpose of providing hosting services,

(6) Duration of storage of personal data: until the existence of the newsletter service or the withdrawal of the data subject’s consent (request for cancellation).

  1. Community Guidelines / Data Management on the Company’s Facebook Page

(1) The Company maintains a Facebook page for the purpose of introducing and promoting its products and services.

(2) A question over the Company’s Facebook page does not qualify as an officially filed complaint. 

(3) The Company does not process the personal data published by the visitors on the Company’s Facebook page.

(4) Visitors are governed by the Facebook Privacy and Service Terms.

(5) In the event of the publication of illegal or offensive content, the Company may exclude the data subject from the membership or delete its comments without prior notice.

(6) The Company is not responsible for any data content or comments that violate the law published by Facebook users. The Company shall not be liable for any errors, malfunctions or changes in the operation of the system resulting from the operation of Facebook.

  1. Data management in the Company’s web store

(1) The purchase in the webshop operated by the Company qualifies as a contract, subject to the provisions of Act CVIII of 2001 on certain issues of electronic commerce services and information society services. § 13 / A of Act No. 45/2014 Coll., on the detailed rules of contracts between the consumer and the business. (II. 26.) Government Decree. In the case of a purchase in a web store, the title of the data management is the contract.

(2) The Company may manage the natural personal identification data required for the identification of the customer registering in the web store in order to establish the contract for the provision of the information society service, determine its content, amend it, monitor its fulfillment, invoice the resulting fees and enforce the related claims. and address in accordance with CVIII. Act 13 / A (1) of the Act, as well as the telephone number, e-mail address, bank account number and online ID of the consent.

(3) For the purpose of invoicing, the Company may manage the natural personal identification data and address related to the use of the information society-related service, as well as the data on the date, duration and place of the use of the service, in accordance with CVIII of 2001. Act 13 / A (2) of the Act.

(4) Recipients of personal data and categories of recipients: employees of the Company performing customer service and marketing activities, employees of the Company performing tax and accounting tasks of the Company, employees of the Company’s IT service provider for the purpose of fulfilling tax and accounting obligations; for the purpose of providing hosting services, the courier service employees regarding the delivery data (name, address, telephone number).

(5) Duration of the processing of personal data: until the existence of the registration / service or the withdrawal of the data subject’s consent (request for cancellation), in the case of a purchase, for 5 years after the year of purchase.

 

  1. Data management related to the organization of gift raffles

 

(1) If the company organizes a gift draw (Section 23 of Act XXXIV of 1991), it may manage the name, address, telephone number, e-mail address and online ID of the natural person concerned with its consent. Participation in the game is voluntary. 

(2) The purpose of the processing of personal data: to determine and notify the winner of the prize draw, to send the prize. Legal basis for data processing: consent of the data subject.

(3) Recipients of personal data and categories of recipients: employees of the Company performing customer service tasks, employees of the Company’s IT service provider providing server services as data processors, and employees of courier services.

(4) Duration of storage of personal data: until the end of the gift classification.

 

ARC. LEGAL OBLIGATIONS

  1. Data management for tax and accounting purposes

(1) The Company manages the data of natural persons entering into business relations with it as a customer or supplier for the purpose of fulfilling the tax and accounting obligations (accounting, taxation) prescribed by law. The managed data are subject to the provisions of Act CXXVII of 2017 on Value Added Tax. TV. Pursuant to § 169 and § 202, in particular: tax number, name, address, tax status, pursuant to § 167 of Act C of 2000 on Accounting: name, address, designation of the person or organization ordering the economic operation , the signature of the person issuing the voucher and certifying the implementation of the provision and, depending on the organization, the inspector; the signature of the recipient on the receipts of stock movements and the cash management receipts, the signature of the payer on the counter-receipts, CXVII of 1995 on personal income tax. according to the law:

(2) The period of storage of personal data is 8 years after the termination of the legal relationship giving rise to the legal basis.

(3) Recipients of personal data: employees and data processors of the Company performing tax, accounting, payroll and social security tasks.

V. RIGHTS OF THE PERSON CONCERNED

  1. The rights of the data subject are the rights of an individual

11.1. Right to prior information

The data subject shall have the right to be informed of the facts and information relating to the processing prior to the commencement of the processing.

  1. A) Information to be provided if personal data are collected from the data subject
  1. If personal data concerning the data subject are collected from the data subject, the controller shall provide the data subject with all of the following information at the time the personal data are obtained:
  2. (a) the identity and contact details of the controller and, if any, of the controller ‘s representative;
  3. (b) the contact details of the Data Protection Officer, if any;
  4. (c) the purpose of the intended processing of the personal data and the legal basis for the processing;
  5. (d) in the case of data processing based on Article 6 (1) (f) of the Regulation (legitimate interest), the legitimate interests of the controller or of a third party;
  6. (e) where applicable, the recipients or categories of recipients of the personal data, if any;
  7. (f) where applicable, the fact that the controller intends to transfer the personal data to a third country or international organization and the existence or absence of a Commission decision on adequacy, or Articles 46, 47 or 49 (1) of the Regulation. in the case of the data transmission referred to in the second subparagraph of
  8. In addition to the information referred to in point 1, the controller shall provide the data subject with the following additional information at the time the personal data are collected, in order to ensure fair and transparent processing of the data:
  9. (a) the period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
  10. (b) the data subject’s right to request the controller to access, rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data and the data subject’s right to data portability;
  11. (c) the right to withdraw consent at any time in the case of data processing based on Article 6 (1) (a) (consent of the data subject) or Article 9 (2) (a) (consent of the data subject) of the Regulation which does not affects the lawfulness of data processing carried out on the basis of consent prior to withdrawal;
  12. (d) the right to lodge a complaint with the supervisory authority;
  13. (e) whether the provision of personal data is based on law or a contractual obligation or a precondition for the conclusion of a contract, whether the data subject is obliged to provide personal data and the possible consequences of not providing such data;
  14. (f) the fact of the automated decision-making referred to in Article 22 (1) and (4) of the Regulation, including profiling, and, at least in those cases, comprehensible information on the logic used and the significance of such processing for the data subject. what are the expected consequences.
  15. If the controller intends to carry out further processing of personal data for a purpose other than that for which they were collected, it shall inform the data subject of that different purpose and of any relevant additional information referred to in paragraph 2 before further processing.
  16. 1-3. points shall not apply if and to the extent that the data subject already has the information.

(Article 13 of the Regulation)

 

  1. B) Information to be provided if personal data have not been obtained from the data subject

 

  1. If the personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information:
  2. (a) the identity and contact details of the controller and, if any, of the controller ‘s representative;
  3. (b) the contact details of the Data Protection Officer, if any;
  4. (c) the purpose of the intended processing of the personal data and the legal basis for the processing;
  5. (d) the categories of personal data concerned;
  6. (e) the recipients or categories of recipients of the personal data, if any;
  7. (f) where applicable, the fact that the controller intends to transfer personal data to a recipient in a third country or to an international organization, and the existence or absence of a Commission decision on adequacy, or Articles 46, 47 or 49 of the Regulation. In the case of the transmission referred to in the second subparagraph of Article 1 (1), an indication of the appropriate and suitable guarantees and a reference to the means of obtaining or obtaining a copy of them.
  1. In addition to the information referred to in point 1, the controller shall provide the data subject with the following additional information necessary to ensure fair and transparent data processing for the data subject:
  2. (a) the period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
  3. (b) where the processing is based on Article 6 (1) (f) of the Regulation (legitimate interest), the legitimate interests of the controller or of a third party;
  4. (c) the data subject’s right to request the controller to access, rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of personal data, as well as the data subject’s right to data portability;
  5. (d) in the case of data processing based on Article 6 (1) (a) (consent of the data subject) or Article 9 (2) (a) of the Regulation (data subject’s consent), the right to withdraw the consent at any time which does not affects the lawfulness of data processing carried out on the basis of consent prior to withdrawal;
  6. (e) the right to lodge a complaint with a supervisory authority;
  7. (f) the source of the personal data and, where applicable, whether the data come from publicly available sources; and
  8. (g) the fact of the automated decision-making referred to in Article 22 (1) and (4) of the Regulation, including profiling, and, at least in those cases, comprehensible information on the logic used and the significance of such processing for the data subject. what are the expected consequences.
  9. The controller shall provide the information referred to in points 1 and 2 as follows:
  10. (a) within a reasonable time, taking into account the specific circumstances of the processing of personal data, but no later than one month;
  11. (b) if the personal data are used for the purpose of contacting the data subject, at least at the time of the first contact with the data subject; obsession
  12. (c) if the data are expected to be communicated to another recipient, at the latest when the personal data are first communicated.
  13. If the controller intends to carry out further processing of personal data for a purpose other than that for which they were obtained, it shall inform the data subject of this different purpose and of any relevant additional information referred to in point 2 before further processing.
  14. 1-5. shall not apply if and to the extent that:
  15. (a) the data subject already has the information;
  16. (b) the provision of such information proves impossible or would involve a disproportionate effort, in particular for data processing for public archival, scientific and historical research or statistical purposes, subject to the conditions and guarantees provided for in Article 89 (1) of the Regulation, or where the obligation referred to in paragraph 1 of this Article would be likely to make impossible or seriously jeopardize the achievement of the purposes of such processing.

In such cases, the controller shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including making the information publicly available;

  1. (c) the acquisition or disclosure of the data is expressly provided for by Union or Member State law applicable to the controller, which provides for appropriate measures to protect the legitimate interests of the data subject; obsession
  2. (d) personal data must remain confidential under an obligation of professional secrecy imposed by a law of the Union or of a Member State, including a legal obligation of professional secrecy.

(Article 14 of the Regulation)

11.2. The data subject ‘s right of access

  1. The data subject has the right to receive feedback from the Data Controller as to whether the processing of his / her personal data is in progress and, if such data processing is in progress, he / she has the right to access the personal data and the following information:
  2. (a) the purposes of the processing;
  3. (b) the categories of personal data concerned;
  4. (c) the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third country recipients or international organizations;
  5. (d) where applicable, the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
  6. (e) the right of the data subject to request the controller to rectify, erase or restrict the processing of personal data concerning him or her and to object to the processing of such personal data;
  7. (f) the right to lodge a complaint with a supervisory authority;
  8. (g) if the data were not collected from the data subject, all available information on their source;
  1. (h) the fact of the automated decision-making referred to in Article 22 (1) and (4) of the Regulation, including profiling, and, at least in those cases, comprehensible information on the logic used and the significance of such processing and on the data subject. the expected consequences.
  1. Where personal data are transferred to a third country or to an international organization, the data subject shall be entitled to be informed of the appropriate guarantees regarding the transfer in accordance with Article 46 of the Regulation.
  1. The Data Controller shall make a copy of the personal data subject to data processing available to the data subject. The Data Controller may charge a reasonable fee based on administrative costs for additional copies requested by the data subject.

Where the data subject has submitted the request by electronic means, the information shall be provided in a widely used electronic format, unless the data subject requests otherwise. The right to request a copy shall not adversely affect the rights and freedoms of others.

(Article 15 of the Regulation)

11.3. Right to rectification

The data subject has the right to have inaccurate personal data concerning him / her rectified at his / her request without undue delay. Taking into account the purpose of the data processing, the data subject has the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement. (Article 16 of the Regulation).

 

11.4. Right of cancellation (“right to be forgotten”)

  1. The data subject shall have the right to delete personal data concerning him or her without undue delay upon request, and the data controller shall be obliged to delete personal data concerning him or her without undue delay if any of the following reasons exist:
  2. (a) personal data are no longer required for the purpose for which they were collected or otherwise processed;
  3. (b) the data subject withdraws his or her consent under Article 6 (1) (a) or Article 9 (2) (a) of the Regulation and there is no other legal basis for the processing;
  4. (c) the data subject objects to the processing pursuant to Article 21 (1) of the Regulation and there is no overriding legitimate reason for the processing or the data subject objects to the processing pursuant to Article 21 (2);
  5. (d) personal data have been processed unlawfully;
  6. (e) personal data must be deleted in order to fulfill a legal obligation to which the controller is subject under applicable Union or Member State law;
  7. (f) personal data have been collected in connection with the provision of information society services referred to in Article 8 (1) of the Regulation.
  8. If the Data Controller has disclosed personal data and is required to delete it pursuant to paragraph 1 above, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the Data Controllers that the data the data subject has requested that the links to the personal data in question or a copy or duplicate of such personal data be deleted.
  1. Points 1 and 2 shall not apply if the processing is necessary:
  2. (a) for the purpose of exercising the right to freedom of expression and information;
  3. (b) to fulfill an obligation under Union or Member State law applicable to the controller to process personal data or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
  4. (c) on grounds of public interest in the field of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) of the Regulation;
  5. (d) in accordance with Article 89 (1) of the Regulation, for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes, where the processing referred to in point 1 is likely to make such processing impossible or seriously jeopardize; obsession
  6. e) to file, enforce or defend legal claims.

(Article 17 of the Regulation)

11.5. Right to restrict data processing

  1. The data subject has the right, at the request of the Data Controller, to restrict the data processing if one of the following is met:
  2. (a) the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period which allows the Data Controller to verify the accuracy of the personal data;
  3. (b) the processing is unlawful and the data subject opposes the erasure of the data and instead requests that their use be restricted;
  4. c) the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims; obsession
  5. (d) the data subject has objected to the processing in accordance with Article 21 (1) of the Regulation; in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the data subject.
  1. Where the processing is subject to a restriction pursuant to paragraph 1, such personal data shall be excluded from storage only with the consent of the data subject or for the purpose of claiming, enforcing or protecting legal claims or protecting the rights of another natural or legal person or the Union or a Member State. important public interest.
  2. The Data Controller, at whose request the data processing has been restricted pursuant to point 1, shall inform the data subject in advance of the lifting of the data processing restriction.

(Article 18 of the Regulation)

11.6. Obligation to notify the rectification or erasure of personal data or the restriction of data processing

The Data Controller shall inform all recipients to whom the personal data have been communicated of any rectification, erasure or restriction of data processing, unless this proves impossible or requires a disproportionate effort. Upon request, the Data Controller shall inform the data subject of these recipients.

(Article 19 of the Regulation)

11.7. The right to data portability

  1. The data subject shall have the right to receive personal data concerning him or her made available to a Data Controller in a structured, widely used machine-readable format and to transfer such data to another Data Controller without being hindered by the Data Controller whose provided personal data if:
  2. (a) the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the Regulation or on a contract pursuant to Article 6 (1) (b); and
  3. (b) the processing is carried out in an automated manner.
  1. When exercising the right to data portability in accordance with point 1, the data subject shall have the right, if technically feasible, to request the direct transfer of personal data between Data Controllers.
  1. The exercise of this right shall be without prejudice to Article 17 of the Regulation. That right shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
  1. The right referred to in paragraph 1 shall be without prejudice to the rights and freedoms of others.

(Article 20 of the Regulation)

 

11.8. Right to protest

  1. The data subject has the right to object at any time for reasons related to his / her situation to Article 6 (1) (e) of the Regulation (necessary for the performance of a task in the public interest or in the exercise of public authority). necessary for the legitimate interests of the Data Controller or a third party), including profiling based on those provisions.

In this case, the Data Controller may not further process the personal data, unless the Data Controller demonstrates that the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which are necessary to bring, enforce or protect legal claims. are related.

  1. Where personal data are processed for the purpose of direct business acquisition, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for that purpose, including profiling, in so far as it relates to direct business acquisition.
  1. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for that purpose.
  1. The right referred to in points 1 and 2 shall be expressly brought to the attention of the data subject at the latest at the time of first contact and shall be displayed in a clear manner and separate from any other information.
  1. In connection with the use of information society services and by way of derogation from Directive 2002/58 / EC, the data subject may also exercise the right to object by automated means based on technical specifications.
  1. Where personal data are processed for scientific and historical research or statistical purposes in accordance with Article 89 (1) of the Regulation, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her situation, unless data processing is necessary for the performance of a task performed in the public interest.

(Article 21 of the Regulation)

 

11.9. Restrictions

  1. Union or Member State law applicable to the controller or processor may restrict the application of Articles 12 to 22 of the Regulation by legislative measures. Articles 34 and 34 and Articles 12 to 22. the scope of the rights and obligations set out in Article 5 with respect to its provisions in accordance with the rights and obligations set out in Article 5, provided that the restriction respects the essential content of fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society:
  2. (a) national security;
  3. b) national defense;
  4. (c) public security;
  5. (d) the prevention, investigation, detection or prosecution of criminal offenses and the execution of criminal sanctions, including protection against and prevention of threats to public security;
  6. (e) other important general interest objectives of general interest of the Union or a Member State, in particular important economic or financial interests of the Union or a Member State, including monetary, budgetary and fiscal matters, public health and social security;
  7. (f) protection of judicial independence and judicial proceedings;
  8. (g) the prevention, investigation, detection and prosecution of ethical misconduct in the case of regulated professions;
  9. (h) in the cases referred to in points (a) to (e) and (g), an inspection, investigation or regulatory activity connected with the exercise of official authority, even occasionally;
  10. (i) the protection of the data subject or the protection of the rights and freedoms of others;
  11. j) enforcement of civil claims.
  1. The legislative measures referred to in point 1 shall include, as appropriate, detailed provisions on at least:
  2. (a) the purposes of the processing or the categories of processing,
  3. b) the categories of personal data,
  4. c) the scope of the restrictions imposed,
  5. (d) safeguards against abuse or unauthorized access or transmission,
  6. e) to define the Data Controller or to define the categories of Data Controllers,
  7. (f) the duration of the storage and the guarantees to be applied, taking into account the nature, scope and purposes of the processing or categories of processing,
  8. (g) risks to the rights and freedoms of data subjects; and
  9. (h) the right of data subjects to be informed of the restriction, unless this could adversely affect the purpose of the restriction.

(Article 23 of the Regulation)

11.10. Informing the data subject about the data protection incident

  1. If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the Data Controller shall inform the data subject of the data protection incident without undue delay.
  1. The information provided to the data subject referred to in point 1 shall clearly and intelligibly describe the nature of the data protection incident and shall include at least the information and measures referred to in Article 33 (3) (b), (c) and (d) of the Regulation.
  1. The data subject need not be informed as referred to in point 1 if any of the following conditions is met:
  2. (a) the Data Controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular measures such as the use of encryption which make it incomprehensible to persons not authorized to access personal data; make the data;
  3. (b) the Data Controller has taken further measures following the data protection incident to ensure that the high risk to the data subject’s rights and freedoms referred to in point 1 is no longer likely to materialize;
  4. (c) the information would require a disproportionate effort. In such cases, data subjects shall be informed through publicly available information or a similar measure shall be taken to ensure that data subjects are informed in an equally effective manner.
  1. If the Data Controller has not yet notified the data subject of the data protection incident, the supervisory authority may, after considering whether the data protection incident is likely to involve a high risk, order the data subject to be informed or establish that one of the conditions referred to in point 3 is met.

(Article 34 of the Regulation)

11.11. Right to complain to the supervisory authority (right to an official remedy)

  1. Without prejudice to other administrative or judicial remedies, any data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he or she has his or her habitual residence, place of employment or suspected infringement, if the processing of personal data concerning him or her this Regulation.
  2. The supervisory authority to which the complaint has been lodged shall keep the customer informed of the progress of the complaint and of the outcome thereof, including the right of the customer to seek judicial redress under Article 78 of the Regulation.

(Article 77 of the Regulation)

 

11.12. Right to an effective judicial remedy against the supervisory authority

  1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons shall have the right to an effective judicial remedy against a legally binding decision of the supervisory authority.
  2. Without prejudice to other administrative or non-judicial remedies, any data subject shall have the right to an effective judicial remedy if the supervisory authority competent under Article 55 or 56 of the Regulation does not deal with the complaint or does not inform the data subject within three months. procedural developments or the outcome of a complaint lodged pursuant to
  3. Proceedings against the supervisory authority shall be brought before the courts of the Member State where the supervisory authority has its seat.
  1. Where proceedings are instituted against a decision of the supervisory authority in respect of which the Board has previously issued an opinion or decision under the consistency mechanism, the supervisory authority shall send that opinion or decision to the court.

(Article 78 of the Regulation)

 

11.13. Right to an effective judicial remedy against the controller or processor

Any person concerned shall have the right to an effective judicial remedy if he or she considers that his or her rights under this Regulation have been infringed as a result of improper processing of his or her personal data. (Article 79 of the Regulation)

  1. Without prejudice to available administrative or non-judicial remedies, including the right to complain to the supervisory authority under Article 77 of the Regulation, any person concerned shall have the right to an effective judicial remedy if he or she considers that his or her personal data have been infringed in accordance with this Regulation. rights under this Regulation.
  2. Proceedings against the controller or processor shall be brought before the courts of the Member State in which the controller or processor is established. Such proceedings may also be brought before a court of the Member State in which the data subject has his habitual residence, unless the controller or processor is a public authority of a Member State acting in the exercise of its official authority.

(Article 79 of the Regulation)

VI. SUBMISSION OF THE APPLICATION CONCERNED

MEASURES OF THE DATA CONTROLLER

  1. Measures at the request of the data subject

(1) Our Company, as the data controller, shall, without undue delay, but in any case within 30 (thirty) days from the receipt of the request, inform the data subject of the measures taken in response to his / her request to exercise his / her rights.

(2) If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by an additional 60 (sixty) days. The Data Controller shall inform the data subject of the extension of the deadline within 30 (thirty) days from the receipt of the request, indicating the reasons for the delay.

3. Where the application has been submitted by electronic means, the information shall, as far as possible, be provided by electronic means, unless the person concerned requests otherwise.

4. If the Data Controller fails to take action on the data subject’s request, it shall inform the data subject without delay, but no later than one month after receipt of the request, of the reasons for the non-action and of the data subject’s right to appeal to a supervisory authority. right of appeal.

(5) Our Company, as the Data Controller, provides the information pursuant to Articles 13 and 14 of the Decree and the information on the rights of the data subject (Articles 15-22 and 34 of the Decree) and the measure free of charge. If the data subject’s request is manifestly unfounded or, in particular due to its repetitive nature, excessive, the Data Controller shall, taking into account the administrative costs of providing the requested information or action or taking the requested action:

  1. (a) charge a fee in advance, or
  2. (b) refuse to act on the application.

The burden of proving that the request is manifestly unfounded or excessive is on the Data Controller.

(6) If our Company, as the Data Controller, has reasonable doubts regarding the identity of the natural person submitting the application, it may request the provision of additional information necessary to confirm the identity of the data subject.

VII. POSSIBILITY OF ENFORCEMENT RELATED TO DATA MANAGEMENT

  1. Possibility of data management enforcement

In the event of any unlawful data processing that you experience, please notify our company so that the legal status can be restored in a short time. 

If you consider that the legal status cannot be restored, please inform the authority at the following contact details:

National Data Protection and Freedom of Information Authority

Postal address: 1363 Budapest, Pf .: 9.

Address: 1055 Budapest, Falk Miksa utca 9-11. 
Phone: +36 (1) 391-1400 
Fax: +36 (1) 391-1410 
E-mail: ugyfelszolgalat@naih.hu 
URL https://naih.hu 

  1. Legislation underlying data management
  • REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 Data Protection Regulation).
  • – 2011 CXII. Act on the Right to Information Self-Determination and Freedom of Information.
  • Act LXVI of 1995 on Public Documents, Public Archives and the Protection of Private Archival Material. law.
  • 335/2005 on the general requirements for the records management of bodies performing public tasks. (XII. 29.) Government Decree.
  • year CVIII. Act on Certain Issues in Electronic Commerce Services and Information Society Services.
  • Act C of 2006 on Electronic Communications.
back to homepage