Privacy and data security policy
Data of the Data Controller
Name of Data Controller: Pólótomat Kft (hereinafter: DATA CONTROLLER)
Registered office: 1074 Budapest, Alsó Erdősor 34., 1/8.Location: 1074 Budapest, Alsó Erdősor u. 34., 1/8
Physical location of data processing: 1066 Budapest, Jókai utca 16
Postal address:1074 Budapest, Alsó Erdősor u. 34., 1/8
E-mail
Address: [email protected]Tax number: 24233211-2-42
Address of website(s):
https://www.poloforma.hu hereinafter: ONLINE INTERFACE OF THE DATA CONTROLLER)Head of Data Processing: Mónika Piroska Oláh Managing Director
Introduction
DATA CONTROLLER’S ONLINE INTERFACE, browsing, DATA CONTROLLER
by using any of the services of the Data Controller,
by entering into any legal relationship or by providing the DATA CONTROLLER
By submitting any personal data, you agree to this Privacy Policy
and authorises the CONTROLLER to
in this Privacy and Data Security Policy
(hereinafter: RULES).Please if you notice any errors or problems that cause you to
You do not want to accept the terms of the RULES, in which case you
do not forward any personal data to the DATA CONTROLLER!The DATA CONTROLLER informs its contractual and non-contractual partners,
suppliers, employees, officers, of any nature
organised events (e.g. courses, trainings, etc.), any
(e.g. job advertisement), the website and all
the visitors of the online interface managed by it, the readers of this POLICY,
and any natural person to whomany personal data you are processing or will process in the future to:
processing of all personal data (hereinafter: DATA PROCESSING) in accordance with this
REGULATIONS.Documents of the Data Controller’s data protection regulation
Description
Online availability
Paper-based availability
Privacy and Data Security Policy.
(present document)
DATA CONTROLLER ONLINE
INTERFACE
(see page 1)
Physical location of data processing (see page 1)
Data processing register
none
Physical location of data processing
(see page 1)
Privacy and security
Collection of internal instructions
none
Physical location of data processing (see page 1)
Data processing consent
Statements
none
Physical location of data processing
(see page 1)
Privacy and data security
Declarations of Acceptance of the Rules
none
Physical location of data processing (see page 1)
Staff and officers
Statements
none
Physical location of data processing
(see page 1)
Bound by data processors
Contracts
none
Physical location of data processing
(see page 1)
Definitions
- “Personal data” means:
identified or
identifiable natural
(hereinafter:
CONCERNED)
any information;
identifiable
The natural
a person who
direct or
indirectly,
in particular a
identifier, such as
name, number,
location data,
Online ID
or
natural person
physical, physiological,
genetic, mental,
economic, cultural
or social
identity of the
one or
Several factors
.
‘processing’ means the processing of personal data or data
any operation carried out by automated or non-automated means, or
operations, such as collection, recording, systematization, articulation,
storage, transformation or alteration, query, consultation,
use, communication, transmission, distribution or other means
accessible
alignment or combination, restriction, deletion,
or destruction.
‘Data processing
restriction’: the
stored personal
Marking data
their future management
restrictions.
‘profiling’ means:
Personal data
automated management
any
the form of which
during the
personal data
a natural
personal
certain personal
characteristics,
in particular the
Workplace
performance,
economic situation,
health status,
Personal
preferences,
interest,
reliability,
behavior,
for location
or for movement
Related features
or
forecast.
‘pseudonymisation’ means the
Personal data
in a way
management of the
as a result of which
Learn more
without the use of
anymore
cannot be determined
and that
personal
data which
concrete natural
it concerns a person,
provided that
Such
More information
stored separately,
and technical
and organizational
measures
ensured that
identified or
identifiable natural
persons this
personal
no data
can be switched.
‘Registration
system” :
personal
data of any
–
centralized,
decentralised or
functional or
Geographical aspects
according to –
its structured stock,
which is defined as
By criteria
accessible.
‘controller’ means the
The natural
or legal
person, public authority
body, agency
or any
other body,
which is the
Personal data
management of the
and its tools
independently or
Together with others
determines; ha
Data processing
objectives and
tools of the
EU or
Member States’
Defined by law
and the
data controller, or
The Data Controller
designate
specific aspects of the
You can define it.
‘processor’ means the
The natural
or legal
person, public authority
body, agency
or any
other body,
which is the
On behalf of the Data Controller
personal data
Treats.
‘recipient’ means the
The natural
or legal
person, public authority
body, agency
or any
other body,
with whom you are
with which the
personal data
will be communicated independently
from the fact that
third party.
The public authority
bodies that
a unique
Within the framework of an investigation
The EU
or
by the law of the Member States
can be accessed in accordance with the
personal
data, not
addressee; data by those public authorities
processing must be consistent with the purposes for which the processing is carried out in accordance with the
applicable data protection rules.
“third party” means:
That a
natural or natural
legal entity,
a public authority,
agency or
any other
body that
not the same
CONCERNED, the
controller, the
data processor or
with those
persons who
The Data Controller
or data processor
direct management of the
under the
Personal data
Authority to manage the
received.
‘CONCERNED
‘DATA SUBJECT‘:
voluntary will of the
concrete and
on appropriate information
and
Clear
Declaration by which
AFFECTED STATEMENT
or
Reinforcement
unmistakably
expressive act
indicates that
to give your consent
gives the
concerning him
Personal data
management of the Society.
“Data breach“:
Security
injury
which is the
forwarded, stored
or other
treated in a way
Personal data
Accidental or
Unlawful
annulment,
loss of the
change of the
unauthorized disclosure
or
to them
unauthorized access
.
‘supervisory authority’ means:
a Member State
by the
GDPR 51.
in accordance with Article
established independent
public authority.
‘the supervisory authority concerned
‘authority’ means the
supervisory
authority
personal
Manage data
The following
one of the reasons
Concerns:
controller or processor of the
has an establishment in the territory of the Member State of the Member State;the processing significantly affects or is likely to affect
significantly affects the
persons residing; orcomplaint to that supervisory authority.
“cross-border processing of personal data” means:
processing of personal data in the EU for which the
Companies with establishments in more than one Member State
controller or processor located in several Member States
activities carried out at its places of business
will take place; orprocessing of personal data in the EU for which the
at a single place of business of the controller or processor
activities carried out in such a way that the
significantly affected or affected in more than one Member State
likely to have a significant impact on those affected.
‘relevant and
well-founded objection’:
the draft decision
against the
related to
The excuse is that
This
Regulation
whether it has been violated, or
that the
data controller or
the data processor
Planned
action in line with
whether there is a
Regulation; a
in the objection clearly
You need to
show the
by a draft decision
STAKEHOLDERS
fundamental rights and freedoms and, where appropriate, the protection of personal
risks to the free flow of data within the Union.
“Information
society
Related
service’ means the
(EU) 2015/1535
European Parliament
and Council
Directive (1)
Article 1 of the
(1)
(b)
service.
Principles of the DATA CONTROLLER
The DATA CONTROLLER adheres to the following principles for the processing of all personal data.
Purpose Limitation
Legality, fair trial Proportionality
Necessity Transparency Data Minimization
Accuracy
Secure storage and use Accountability
We will only process in accordance with the requirements of applicable laws
personal data.
Personal data will be treated confidentially, without the consent of the Data Subject
We do not disclose personal data to third parties, unless
We are obliged to do so by law.
We store your data as securely as possible.
Information for anyone
We give you the
About it
data if
This in writing
calls on the
above, Data
can be found in part
at our e-mail address
or postal
address.
We will delete the data stored about anyone if they request it in writing in accordance with the above,
You can find the data section at our e-mail address or postal address
.
Direct marketing messages (newsletters) only by subscribing
but the information necessary to use our services
You can send system messages without it.
In the course of data processing, personal data is only retained for the time that this
until the relationship with the DATA SUBJECT can be restored, i.e.
DATA CONTROLLER has the technical conditions that are required for the
connection.
The DATA CONTROLLER does not process special categories of personal data:
racial or ethnic origin, political opinions, religious or
personal statements of ideological beliefs or trade union membership.
data and the purpose of identifying natural persons
genetic and biometric data, health data and natural
information on the sex life or sexual orientation of a person
Personal data.
The DATA CONTROLLER ensures the safe storage of personal data. Paper
and other non-online data storage in a closed office
and in the case of online data, a password of sufficient strength
and other necessary protection.
The personal data obtained by the DATA CONTROLLER shall only be processed by those
employees who have access to the
they have a task.
The DATA CONTROLLER does not check the personal data provided to it
truthfulness of the Society, and does not take responsibility for them.
DATA CONTROLLER is not a multinational company, but only Hungary
activities, so it does not establish organisational regulations
and does not transfer data to a data controller or processor in another country
.
The DATA CONTROLLER declares that the provisions of this POLICY and the data protection of the DATA CONTROLLER
and the personal data of the DATA CONTROLLER
actual practice of data processing, legal and other
compliance with official regulations is solely the responsibility of the applicant,
damages arising from any errors in these
shall not hold any person responsible.
PURPOSE OF THE POLICY
This POLICY has been prepared to ensure that
natural persons who come into contact with the DATA CONTROLLER are subject to data protection and
data security rights and interests, as well as
transparency and transparency of what happens in relation to their data,
exercise of their right of disposal in the context of data protection and data security.
in accordance with the provisions of the legislation in force in the relevant areas,
In particular:
Regulation (EU) 2016/679: Regulation (EU) 2016/679 of the European Parliament and of the Council
(hereinafter: GDPR).Decree CXII. Act on the Right of Informational Self-Determination and the
on freedom of information (Privacy Act).Act CVIII of 2001 on the Electronic Commerce
services and information society
services.
Act XLVII of 2008 on unfair offences against consumers
prohibition of commercial practices.
Act XLVIII of 2008 on the basic
conditions and certain limitations.
Act XC of 2005 on Electronic Freedom of Information. 2003
Act C on Electronic Communications.
SCOPE OF THE POLICY
Temporal scope
From the 25th of May 2018 until the next amendment.
Personal scope
DATA CONTROLLER
Natural persons whose personal data are processed by the DATA CONTROLLER
.DATA CONTROLLER.
Natural persons whose rights or legitimate interests are protected by this
REGULATIONS.Partners of the DATA CONTROLLER involved in data processing.
Natural and legal persons to whom the CONTROLLER
data transfer.
Material scope
All data processing carried out by the DATA CONTROLLER and its
whether online, on paper or in any other way.
all personal data that exists in the same way.
Legal bases and lawfulness of data processing
We only process personal data if at least the
One of the following is true:
The Data Subject has given consent to one or more of the
for specific purposes;the processing is necessary for the performance of a contract in which
DATA SUBJECT is one of the parties or the party prior to the conclusion of the contract
necessary to take action at the request of the Data Subject;Data processing is a legal obligation of the data controller
necessary for the fulfilment of thethe data processing is carried out by the Data SUBJECT or by another natural person
vital interests of the European Union;processing in the interests of the Controller or a third party.
unless those interests are
overriding interests or fundamental rights and fundamental rights of the Data Subject
which require the protection of personal data;
especially if they are an AFFECTED child.
It shall be considered as voluntary consent if the DATA SUBJECT
or other online interface of the Data Controller, or by using one of the
By using this service, you accept the
policies, including this document.
If the DATA CONTROLLER operates a camera surveillance system, the Voluntary
consent if the DATA SUBJECT is informed in advance (even by oral means)
even a clearly visible sign or text in the monitored area)
After entering the monitored area.
Where the processing is based on consent, the controller must be able to:
to demonstrate that the processing of the data subject’s personal data
contributed.
Example: In the case of consent based on the use of a website, this
evidence of the rules and regulations placed on the website (contained in and/or
information about its acceptance.Example: In the case of camera surveillance, this proof is based on the
clearly visible information in the area.If the DATA SUBJECT gives his/her consent in the form of a written statement
which also applies to other cases, the request for consent shall be
clearly distinguishable from these other cases,
in an intelligible and easily accessible form, in a clear and
in simple language.
The DATA SUBJECT shall have the right to withdraw his/her consent at any time. A
withdrawal of consent shall be without prejudice to the use of consent
lawfulness of the processing before its withdrawal. Consent
The DATA SUBJECT shall be informed of this before giving the DATA SEE. Consent
should be made possible in the same simple way as the
Its specifying the right to be granted.
The consent of the Data Subject shall be considered voluntary if:
using a service or entering into a contract
was not conditional on consent to the processing of data
condition for which the service or contract of that data
is not strictly necessary.
Organisation of data processing
Within the data controller’s organisation, the data protection and data security
management tasks related to all data processing are carried out by the
DATA PROCESSING MANAGER (see page 1).
These management tasks include:
1.) Data processing tasks and permissions within the organization
.
2.) Employees directly involved in data processing
or indirect (through heads of departments)
management.
3.) Decision-making on the identity of partners other than the DATA CONTROLLER.
4.) Decision-making with external partners (also) affecting data processing
contracts to be concluded.
The DATA MANAGEMENT MANAGER is not responsible for the processing of personal data
owners or authorities. All responsibilities shall be held by the DATA CONTROLLER
.
The organisation of data processing includes the data processing
(hereinafter: STAFF).
EMPLOYEES are obliged to comply with this POLICY and the Privacy and
internal instructions related to data security.
EMPLOYEES are obliged to pay the
personal data used by them in accordance with these RULES and the
Internal instructions related to data protection and data security
in the manner specified in the collection of the Maritime Fund.
EMPLOYEES are obliged to provide data processing services from outside the DATA CONTROLLER.
immediate transmission of inquiries and enforcement of rights in relation to the
to the HEAD OF DATA PROCESSING.
STAFF are obliged to inform them of any information they have experienced
or the possibility of a personal data breach caused by them
report immediately to the HEAD OF DATA PROCESSING.
STAFF are obliged to do everything possible to ensure that the
personal data generated or used by them in the course of their work;
unauthorised persons or to prevent them from being disclosed to the organisation of data processing.
inside or outside it.
Further or individual data processing related to EMPLOYEES
duties and obligations of the staff and officers
statements, employee contracts and job descriptions,
may include.
Records of data processing activities
The data listed below
shall be kept by:
1.) Name and contact details of the DATA CONTROLLER (or, if there is a data protection officer,
then name, contact information)
2.) Purpose of data processing
3.) Scope (categories) of data subjects;
4.) Scope (categories) of data
5.) Scope (categories) of recipients
6.) whether data is transferred to a third country
7.) Deadline for the deletion of data
8.) Technical and organisational measures
The DATA CONTROLLER shall be at the disposal of the supervisory authority in the event of a request
the register.
Data breach
The DATA CONTROLLER shall keep a record of any personal data breaches,
which includes the data and data subjects involved in the incident, the
the time and other circumstances of the incident, its potential effects and the
measures taken to mitigate the negative impacts. These data
DATA CONTROLLER shall make it available to the supervisory authority if necessary.
The data breach shall be resolved by the DATA CONTROLLER without undue delay, and
If possible, no later than 72 hours after the data breach
shall notify the competent supervisory authority of the
unless the data breach is unlikely to result
rights and freedoms of natural persons. If the
is not reported within 72 hours, it must be accompanied by the
reasons for delay.
To the owners of personal data
(hereinafter: DATA SUBJECTS) rights and opportunities
DATA SUBJECTS with their rights and options listed below DATA CONTROLLER
to your e-mail address (see page 1) or postal address (see page 1)
sent by the European Union. In connection with these requests, the DATA CONTROLLER
shall proceed as follows.
DATA CONTROLLER without undue delay, but in any case, the request
informs the Data Subject within one month of receipt of the
following a request to exercise the rights listed below
measures.
Where necessary, taking into account the complexity of the application and the
this deadline may be extended by a further two months. The deadline
the data controller shall indicate the reasons for the delay in the
within one month of receipt of the request
CONCERNED. If the DATA SUBJECT submitted the request electronically, the
information shall be provided electronically where possible, unless:
if the DATA SUBJECT requests otherwise.
If the CONTROLLER fails to take action on the request of the Data SUBJECT, the delay shall be
but no later than one month from the receipt of the request
inform the DATA SUBJECT of the reasons for the failure to take action, and
that the DATA SUBJECT may lodge a complaint with a supervisory
authority and may exercise their right to judicial remedy.
Information on how to exercise the rights listed below,
information and measures shall be provided free of charge by the DATA CONTROLLER, except for
if the request of the DATA SUBJECT is manifestly unfounded or, in particular,
repetitive nature – exaggerated. In this case, the DATA CONTROLLER, taking into account the
information or information requested or by the
administrative costs of the implementation of the Tax Administration:
charge a reasonable fee, or
may refuse to take action on the basis of the request.
Proof that the application is manifestly unfounded or excessive
the responsibility of the data controller.
Pursuant to Act CXII of 2011, the DATA CONTROLLER is obliged to refuse to
information in the event of an international treaty, law, or
a binding legal provision of the European Union
receives personal data in such a way that the transferor to the
indicates the restriction prescribed by the given law during transmission.
Pursuant to Act CXII of 2011, the DATA CONTROLLER is obliged to refuse to
information even in the event of an external and internal
the economic interest of the state or local governments, the
economic interests, or professional disciplinary or ethical
prevention and detection of misconduct or breaches of labour law
or to protect the rights of the DATA SUBJECT or others.
Requests for information rejected on the basis of the above shall be communicated to all Data Controllers
by the end of the year, the National Data Protection and Freedom of Information Act
Authority.
1.) Right of access (right to information)
The DATA SUBJECT shall have the right to receive feedback from the Data Controller on the
whether your personal data is being processed and whether your
processing is in progress, the right to have the personal data
data and related information listed below
access to the Finns Party.
At the request of the Data Subject, the CONTROLLER shall provide the DATA SUBJECT with information on the
in relation to the following questions related to the personal data processed by him/her:
Purposes of data processing
Categories of personal data COVERED
recipients or categories of recipients with whom or
to whom the personal data has been or will be disclosed,
including, in particular, recipients from third countries or
international organisations
where applicable, the planned period for which the personal data will be stored;
or, if this is not possible, the determination of that period
Aspects
Data Subject’s right to request from the controller the
rectification, erasure or processing of personal data relating to the
and object to the processing of such personal data
against
the right to lodge a complaint with a supervisory authority
if the data were not collected from a DATA SUBJECT, the data relating to their source
All available informationAutomated procedures related to data processing (e.g. profile
its operating mechanisms, logic, and
significance and possible effects on the DATA SUBJECT.The circumstances of the data breaches, and
the actions taken in response to these incidents.
If personal data is transferred to a third country or an international organisation
is forwarded to the data subject, the DATA SUBJECT shall have the right to
be informed about the transfer in accordance with the GDPR
appropriate guarantees under Article 46 of the Decree.
In the case of the Data Subject’s request, the data controller shall
provides the copy of the personal data to the Data Subject. AFFECTED
additional copies requested by the Controller, the Controller shall
reasonable fee based on costs. IF YOU ARE CONCERNED
submitted the application electronically, the information is provided by a wide range of
in a commonly used electronic format,
unless otherwise requested by the Data Subject. Right to request a copy
not adversely affect the rights and freedoms of others.
2.) Right to rectification
The DATA SUBJECT shall have the right to request the data controller to provide unjustified
correct without delay any inaccurate personal information relating to him/her.
data. Taking into account the purpose of data processing, the Data Subject shall have the right to:
to request the disclosure of incomplete personal data, including additional
supplemented by a declaration.
3.) Right to erasure (“right to be forgotten”)
The DATA SUBJECT shall have the right to request the data controller to provide unjustified
delete personal data relating to him or her without delay,
the controller is obliged to disclose the personal data relating to the DATA SUBJECT
without undue delay if the following reasons
one of the following:
personal data are no longer necessary for the purpose for which they
collected or otherwise treatedthe Data Subject withdraws his/her consent constituting the basis of data processing,
and there is no other legal basis for the processing
The Data Subject objects to the data processing and has no priority
legitimate grounds for the processing
the personal data was unlawfully processed;
personal data are processed in accordance with the EU or
legal obligation under national law, to
At
If the controller has disclosed the personal data and it is
is required to delete the data in accordance with the above, then the available technology and the
taking into account the costs of implementation, it will take reasonable steps to
measures, including technical measures, to ensure that
to inform the controllers processing the data that
DATA SUBJECT requested from them the data relating to the personal data in question
links or copies or copies of this personal data
deletion of the Eva.
The deletion of the data cannot be carried out even if the above is met,
In the event that:
a.) The processing is necessary for the freedom of expression and the
right to information.
b.) The processing is necessary for the purposes of the processing of personal data,
applicable to the controller under Union or Member State law.
obligations or in the public interest or on the basis of a
exercise of delegated public authority
implementation of the Labour Code.
c.) The public interest in the field of public health is necessary for data processing
.
d.) The data processing is necessary for archiving in the public interest, scientific
and for historical research or statistical purposes, where the
would be likely to make it impossible or seriously
would jeopardise this data processing.
e.) The processing is necessary for the presentation of legal claims,
enforcement and protection.
3.) Right to restriction of processing
The DATA SUBJECT shall have the right to have the DATA CONTROLLER restrict, at his request, the
processing if one of the following is true:
DATA SUBJECT contests the accuracy of the personal data, in which case the
restriction applies to the period of time that allows the
to verify the accuracy of the personal data.The data processing is unlawful, but the Data Subject opposes the deletion of the data,
and instead asks for a restriction on their use.The DATA CONTROLLER no longer needs the personal data data processing
but the DATA SUBJECT requires them to bring legal claims,
enforcement or protection.The Data Subject objected to the data processing. In this case, the restriction
for the period until it is established that the
the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject
against its reasons.
With the exception of storage, the personal data subject to the restriction will only be
with the consent of the Data Subject, or for the submission of legal claims,
or for the defence of the
protection of the rights of the European Union or of a Member State.
important public interest.
In case of lifting the restriction, the DATA CONTROLLER shall inform the CONTROLLER in advance
CONCERNED.
In the event of rectification, deletion or restriction, the DATA CONTROLLER shall
the recipient with whom and with whom the personal data is
unless this proves impossible or disproportionately large.
effort. At the request of the Data Subject, the DATA CONTROLLER shall inform the
recipients.
4.) Right to data portability
If the processing is carried out by automated means and on the basis of consent or
contract, the DATA SUBJECT shall be entitled to obtain the
the personal data provided by the CONTROLLER to the CONTROLLER,
in a widely used machine-readable format, and
have the right to have these data processed by another data controller
without hindrance from the CONTROLLER. In this case, if this is the case,
technically feasible – the DATA SUBJECT may request the CONTROLLER to provide further
direct transmission to data controllers.
The right to data portability does not apply in cases where
processing is carried out on the basis of public interest or official authority vested in the
in the exercise of its powers
necessary.
The right to data portability must not adversely affect the rights of others
and freedoms.
5.) Right to object
If, according to the legal basis of the data processing, the DATA CONTROLLER or a third party
necessary for the enforcement of his or her legitimate interests, the DATA SUBJECT shall have the right to
to object at any time for reasons related to his own situation;
against the processing of your personal data.
In this case, the DATA CONTROLLER may no longer process the personal data,
unless it demonstrates that the processing is carried out by compelling
justified by legitimate reasons which override the interests of the DATA SUBJECT,
rights and freedoms of the European Union, or which may seek legal
put forward, exercise or defence of the Society.
If the processing of personal data for direct marketing purposes
the DATA SUBJECT shall have the right to object at any time to the
processing of personal data for this purpose.
According to the previous paragraph, AFFECTED in that
object, for example, to the sale of your personal data,
if you have previously consented to this.
If the Data Subject objects to the direct marketing of personal data
processing of personal data for the purposes of the
can no longer be processed for this purpose.
Legal remedy
If the DATA SUBJECT experiences a missed deadline on the part of the DATA CONTROLLER, then
30 days after receiving the decision received late,
to go to court within the time limit.
If the DATA SUBJECT experiences a violation of the law on the part of the DATA CONTROLLER, the
to go to court. The lawfulness of data processing must be verified by the DATA CONTROLLER
to prove it.
In case of violation of your rights to informational self-determination, you are AFFECTED by a complaint
You can make action against the supervisory authority:
National Authority for Data Protection and Freedom of Information Address: 1125 Budapest,
Szilágyi Erzsébet fasor 22/c Phone: +36 (1) 391-1400 Fax: +36 (1)
391-1410
Hateful, exclusionary content, insulting or endangering minors
content, violation of good repute and the rights of a deceased person.
In the event of a violation, the authority shall:
National Media and Infocommunications Authority 1015 Budapest, Ostrom u. 23-25.
Postal address: 1525. Pf. 75
Phone: (06 1) 457 7100
Fax: (06 1) 356 5520
List of data processing carried out by the DATA CONTROLLER
DATA CONTROLLER processes or processes data in the following cases, for the purposes listed below, or
may process personal data.
The DATA CONTROLLER shall provide the data processing not listed below in writing
informs the DATA SUBJECTS, who are also able to give their consent in writing
to give you a new one.
Online form, e-mail address
On the ONLINE INTERFACE OF THE DATA CONTROLLER, the request for quotation that can be filled in by visitors
(or other) form(s) or at the public e-mail addresses of the DATA CONTROLLER
personal data voluntarily submitted to the DATA CONTROLLER
to the password-protected e-mail account of the DATA CONTROLLER and (in the case of a form) the DATA CONTROLLER
ONLINE INTERFACE, also password-protected
arrive.
These include positions published by the DATA CONTROLLER (job advertisement),
Applications for courses or any other events.
Scope of processed personal data:
Name
Phone number
Email address
Other information (purpose of contact)
Photo
Curriculum vitae
Motivation letter
Any other personal data that is not provided by the DATA CONTROLLER
in an obstructionable manner, the DATA SUBJECT forwards the DATA CONTROLLER to the CONTROLLER.
Legal basis of data processing: voluntary consent.
Categories of data subjects: any natural person who has
provides personal data to the DATA CONTROLLER in certain ways.
Purpose of data processing: Information or quotation for the DATA SUBJECT
or in the case of initiating a customer relationship, the
management and communication necessary for the creation of the company.
Duration of data processing: question or task initiated by the Data Subject
or other activity or the DATA CONTROLLER’s
until the participation of the Society.
In accordance with the purpose of data processing, the DATA CONTROLLER consents to the
contact him or her using the contact details provided.
The Infotv. 65 (3) a) of the Criminal Procedure Act does not lead to data protection
records of the data processing carried out by the Authority with the
participation in employment, membership, kindergarten education
student or apprenticeship relationship, dormitory
or – financial institutions, public utility service providers,
with the exception of customers of electronic communications service providers,
data of persons in contact with customers.
In the case of a customer relationship, the processing of data does not have to be
register if there is a dispute between the data controller and the DATA SUBJECT
in a legal relationship
the data are collected directly from the DATA SUBJECTS,
the purpose of data processing is known to the Data Subject,
type of data to be processed, duration of data processing (data deletion)
predetermined,the data is only in the context of the pre-defined purpose
use it,the data are not removed from the processing of the data controller,
AFFECTED PARTIES shall be duly informed.
Personal data used for the operation of the webshop
Webshop order placed through the ONLINE INTERFACE OF THE DATA CONTROLLER
or registration by the DATA SUBJECT, the person used to place the order
form or registration form to complete your order
required personal data and/or register
to the webshop. These data are transferred to the password-protected e-mail account of the DATA CONTROLLER and
DATA CONTROLLER’S ONLINE INTERFACE, also password-protected
database.
Scope of processed personal data:
Name
Billing address
Delivery address
Phone number
Email address
Order content
Other information about the order
IP address at the time of order
Date of registration/purchase
Legal basis of data processing: voluntary consent and legal
ObligationScope of data subjects: any natural person who is a DATA CONTROLLER
You place an order in the ONLINE WEBSHOP or
register.Purpose of data processing: Fulfilment of an order and then statistical and
customer relationship orientation.Duration of data processing: until deletion at the request of the Data Subject, invoices
Section 169 (2) of Act C of 2000 on Accounting
for 8 years.The data processor entitled to access the data is the data subject to the
an entrusted accounting firm or a natural person whose identity is
recorded in the data processing register and the DATA CONTROLLER request
informs the Data Subject. The duration of the data processing is
until the performance of the statutory tasks required for accounting
lasts. Scope of data: name, billing address, name of the order,
invoice amount.—
I understand that Simon Alma E.V. 6600 Szentes, dr. Várady Lipót Árpád u 37.
https://poloforma.hu/ following personal data stored in your user database,
my data will be transferred to OTP Mobil Kft. as a data processor. The
The scope of data transmitted by the Data Controller is as follows: name, address, amount to be paid, purchase
amount, shipping cost, content of purchase.The nature and purpose of the data processing activity carried out by the data processor
SimplePay Privacy Policy can be viewed at the following link:
http://simplepay.hu/vasarlo-aff—
Data processor courier delivery entitled to access the data
If you choose, until the delivery is completed:
Courier service: Paketpiac Kft., Gödöllő, Németh László u. 1/b, 2100
SCOPE OF DATA SUBJECTS: customers who choose courier delivery.
Scope of data to be transferred: name, address, telephone number, e-mail address,
amount to be paid (only if you choose cash on delivery).
Conclusion of an agreement
Data Management
If the provision of any of the services of the DATA CONTROLLER is subject to an agreement
in respect of the personal data contained in this Agreement
processing is carried out if the other party is a natural person or if it is a legal
a person who is represented by a natural person
(contact person) who is included in the agreement.
Scope of processed personal data:
Name
Phone number
Email address
Service description
Remuneration
Bank Account Number
Rights, obligations and other conditions
Legal basis of data processing: voluntary consent (contact person
or processing for the performance of a contract
to which the data subject is a party or a party to the
Steps taken at the request of the data subject prior to concluding the
necessary for the implementation of theCategories of data subjects: any natural person who:
DATA CONTROLLER – in addition to providing your personal data –
or a legal entity entering into an agreement with the DATA CONTROLLER
acts.Purpose of data processing: conclusion of an agreement, performance of a service,
customer relationship.Duration of data processing: rights arising from the agreement and
obligations expire, in the case of invoices, the
Pursuant to Section 169 (2) of Act C of 2000, for 8 years.In the case of invoices, the data processor entitled to access the data is the
an accounting firm or a natural person commissioned by the DATA CONTROLLER,
whose identity is recorded in the data processing register and about whom
The DATA CONTROLLER shall inform the Data SUBJECT upon request. Data processing
the duration of the statutory tasks required for accounting
until the completion of the project. Scope of data: name, billing address, order
name, invoice amount.
Data processing related to employee data
DATA CONTROLLER shall process the personal data of employees in employment contracts and
documents related to them (e.g. job description) and in the
reporting obligations prescribed by law (tax and customs administration,
health fund) and payroll accounting.
necessary programs and databases.
Scope of processed personal data:
Name
Phone number
Email address
Bank Account Number
Tax identification number
Place and date of birth
Mother’s birth name
Nationality
Start and termination of your insurance relationship
Duration of insurance pause
Insurance Code
FEOR number
Working hours
Social security number
Education, professional qualification
Wages
All other data related to the exercise of the employment relationship:
e.g.: salary grade, job description, etc.)Legal basis of data processing: voluntary consent and legal
obligation. Scope of data subjects: Employees of the DATA CONTROLLER
Purpose of data processing: necessary for the employment of employees
management and organisational tasks, as well as the involvement of workers and
obligations to public authorities.
Duration of data processing: rights and obligations arising from the employment relationship
Until the expiry of the Statute of Limitations.
Personal data used to send newsletters
ONLINE INTERFACE OF THE DATA CONTROLLER and outside of it, by filling in a statement
It is possible to subscribe to our newsletter, in the framework of which the
We can send information to the e-mail address provided at the time of registration
about our events, offers, promotions and other important
information.
Subscription is voluntary, and its absence has no restrictions or disadvantages
It doesn’t work.
Your subscription
and with this
together with the
By sending newsletter
Related
from the register to the
Your personal data
delete all
Subscribed
we will do it if
This in writing
calls on the
above, Data
can be found in part
at our e-mail address
or postal
through our address,
or
sent in e-mails
Unsubscriber
link
. This
followed by several
no newsletter
We will send you.
Scope of data subjects: on the website for newsletter
subscribers.Purpose of data collection: sending newsletters, DM letters (information on the
business-related opportunities, changes, novelties,
discounts and other important information.)Duration of data processing: until deletion at the request of the data subject (in accordance with the
until unsubscribing from the newsletter.)Data covered: Name, e-mail address, date of subscription,
IP address at the time of subscription.
Hosting provider
The technical conditions for the operation of the DATA CONTROLLER’S ONLINE INTERFACE are provided by:
IT PROGRESS Kft. (hereinafter: HOSTING PROVIDER)
Address: 3534 Miskolc, Gagarin utca 1. C. lház. FSZT. 3. Email Address:[email protected]
Phone: +36 20 521 4224
Personal data generated or received on the CONTROLLER’S ONLINE INTERFACE
data CONTROLLER is at its disposal, with a password-protected
through the administration interface, all the
processing (e.g. deletion), so that the
HOSTING PROVIDER as a data processor. DATA CONTROLLER
hereby informs all natural persons who are DATA CONTROLLER
PERSONAL DATA IS TRANSMITTED THROUGH ITS ONLINE INTERFACE data CONTROLLER
that despite this, the HOSTING PROVIDER – interpretation of the law
– it can still legally qualify as a data processor.
Cookies
Cookies are codes that websites use to provide users with
placed on your computer, most of the time with the aim of
For subsequent visits from that computer, information will be
previous visits.
Cookies are linked to browsers, so if you use a computer
for example, a web page is visited using the Chrome browser,
then in the case of a subsequent visit from the same computer,
only then will the website have information about the previous visit
if the subsequent
visit.
You have the option of using cookies stored in your computer’s browsers
and to disable the
websites to place cookies in the given browser. These
The location of the features may vary from browser to browser, but in general, the
settings or security. All
browser has a user manual (usually under the help heading).
These contain detailed information on the
settings.
When you visit our website, your browser will be able to use two types of cookies
Direct cookies and indirect cookies may be placed.
Ones that we place in your browser on the website
(direct) and those that are used by our website
external services used (indirect).
Direct cookies used by our website:
Session ID:
When you open the website, a signal may be generated
is to give the website information about when it will reach
end of this visit. So that you know when browsing that this is still the same
whether the visit is new or new. This is necessary so that if you
you log in to your account or add something to your shopping cart,
then this information will be retained until the end of your visit. So the
do not lose your login when switching between different menu items,
and the products you put in the cart should not be deleted.
The session ID cannot be considered according to all legal interpretations
cookie, as it is deleted when you close the browser, so it does not remain there
user’s computer. However, there is an interpretation of the law according to which:
It is considered a cookie, which is why it is listed here, in the cookies section.
Coupon cookie:
In case you get a discount coupon offer in the shopping cart, you can
a cookie may be created for the purpose of providing the
so that the website does not disturb you on future visits
You with the same offer. The coupon system is not always available, or
used in connection with all products. When not in use,
then no such cookie will be created.
Indirect cookies that may be generated when you use our website.
Below is a list of third-party service providers that
services of our website using plug-ins (scripts)
He uses it. These services are used for statistical, marketing and
customer relationship purposes and to this end they use their plug-in codes to
cookies.
We have no say in their privacy policy, but if we find a violation of the law,
We perceive them, we can decide not to use them anymore. The
In the following, next to the name of each service provider, we indicate the data processing
information of the Consumer Protection Agency. Please if you notice any violation
experience with them, please let us know in the above, “Our Data”
contact details in the section so that we can make the
necessary steps.
List of external providers:
Google Inc http://www.google.hu/policies/technologies/ads/
Facebook:
https://www.facebook.com/policies
Supervisory body
If you find a violation of the law in our data processing, you may be subject to the National Data Protection and
You can file a complaint with the Freedom of Information Authority:
National Authority for Data Protection and Freedom of Information 1125 Budapest,
Szilágyi Erzsébet fasor 22/C. Mailing address: 1530 Budapest, P.O. Box:
5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail:[email protected]