PRIVACY AND DATA PROCESSING POLICY
I. Purpose of the Regulations
The purpose of these Regulations is to set out the data protection and management principles applied by T&V Development Kft. ( 2112 Veresegyház Kútfő utca 49. , Hereinafter: the Company / Data Manager ) and the data protection and management policy, which the Company recognizes as binding on it. In developing these rules, the Company has paid special attention to the provisions of Act CXII of 2011. Act CXIX of 1995 on the right to information self-determination and freedom of information (“Infotv.”). Act VI of 1998 on the management of name and address data for the purpose of research and direct business acquisition; Act XLVIII of 28 January 1981 promulgating the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, Strasbourg, 28 January 1981; Act CVIII of 2001 on Basic Conditions and Certain Restrictions on Economic Advertising, and Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services. The purpose of these Regulations is to ensure that all users of the services available on the Company’s website ensure that their rights and fundamental freedoms, in particular the right to privacy, are respected in the automatic processing of their personal data (data protection).
II. Concept definitions
Personal data or data: data that can be related to a specific natural person (hereinafter: data subject), a conclusion that can be drawn from the data about the data subject. Personal data retains this quality during data processing as long as its connection with the data subject can be re-established;
Data set: the totality of the data managed in one register;
Data management: any operation or set of operations on personal data, regardless of the procedure used, in particular the collection, recording, recording, systematisation, storage, alteration, use, consultation, transmission, disclosure, coordination or linking, blocking, deletion of personal data and destruction and to prevent further use of the data;
Data controller: a natural or legal person who, alone or together with others, determines the purpose of data processing, makes and implements decisions on data processing (including the means used) or implements it with the data processor;
Data processing: the performance of data management operations, technical tasks, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
Data destruction: complete physical destruction of the data carrier;
Data transfer: when the data is made available to a specific third party;
Disclosure: if the data is made available to anyone;
Data processor: a natural or legal person or an organization without legal personality who processes personal data on behalf of the data controller;
Data erasure: making data unrecognizable in such a way that it is not possible to recover it;
Automated data file: a series of data to be processed automatically;
Machine processing: includes the following operations when performed in part or in full by automated means: storage of data, logical or arithmetic operations on data, alteration, deletion, retrieval and distribution of data.
System: a set of technical solutions that operate the pages and services of Data Controllers and their partners available via the Internet.
Customer: the natural person who registers for the use of any service provided by the Data Controller and in the framework of which provides the following III. any of the data listed in point.
III. Scope of personal data processed
3.1 Based on the Client’s decision, the Company may manage the following data in connection with the use of the services provided by the Company:
– surname, first name
– e-mail address, telephone number
ARC. Scope of additional data managed by the Company
4.1 In connection with the establishment and maintenance of the Internet connection, the data of the Customer’s login computer, which is generated during the use of the service and which is recorded by the Data Management System as an automatic result of the technical processes, are technically recorded during the operation of the system. The data that is automatically recorded is automatically logged at the time of entry or exit without the Client’s separate statement or action. This data may not be combined with other personal customer data, except in cases required by law. Only the Data Controller has access to the data.
V. Legal basis, purpose and method of Data Management
5.1 The Data Management is performed on the basis of the Client’s voluntary statement based on appropriate information, which statement contains the Client’s express consent to the use of the personal data provided by the Company during the use of the Company’s services and the personal data generated about it. The legal basis of the Data Management is the Infotv. Section 5 (1) (a) the voluntary contribution of the data subject. Purpose of data management
– proper performance of the contract between the Data Controller and the Client and subsequent proof of the terms of the contract,
– handling of interests, feedback, contact,
5.2 The management of data to be automatically recorded (Section 4.1) is designed for the production of results and technical development of the IT system of the z protect clients’ rights.
5.3 The Data Controller may not use the personal data provided for purposes other than those described in these sections. The release of personal data to third parties or authorities other than those specified in these regulations is possible, unless otherwise required by law, only on the basis of an official decision or with the prior express consent of the Customer.
5.4 The Data Controller does not check the Personal Data provided to him. The person who provided the data is solely responsible for the accuracy of the information provided.
VI. Principles of data management
6.1 Personal data may only be obtained and processed fairly and lawfully.
6.2 Personal data may only be stored for specified and lawful purposes and may not be used in any other way.
6.3 Personal Data must be proportionate to the purpose for which they are stored and must comply with that purpose and must not go beyond that purpose.
6.4 Appropriate security measures shall be taken to protect Personal Data stored in automated data files against accidental or unauthorized destruction or accidental loss, and unauthorized access, alteration or distribution.
VII. Data protection principles applied by the Company
7.1 The Personal Data, which is essential for the use of the Company’s services, is used by the Company with the consent of the data subjects and only for the intended purpose.
7.2 The Company, as the Data Controller, undertakes to transfer the Personal Data in its possession to the Infotv. and in accordance with the data protection principles set out in these Regulations, and shall not transfer them to third parties other than the Data Controllers and Data Processors specified in these Regulations.
An exception to the provision contained in this section is the use of Personal Data in a statistically aggregated form, which may not contain the name of the relevant Customer or other data suitable for identification in any form, thus it does not qualify as Data Management or Data Transfer.
7.3 In certain cases, the Company – official court, police request, legal proceedings due to copyright, property or other infringements or their reasonable suspicion of harming the interests of the Company, endangering the provision of its services, etc. – make the available Personal Data of the relevant Customer available to third parties.
7.4 The Company’s system may collect data on the activities of the Clients, which cannot be linked to other data provided by the Clients, or to data generated when using other websites or services.
7.5 The Client must be informed about the purpose of the Data Management and who will handle and process the data.
7.6 In all cases where the Company intends to use the provided data for a purpose other than the purpose of the original data collection, it shall inform the Customer thereof and obtain its prior express consent, or provide him with the opportunity to prohibit the use.
7.7 The Company, as the Data Controller, observes the restrictions set by law in all cases during the recording, recording and management of Personal Data.
7.8 The Company undertakes to ensure the security of the Personal Data, to take the technical and organizational measures and to establish the procedural rules to ensure that the Personal Data collected, stored or processed is protected and to prevent their destruction, unauthorized use and alteration. It also undertakes to call on any third party to whom it may transfer or transfer Personal Data to fulfill its obligations in this regard.
7.9 The Data Controller shall block the Personal Data if the data subject so requests or if, on the basis of the information available to him or her, it can be assumed that the deletion would harm the data subject’s legitimate interests. Personal Data blocked in this way may only be processed for as long as the purpose of data processing, which precluded the deletion of personal data, exists.
7.10 The affected Customer shall be notified of the rectification, blocking or deletion of the processed Personal Data, as well as all those to whom the data has previously been transmitted for the purpose of Data Management. The notification may be omitted if it does not harm the legitimate interests of the data subject in view of the purpose of the Data Management.
VIII. Duration of Data Management
8.2. Data (4.1), which are automatically and technically recorded during the operation of the system, are stored in the system for a period of time justified from the point of view of ensuring the operation of the system. The data controller shall ensure that this automatically recorded data cannot be linked to other personal customer data, except in cases required by law.
IX. Having personal data
9. 1 The Company does not currently operate a newsletter.
9. 2 The Data Controller deletes the Personal Data within 3 working days from the receipt of the request, after the fulfillment of the request for deletion or modification the previous (deleted) data can no longer be restored.
9. 3 Clients may request information on the handling of their personal data from the Company, as the Data Controller, at any time in writing, by telephone or by e-mail. In addition, a request for information sent by e-mail will be considered authentic by the Data Controller only if it is sent from the registered e-mail address of the Customer. The request for information may cover the Customer’s data managed by the Data Controller, their source, the purpose, legal basis, duration of the Data Management, the names and addresses of any Data Processors, activities related to the Data Management and, if and for what purpose Customer details. 9. 4. The Data Controller is obliged to answer the question related to the Data Management in writing within 30 working days from the receipt. In the case of e-mails, the date of receipt shall be the first working day following dispatch. 9. 5 . The Customer may object to the processing of his personal data. The Data Controller shall examine the protest within 15 days from the receipt of the request, make a decision concerning its validity and inform the Client of its decision in writing. 9. 6. The Customer may request the blocking of his / her managed data. The Data Controller shall block the Customer’s data if the Customer so requests or if, on the basis of the available information, it can be assumed that the deletion would harm the Customer’s legitimate interests. Personal data blocked in this way may only be processed for as long as the purpose of the data processing, which makes the deletion of personal data excluded, exists. 9. 7 . Correction, blocking and deletion of the processed data shall be notified to the Customer and to all data subjects to whom the data has previously been transmitted for data management purposes. If the Data Controller does not fulfill or is unable to fulfill the Customer’s request for rectification, blocking or deletion, it shall notify the factual and legal reasons for rejecting the request for rectification, blocking or deletion in writing within 30 days of receipt of the request.
X. Data processing
10.1 The personal data provided is handled by T&V Development Kft . The managing director of T&V Development Kft. And the customer service staff are entitled to handle the data .
XI. External service providers
11.1 During the use of certain services of the Company, it may also cooperate with external service providers that facilitate registration and entry. (e.g., Facebook Inc., Google Inc., “External Service Provider”) The third-party service providers’ own privacy policies apply to the data provided there.
11.3 of the Company in connection with the operation of certain services, the user -defined Client Personal data pass to an external service provider, but the data transmitted to the external service provider may be used only for the purposes specified in these Rules.
The Company measures the traffic data of the web store using the Google Analytics service . Data is transmitted during the use of the service. The data transmitted are not suitable for identifying the data subject. More information about Google’s privacy practices can be found at https://www.google.com/policies/privacy/ads/
XII. Possibility of data transfer
12.1 The Data Controller is entitled and obliged to transfer all Personal Data in its possession and duly stored by it to the competent authorities, the transmission of which is required by law or a final official obligation. The Data Controller cannot be held liable for such Data Transfer and the consequences thereof.
13.2 By accessing the site, the Customer accepts the provisions of the Data Management Regulations in force at any time, in addition, it is not necessary to seek the consent of each Customer.
XIV. Enforcement options
14.1 Customer may object to the data processing. The Data Controller shall examine the protest within 15 days from its submission, make a decision on the merits of the protest and inform the Client of its decision in writing. In the event of a well-founded protest, the Data Controller shall terminate the data processing, including further data collection and data transfer, and block the data concerned, and notify all persons to whom the data subject of the protest has previously been transmitted and who are obliged to take action. in order to enforce the right to protest. If the Customer does not agree with the decision of the data controller, or if the data controller fails to comply with the above 15-day deadline, the Customer may apply to a court within 30 days from the notification of the decision or the last day of the deadline. The lawsuit against the data controller may be initiated before the court competent according to the place of residence, according to the Client’s choice .
14.2 The Client’s legal enforcement possibilities are regulated by the Information Act and Act V of 2013. (Ptk.), And may also seek the assistance of the National Data Protection and Freedom of Information Authority in any matter related to Personal Data (1125 Budapest Szilágyi Erzsébet fasor 22 / C; postal address: 1530 Budapest, Pf. 5.).