FREE shipping over 15000 Ft.

Privacy and data security policy

  1. Data of the Data Controller

    Name of Data Controller: Pólótomat Kft (hereinafter: DATA CONTROLLER)
    Registered office: 1074 Budapest, Alsó Erdősor 34., 1/8.

    Location: 1074 Budapest, Alsó Erdősor u. 34., 1/8

    Physical location of data processing: 1066 Budapest, Jókai utca 16

    Postal address:1074 Budapest, Alsó Erdősor u. 34., 1/8

    E-mail
    Address: [email protected]

    Tax number: 24233211-2-42

    Address of website(s):
    https://www.poloforma.hu hereinafter: ONLINE INTERFACE OF THE DATA CONTROLLER)

    Head of Data Processing: Mónika Piroska Oláh Managing Director

    Introduction

    DATA CONTROLLER’S ONLINE INTERFACE, browsing, DATA CONTROLLER
    by using any of the services of the Data Controller,
    by entering into any legal relationship or by providing the DATA CONTROLLER
    By submitting any personal data, you agree to this Privacy Policy
    and authorises the CONTROLLER to
    in this Privacy and Data Security Policy
    (hereinafter: RULES).

    Please if you notice any errors or problems that cause you to
    You do not want to accept the terms of the RULES, in which case you
    do not forward any personal data to the DATA CONTROLLER!

    The DATA CONTROLLER informs its contractual and non-contractual partners,
    suppliers, employees, officers, of any nature
    organised events (e.g. courses, trainings, etc.), any
    (e.g. job advertisement), the website and all
    the visitors of the online interface managed by it, the readers of this POLICY,
    and any natural person to whom

     

  2. any personal data you are processing or will process in the future to:
    processing of all personal data (hereinafter: DATA PROCESSING) in accordance with this
    REGULATIONS.

    Documents of the Data Controller’s data protection regulation

    Description

    Online availability

    Paper-based availability

    Privacy and Data Security Policy.

(present document)

DATA CONTROLLER ONLINE

INTERFACE
(see page 1)

Physical location of data processing (see page 1)

Data processing register

none

Physical location of data processing

(see page 1)

Privacy and security

Collection of internal instructions

none

Physical location of data processing (see page 1)

Data processing consent

Statements

none

Physical location of data processing

(see page 1)

Privacy and data security

Declarations of Acceptance of the Rules

none

Physical location of data processing (see page 1)

Staff and officers

Statements

none

Physical location of data processing

(see page 1)

Bound by data processors

Contracts

none

Physical location of data processing

(see page 1)

Definitions

  1. “Personal data” means:
    identified or
    identifiable natural
    (hereinafter:
    CONCERNED)
    any information;
    identifiable
    The natural
    a person who
    direct or
    indirectly,
    in particular a
    identifier, such as
    name, number,
    location data,
    Online ID
    or
    natural person
    physical, physiological,
    genetic, mental,
    economic, cultural
    or social
    identity of the
    one or
    Several factors
    .

     

  • ‘processing’ means the processing of personal data or data
    any operation carried out by automated or non-automated means, or
    operations, such as collection, recording, systematization, articulation,
    storage, transformation or alteration, query, consultation,
    use, communication, transmission, distribution or other means
    accessible

    alignment or combination, restriction, deletion,
    or destruction.

    ‘Data processing
    restriction’: the
    stored personal
    Marking data
    their future management
    restrictions.

  • ‘profiling’ means:
    Personal data
    automated management
    any
    the form of which
    during the
    personal data
    a natural
    personal
    certain personal
    characteristics,
    in particular the
    Workplace
    performance,
    economic situation,
    health status,
    Personal
    preferences,
    interest,
    reliability,
    behavior,
    for location
    or for movement
    Related features
    or
    forecast.

    ‘pseudonymisation’ means the
    Personal data
    in a way
    management of the
    as a result of which
    Learn more
    without the use of
    anymore
    cannot be determined
    and that
    personal
    data which
    concrete natural
    it concerns a person,
    provided that
    Such
    More information
    stored separately,
    and technical
    and organizational
    measures
    ensured that
    identified or
    identifiable natural
    persons this
    personal
    no data

    can be switched.

    ‘Registration
    system” :
    personal
    data of any

    centralized,
    decentralised or
    functional or
    Geographical aspects
    according to
    its structured stock,
    which is defined as
    By criteria
    accessible.

    ‘controller’ means the
    The natural
    or legal
    person, public authority
    body, agency
    or any
    other body,
    which is the
    Personal data
    management of the
    and its tools
    independently or
    Together with others
    determines; ha
    Data processing
    objectives and
    tools of the
    EU or
    Member States’
    Defined by law
    and the
    data controller, or
    The Data Controller
    designate

    specific aspects of the
    You can define it.

     

  • ‘processor’ means the
    The natural
    or legal
    person, public authority
    body, agency
    or any
    other body,
    which is the
    On behalf of the Data Controller
    personal data
    Treats.

  • ‘recipient’ means the
    The natural
    or legal
    person, public authority
    body, agency
    or any
    other body,
    with whom you are
    with which the
    personal data
    will be communicated independently
    from the fact that
    third party.
    The public authority
    bodies that
    a unique
    Within the framework of an investigation
    The EU
    or
    by the law of the Member States
    can be accessed in accordance with the
    personal
    data, not

    addressee; data by those public authorities
    processing must be consistent with the purposes for which the processing is carried out in accordance with the
    applicable data protection rules.

    “third party” means:
    That a
    natural or natural
    legal entity,
    a public authority,
    agency or
    any other
    body that
    not the same
    CONCERNED, the
    controller, the
    data processor or
    with those
    persons who
    The Data Controller
    or data processor
    direct management of the
    under the
    Personal data
    Authority to manage the
    received.

    ‘CONCERNED
    DATA SUBJECT‘:
    voluntary will of the
    concrete and
    on appropriate information
    and
    Clear
    Declaration by which
    AFFECTED STATEMENT
    or
    Reinforcement
    unmistakably
    expressive act
    indicates that
    to give your consent
    gives the
    concerning him
    Personal data
    management of the Society.

    “Data breach“:
    Security
    injury
    which is the
    forwarded, stored
    or other
    treated in a way
    Personal data
    Accidental or
    Unlawful
    annulment,
    loss of the
    change of the
    unauthorized disclosure
    or
    to them
    unauthorized access
    .

    ‘supervisory authority’ means:
    a Member State
    by the
    GDPR 51.
    in accordance with Article
    established independent
    public authority.

    ‘the supervisory authority concerned
    ‘authority’ means the
    supervisory
    authority
    personal
    Manage data
    The following
    one of the reasons
    Concerns:

    1. controller or processor of the
      has an establishment in the territory of the Member State of the Member State;

    2. the processing significantly affects or is likely to affect
      significantly affects the
      persons residing; or

       

    3. complaint to that supervisory authority.

  • “cross-border processing of personal data” means:

    1. processing of personal data in the EU for which the
      Companies with establishments in more than one Member State
      controller or processor located in several Member States
      activities carried out at its places of business
      will take place; or

       

    2. processing of personal data in the EU for which the
      at a single place of business of the controller or processor
      activities carried out in such a way that the
      significantly affected or affected in more than one Member State
      likely to have a significant impact on those affected.

    ‘relevant and
    well-founded objection’:
    the draft decision
    against the
    related to
    The excuse is that
    This
    Regulation
    whether it has been violated, or
    that the
    data controller or
    the data processor
    Planned
    action in line with
    whether there is a
    Regulation; a
    in the objection clearly
    You need to
    show the
    by a draft decision
    STAKEHOLDERS

    fundamental rights and freedoms and, where appropriate, the protection of personal
    risks to the free flow of data within the Union.

    “Information
    society
    Related
    service’ means the
    (EU) 2015/1535
    European Parliament
    and Council
    Directive (1)
    Article 1 of the
    (1)
    (b)

    service.

    Principles of the DATA CONTROLLER

    The DATA CONTROLLER adheres to the following principles for the processing of all personal data.
    Purpose Limitation

    Legality, fair trial Proportionality

    Necessity Transparency Data Minimization

     

  • Accuracy

  • Secure storage and use Accountability

    We will only process in accordance with the requirements of applicable laws
    personal data.

    Personal data will be treated confidentially, without the consent of the Data Subject
    We do not disclose personal data to third parties, unless
    We are obliged to do so by law.

    We store your data as securely as possible.

    Information for anyone
    We give you the
    About it
    data if
    This in writing
    calls on the
    above, Data
    can be found in part
    at our e-mail address
    or postal
    address.

    We will delete the data stored about anyone if they request it in writing in accordance with the above,
    You can find the data section at our e-mail address or postal address
    .

    Direct marketing messages (newsletters) only by subscribing
    but the information necessary to use our services
    You can send system messages without it.

    In the course of data processing, personal data is only retained for the time that this
    until the relationship with the DATA SUBJECT can be restored, i.e.
    DATA CONTROLLER has the technical conditions that are required for the
    connection.

    The DATA CONTROLLER does not process special categories of personal data:
    racial or ethnic origin, political opinions, religious or
    personal statements of ideological beliefs or trade union membership.
    data and the purpose of identifying natural persons
    genetic and biometric data, health data and natural
    information on the sex life or sexual orientation of a person
    Personal data.

    The DATA CONTROLLER ensures the safe storage of personal data. Paper
    and other non-online data storage in a closed office
    and in the case of online data, a password of sufficient strength
    and other necessary protection.

     

  • The personal data obtained by the DATA CONTROLLER shall only be processed by those
    employees who have access to the
    they have a task.

    The DATA CONTROLLER does not check the personal data provided to it
    truthfulness of the Society, and does not take responsibility for them.

    DATA CONTROLLER is not a multinational company, but only Hungary
    activities, so it does not establish organisational regulations
    and does not transfer data to a data controller or processor in another country
    .

  • The DATA CONTROLLER declares that the provisions of this POLICY and the data protection of the DATA CONTROLLER
    and the personal data of the DATA CONTROLLER
    actual practice of data processing, legal and other
    compliance with official regulations is solely the responsibility of the applicant,
    damages arising from any errors in these
    shall not hold any person responsible.

    PURPOSE OF THE POLICY

    This POLICY has been prepared to ensure that
    natural persons who come into contact with the DATA CONTROLLER are subject to data protection and
    data security rights and interests, as well as
    transparency and transparency of what happens in relation to their data,
    exercise of their right of disposal in the context of data protection and data security.
    in accordance with the provisions of the legislation in force in the relevant areas,
    In particular:

    • Regulation (EU) 2016/679: Regulation (EU) 2016/679 of the European Parliament and of the Council
      (hereinafter: GDPR).

    • Decree CXII. Act on the Right of Informational Self-Determination and the
      on freedom of information (Privacy Act).

    • Act CVIII of 2001 on the Electronic Commerce
      services and information society
      services.

     

  • Act XLVII of 2008 on unfair offences against consumers
    prohibition of commercial practices.

    Act XLVIII of 2008 on the basic
    conditions and certain limitations.

    Act XC of 2005 on Electronic Freedom of Information. 2003
    Act C on Electronic Communications.

    SCOPE OF THE POLICY

    Temporal scope

    From the 25th of May 2018 until the next amendment.

    Personal scope

    • DATA CONTROLLER

    • Natural persons whose personal data are processed by the DATA CONTROLLER
      .

    • DATA CONTROLLER.

    • Natural persons whose rights or legitimate interests are protected by this
      REGULATIONS.

    • Partners of the DATA CONTROLLER involved in data processing.

    • Natural and legal persons to whom the CONTROLLER
      data transfer.

    Material scope

  • All data processing carried out by the DATA CONTROLLER and its
    whether online, on paper or in any other way.
    all personal data that exists in the same way.

     

  • Legal bases and lawfulness of data processing

    We only process personal data if at least the
    One of the following is true:

    1. The Data Subject has given consent to one or more of the
      for specific purposes;

    2. the processing is necessary for the performance of a contract in which
      DATA SUBJECT is one of the parties or the party prior to the conclusion of the contract
      necessary to take action at the request of the Data Subject;

    3. Data processing is a legal obligation of the data controller
      necessary for the fulfilment of the

    4. the data processing is carried out by the Data SUBJECT or by another natural person
      vital interests of the European Union;

    5. processing in the interests of the Controller or a third party.
      unless those interests are
      overriding interests or fundamental rights and fundamental rights of the Data Subject
      which require the protection of personal data;
      especially if they are an AFFECTED child.

    It shall be considered as voluntary consent if the DATA SUBJECT
    or other online interface of the Data Controller, or by using one of the
    By using this service, you accept the
    policies, including this document.

    If the DATA CONTROLLER operates a camera surveillance system, the Voluntary
    consent if the DATA SUBJECT is informed in advance (even by oral means)
    even a clearly visible sign or text in the monitored area)
    After entering the monitored area.

    Where the processing is based on consent, the controller must be able to:
    to demonstrate that the processing of the data subject’s personal data
    contributed.

    1. Example: In the case of consent based on the use of a website, this
      evidence of the rules and regulations placed on the website (contained in and/or
      information about its acceptance.

    2. Example: In the case of camera surveillance, this proof is based on the
      clearly visible information in the area.

      If the DATA SUBJECT gives his/her consent in the form of a written statement
      which also applies to other cases, the request for consent shall be
      clearly distinguishable from these other cases,
      in an intelligible and easily accessible form, in a clear and
      in simple language.

  • The DATA SUBJECT shall have the right to withdraw his/her consent at any time. A
    withdrawal of consent shall be without prejudice to the use of consent
    lawfulness of the processing before its withdrawal. Consent
    The DATA SUBJECT shall be informed of this before giving the DATA SEE. Consent
    should be made possible in the same simple way as the
    Its specifying the right to be granted.

    The consent of the Data Subject shall be considered voluntary if:
    using a service or entering into a contract
    was not conditional on consent to the processing of data
    condition for which the service or contract of that data
    is not strictly necessary.

    Organisation of data processing

    Within the data controller’s organisation, the data protection and data security
    management tasks related to all data processing are carried out by the
    DATA PROCESSING MANAGER (see page 1).

    These management tasks include:

    1.) Data processing tasks and permissions within the organization
    .

    2.) Employees directly involved in data processing
    or indirect (through heads of departments)
    management.

    3.) Decision-making on the identity of partners other than the DATA CONTROLLER.

    4.) Decision-making with external partners (also) affecting data processing
    contracts to be concluded.

  • The DATA MANAGEMENT MANAGER is not responsible for the processing of personal data
    owners or authorities. All responsibilities shall be held by the DATA CONTROLLER
    .

    The organisation of data processing includes the data processing
    (hereinafter: STAFF).

    EMPLOYEES are obliged to comply with this POLICY and the Privacy and
    internal instructions related to data security.

    EMPLOYEES are obliged to pay the
    personal data used by them in accordance with these RULES and the
    Internal instructions related to data protection and data security
    in the manner specified in the collection of the Maritime Fund.

    EMPLOYEES are obliged to provide data processing services from outside the DATA CONTROLLER.
    immediate transmission of inquiries and enforcement of rights in relation to the
    to the HEAD OF DATA PROCESSING.

    STAFF are obliged to inform them of any information they have experienced
    or the possibility of a personal data breach caused by them
    report immediately to the HEAD OF DATA PROCESSING.

    STAFF are obliged to do everything possible to ensure that the
    personal data generated or used by them in the course of their work;
    unauthorised persons or to prevent them from being disclosed to the organisation of data processing.
    inside or outside it.

    Further or individual data processing related to EMPLOYEES
    duties and obligations of the staff and officers
    statements, employee contracts and job descriptions,
    may include.

  • Records of data processing activities

     

  • The data listed below
    shall be kept by:

    1.) Name and contact details of the DATA CONTROLLER (or, if there is a data protection officer,
    then name, contact information)

    2.) Purpose of data processing

    3.) Scope (categories) of data subjects;

    4.) Scope (categories) of data

    5.) Scope (categories) of recipients

    6.) whether data is transferred to a third country

    7.) Deadline for the deletion of data

    8.) Technical and organisational measures

    The DATA CONTROLLER shall be at the disposal of the supervisory authority in the event of a request
    the register.

    Data breach

    The DATA CONTROLLER shall keep a record of any personal data breaches,
    which includes the data and data subjects involved in the incident, the
    the time and other circumstances of the incident, its potential effects and the
    measures taken to mitigate the negative impacts. These data
    DATA CONTROLLER shall make it available to the supervisory authority if necessary.

    The data breach shall be resolved by the DATA CONTROLLER without undue delay, and
    If possible, no later than 72 hours after the data breach
    shall notify the competent supervisory authority of the
    unless the data breach is unlikely to result
    rights and freedoms of natural persons. If the
    is not reported within 72 hours, it must be accompanied by the
    reasons for delay.

    To the owners of personal data
    (hereinafter: DATA SUBJECTS) rights and opportunities

     

  • DATA SUBJECTS with their rights and options listed below DATA CONTROLLER
    to your e-mail address (see page 1) or postal address (see page 1)
    sent by the European Union. In connection with these requests, the DATA CONTROLLER
    shall proceed as follows.

    DATA CONTROLLER without undue delay, but in any case, the request
    informs the Data Subject within one month of receipt of the
    following a request to exercise the rights listed below
    measures.

    Where necessary, taking into account the complexity of the application and the
    this deadline may be extended by a further two months. The deadline
    the data controller shall indicate the reasons for the delay in the
    within one month of receipt of the request
    CONCERNED. If the DATA SUBJECT submitted the request electronically, the
    information shall be provided electronically where possible, unless:
    if the DATA SUBJECT requests otherwise.

  • If the CONTROLLER fails to take action on the request of the Data SUBJECT, the delay shall be
    but no later than one month from the receipt of the request
    inform the DATA SUBJECT of the reasons for the failure to take action, and
    that the DATA SUBJECT may lodge a complaint with a supervisory
    authority and may exercise their right to judicial remedy.

    Information on how to exercise the rights listed below,
    information and measures shall be provided free of charge by the DATA CONTROLLER, except for
    if the request of the DATA SUBJECT is manifestly unfounded or, in particular,
    repetitive nature – exaggerated. In this case, the DATA CONTROLLER, taking into account the
    information or information requested or by the
    administrative costs of the implementation of the Tax Administration:

    1. charge a reasonable fee, or

    2. may refuse to take action on the basis of the request.

    Proof that the application is manifestly unfounded or excessive
    the responsibility of the data controller.

    Pursuant to Act CXII of 2011, the DATA CONTROLLER is obliged to refuse to
    information in the event of an international treaty, law, or
    a binding legal provision of the European Union

     

  • receives personal data in such a way that the transferor to the
    indicates the restriction prescribed by the given law during transmission.

    Pursuant to Act CXII of 2011, the DATA CONTROLLER is obliged to refuse to
    information even in the event of an external and internal
    the economic interest of the state or local governments, the
    economic interests, or professional disciplinary or ethical
    prevention and detection of misconduct or breaches of labour law
    or to protect the rights of the DATA SUBJECT or others.

    Requests for information rejected on the basis of the above shall be communicated to all Data Controllers
    by the end of the year, the National Data Protection and Freedom of Information Act
    Authority.

    1.) Right of access (right to information)

    The DATA SUBJECT shall have the right to receive feedback from the Data Controller on the
    whether your personal data is being processed and whether your
    processing is in progress, the right to have the personal data
    data and related information listed below
    access to the Finns Party.

    At the request of the Data Subject, the CONTROLLER shall provide the DATA SUBJECT with information on the
    in relation to the following questions related to the personal data processed by him/her:

    • Purposes of data processing

    • Categories of personal data COVERED

    • recipients or categories of recipients with whom or
      to whom the personal data has been or will be disclosed,
      including, in particular, recipients from third countries or
      international organisations

  • where applicable, the planned period for which the personal data will be stored;
    or, if this is not possible, the determination of that period
    Aspects

  • Data Subject’s right to request from the controller the
    rectification, erasure or processing of personal data relating to the
    and object to the processing of such personal data
    against

  • the right to lodge a complaint with a supervisory authority

    • if the data were not collected from a DATA SUBJECT, the data relating to their source
      All available information

    • Automated procedures related to data processing (e.g. profile
      its operating mechanisms, logic, and
      significance and possible effects on the DATA SUBJECT.

       

    • The circumstances of the data breaches, and
      the actions taken in response to these incidents.

  • If personal data is transferred to a third country or an international organisation
    is forwarded to the data subject, the DATA SUBJECT shall have the right to
    be informed about the transfer in accordance with the GDPR

    appropriate guarantees under Article 46 of the Decree.

    In the case of the Data Subject’s request, the data controller shall
    provides the copy of the personal data to the Data Subject. AFFECTED
    additional copies requested by the Controller, the Controller shall
    reasonable fee based on costs. IF YOU ARE CONCERNED
    submitted the application electronically, the information is provided by a wide range of
    in a commonly used electronic format,
    unless otherwise requested by the Data Subject. Right to request a copy
    not adversely affect the rights and freedoms of others.

    2.) Right to rectification

    The DATA SUBJECT shall have the right to request the data controller to provide unjustified
    correct without delay any inaccurate personal information relating to him/her.
    data. Taking into account the purpose of data processing, the Data Subject shall have the right to:
    to request the disclosure of incomplete personal data, including additional
    supplemented by a declaration.

    3.) Right to erasure (“right to be forgotten”)

    The DATA SUBJECT shall have the right to request the data controller to provide unjustified
    delete personal data relating to him or her without delay,
    the controller is obliged to disclose the personal data relating to the DATA SUBJECT
    without undue delay if the following reasons
    one of the following:

    1. personal data are no longer necessary for the purpose for which they
      collected or otherwise treated

    2. the Data Subject withdraws his/her consent constituting the basis of data processing,
      and there is no other legal basis for the processing

       

  • The Data Subject objects to the data processing and has no priority
    legitimate grounds for the processing

  • the personal data was unlawfully processed;

  • personal data are processed in accordance with the EU or
    legal obligation under national law, to
    At

  • If the controller has disclosed the personal data and it is
    is required to delete the data in accordance with the above, then the available technology and the
    taking into account the costs of implementation, it will take reasonable steps to
    measures, including technical measures, to ensure that
    to inform the controllers processing the data that
    DATA SUBJECT requested from them the data relating to the personal data in question
    links or copies or copies of this personal data
    deletion of the Eva.

    The deletion of the data cannot be carried out even if the above is met,
    In the event that:

    a.) The processing is necessary for the freedom of expression and the
    right to information.

    b.) The processing is necessary for the purposes of the processing of personal data,
    applicable to the controller under Union or Member State law.
    obligations or in the public interest or on the basis of a
    exercise of delegated public authority
    implementation of the Labour Code.

    c.) The public interest in the field of public health is necessary for data processing
    .

    d.) The data processing is necessary for archiving in the public interest, scientific
    and for historical research or statistical purposes, where the
    would be likely to make it impossible or seriously
    would jeopardise this data processing.

    e.) The processing is necessary for the presentation of legal claims,
    enforcement and protection.

  • 3.) Right to restriction of processing

    The DATA SUBJECT shall have the right to have the DATA CONTROLLER restrict, at his request, the
    processing if one of the following is true:

    1. DATA SUBJECT contests the accuracy of the personal data, in which case the
      restriction applies to the period of time that allows the
      to verify the accuracy of the personal data.

    2. The data processing is unlawful, but the Data Subject opposes the deletion of the data,
      and instead asks for a restriction on their use.

    3. The DATA CONTROLLER no longer needs the personal data data processing
      but the DATA SUBJECT requires them to bring legal claims,
      enforcement or protection.

    4. The Data Subject objected to the data processing. In this case, the restriction
      for the period until it is established that the
      the legitimate reasons of the controller take precedence over the legitimate reasons of the data subject
      against its reasons.

  • With the exception of storage, the personal data subject to the restriction will only be
    with the consent of the Data Subject, or for the submission of legal claims,
    or for the defence of the
    protection of the rights of the European Union or of a Member State.
    important public interest.

    In case of lifting the restriction, the DATA CONTROLLER shall inform the CONTROLLER in advance
    CONCERNED.

     

  • In the event of rectification, deletion or restriction, the DATA CONTROLLER shall
    the recipient with whom and with whom the personal data is
    unless this proves impossible or disproportionately large.
    effort. At the request of the Data Subject, the DATA CONTROLLER shall inform the
    recipients.

    4.) Right to data portability

    If the processing is carried out by automated means and on the basis of consent or
    contract, the DATA SUBJECT shall be entitled to obtain the
    the personal data provided by the CONTROLLER to the CONTROLLER,
    in a widely used machine-readable format, and
    have the right to have these data processed by another data controller
    without hindrance from the CONTROLLER. In this case, if this is the case,
    technically feasible – the DATA SUBJECT may request the CONTROLLER to provide further
    direct transmission to data controllers.

    The right to data portability does not apply in cases where
    processing is carried out on the basis of public interest or official authority vested in the
    in the exercise of its powers
    necessary.

    The right to data portability must not adversely affect the rights of others
    and freedoms.

    5.) Right to object

    If, according to the legal basis of the data processing, the DATA CONTROLLER or a third party
    necessary for the enforcement of his or her legitimate interests, the DATA SUBJECT shall have the right to
    to object at any time for reasons related to his own situation;
    against the processing of your personal data.

    In this case, the DATA CONTROLLER may no longer process the personal data,
    unless it demonstrates that the processing is carried out by compelling
    justified by legitimate reasons which override the interests of the DATA SUBJECT,
    rights and freedoms of the European Union, or which may seek legal
    put forward, exercise or defence of the Society.

    If the processing of personal data for direct marketing purposes
    the DATA SUBJECT shall have the right to object at any time to the
    processing of personal data for this purpose.

    According to the previous paragraph, AFFECTED in that
    object, for example, to the sale of your personal data,
    if you have previously consented to this.

     

  • If the Data Subject objects to the direct marketing of personal data
    processing of personal data for the purposes of the
    can no longer be processed for this purpose.

    Legal remedy

  • If the DATA SUBJECT experiences a missed deadline on the part of the DATA CONTROLLER, then
    30 days after receiving the decision received late,
    to go to court within the time limit.

    If the DATA SUBJECT experiences a violation of the law on the part of the DATA CONTROLLER, the
    to go to court. The lawfulness of data processing must be verified by the DATA CONTROLLER
    to prove it.

    In case of violation of your rights to informational self-determination, you are AFFECTED by a complaint
    You can make action against the supervisory authority:

    National Authority for Data Protection and Freedom of Information Address: 1125 Budapest,
    Szilágyi Erzsébet fasor 22/c Phone: +36 (1) 391-1400 Fax: +36 (1)
    391-1410

    www: http://www.naih.hu

    E-mail: [email protected]

    Hateful, exclusionary content, insulting or endangering minors
    content, violation of good repute and the rights of a deceased person.
    In the event of a violation, the authority shall:

    National Media and Infocommunications Authority 1015 Budapest, Ostrom u. 23-25.

    Postal address: 1525. Pf. 75

    Phone: (06 1) 457 7100

    Fax: (06 1) 356 5520

    E-mail: [email protected]

     

  • List of data processing carried out by the DATA CONTROLLER

    DATA CONTROLLER processes or processes data in the following cases, for the purposes listed below, or
    may process personal data.

    The DATA CONTROLLER shall provide the data processing not listed below in writing
    informs the DATA SUBJECTS, who are also able to give their consent in writing
    to give you a new one.

    Online form, e-mail address

    On the ONLINE INTERFACE OF THE DATA CONTROLLER, the request for quotation that can be filled in by visitors
    (or other) form(s) or at the public e-mail addresses of the DATA CONTROLLER
    personal data voluntarily submitted to the DATA CONTROLLER
    to the password-protected e-mail account of the DATA CONTROLLER and (in the case of a form) the DATA CONTROLLER
    ONLINE INTERFACE, also password-protected
    arrive.

    These include positions published by the DATA CONTROLLER (job advertisement),
    Applications for courses or any other events.

    Scope of processed personal data:

    • Name

    • Phone number

    • Email address

  • Other information (purpose of contact)

  • Photo

  • Curriculum vitae

  • Motivation letter

  • Any other personal data that is not provided by the DATA CONTROLLER
    in an obstructionable manner, the DATA SUBJECT forwards the DATA CONTROLLER to the CONTROLLER.

  • Legal basis of data processing: voluntary consent.

     

  • Categories of data subjects: any natural person who has
    provides personal data to the DATA CONTROLLER in certain ways.

    Purpose of data processing: Information or quotation for the DATA SUBJECT
    or in the case of initiating a customer relationship, the
    management and communication necessary for the creation of the company.

    Duration of data processing: question or task initiated by the Data Subject
    or other activity or the DATA CONTROLLER’s
    until the participation of the Society.

    In accordance with the purpose of data processing, the DATA CONTROLLER consents to the
    contact him or her using the contact details provided.

    The Infotv. 65 (3) a) of the Criminal Procedure Act does not lead to data protection
    records of the data processing carried out by the Authority with the
    participation in employment, membership, kindergarten education
    student or apprenticeship relationship, dormitory
    or – financial institutions, public utility service providers,
    with the exception of customers of electronic communications service providers,
    data of persons in contact with customers.

    In the case of a customer relationship, the processing of data does not have to be
    register if there is a dispute between the data controller and the DATA SUBJECT
    in a legal relationship

    • the data are collected directly from the DATA SUBJECTS,

    • the purpose of data processing is known to the Data Subject,

    • type of data to be processed, duration of data processing (data deletion)
      predetermined,

    • the data is only in the context of the pre-defined purpose
      use it,

    • the data are not removed from the processing of the data controller,

    • AFFECTED PARTIES shall be duly informed.

    Personal data used for the operation of the webshop

  • Webshop order placed through the ONLINE INTERFACE OF THE DATA CONTROLLER
    or registration by the DATA SUBJECT, the person used to place the order
    form or registration form to complete your order
    required personal data and/or register

     

  • to the webshop. These data are transferred to the password-protected e-mail account of the DATA CONTROLLER and
    DATA CONTROLLER’S ONLINE INTERFACE, also password-protected
    database.

    Scope of processed personal data:

    • Name

    • Billing address

    • Delivery address

       

    • Phone number

    • Email address

    • Order content

    • Other information about the order

    • IP address at the time of order

    • Date of registration/purchase

      Legal basis of data processing: voluntary consent and legal
      Obligation

      Scope of data subjects: any natural person who is a DATA CONTROLLER
      You place an order in the ONLINE WEBSHOP or
      register.

      Purpose of data processing: Fulfilment of an order and then statistical and
      customer relationship orientation.

      Duration of data processing: until deletion at the request of the Data Subject, invoices
      Section 169 (2) of Act C of 2000 on Accounting
      for 8 years.

      The data processor entitled to access the data is the data subject to the
      an entrusted accounting firm or a natural person whose identity is
      recorded in the data processing register and the DATA CONTROLLER request
      informs the Data Subject. The duration of the data processing is
      until the performance of the statutory tasks required for accounting
      lasts. Scope of data: name, billing address, name of the order,
      invoice amount.

      I understand that Simon Alma E.V. 6600 Szentes, dr. Várady Lipót Árpád u 37.
      https://poloforma.hu/ following personal data stored in your user database,
      my data will be transferred to OTP Mobil Kft. as a data processor. The
      The scope of data transmitted by the Data Controller is as follows: name, address, amount to be paid, purchase
      amount, shipping cost, content of purchase.

      The nature and purpose of the data processing activity carried out by the data processor
      SimplePay Privacy Policy can be viewed at the following link:
      http://simplepay.hu/vasarlo-aff

  • Data processor courier delivery entitled to access the data
    If you choose, until the delivery is completed:

    Courier service: Paketpiac Kft., Gödöllő, Németh László u. 1/b, 2100

    SCOPE OF DATA SUBJECTS: customers who choose courier delivery.

    Scope of data to be transferred: name, address, telephone number, e-mail address,
    amount to be paid (only if you choose cash on delivery).

    Conclusion of an agreement
    Data Management

     

  • If the provision of any of the services of the DATA CONTROLLER is subject to an agreement
    in respect of the personal data contained in this Agreement
    processing is carried out if the other party is a natural person or if it is a legal
    a person who is represented by a natural person
    (contact person) who is included in the agreement.

    Scope of processed personal data:

    • Name

       

    • Phone number

    • Email address

    • Service description

    • Remuneration

    • Bank Account Number

    • Rights, obligations and other conditions

      Legal basis of data processing: voluntary consent (contact person
      or processing for the performance of a contract
      to which the data subject is a party or a party to the
      Steps taken at the request of the data subject prior to concluding the
      necessary for the implementation of the

      Categories of data subjects: any natural person who:
      DATA CONTROLLER – in addition to providing your personal data –
      or a legal entity entering into an agreement with the DATA CONTROLLER
      acts.

      Purpose of data processing: conclusion of an agreement, performance of a service,
      customer relationship.

      Duration of data processing: rights arising from the agreement and
      obligations expire, in the case of invoices, the
      Pursuant to Section 169 (2) of Act C of 2000, for 8 years.

      In the case of invoices, the data processor entitled to access the data is the
      an accounting firm or a natural person commissioned by the DATA CONTROLLER,
      whose identity is recorded in the data processing register and about whom
      The DATA CONTROLLER shall inform the Data SUBJECT upon request. Data processing
      the duration of the statutory tasks required for accounting
      until the completion of the project. Scope of data: name, billing address, order
      name, invoice amount.

       

  • Data processing related to employee data

  • DATA CONTROLLER shall process the personal data of employees in employment contracts and
    documents related to them (e.g. job description) and in the
    reporting obligations prescribed by law (tax and customs administration,
    health fund) and payroll accounting.
    necessary programs and databases.

    Scope of processed personal data:

    • Name

    • Phone number

    • Email address

    • Bank Account Number

    • Tax identification number

    • Place and date of birth

    • Mother’s birth name

    • Nationality

    • Start and termination of your insurance relationship

    • Duration of insurance pause

    • Insurance Code

    • FEOR number

    • Working hours

    • Social security number

    • Education, professional qualification

    • Wages

    • All other data related to the exercise of the employment relationship:
      e.g.: salary grade, job description, etc.)

      Legal basis of data processing: voluntary consent and legal
      obligation. Scope of data subjects: Employees of the DATA CONTROLLER

       

  • Purpose of data processing: necessary for the employment of employees
    management and organisational tasks, as well as the involvement of workers and
    obligations to public authorities.

    Duration of data processing: rights and obligations arising from the employment relationship
    Until the expiry of the Statute of Limitations.

    Personal data used to send newsletters

    ONLINE INTERFACE OF THE DATA CONTROLLER and outside of it, by filling in a statement
    It is possible to subscribe to our newsletter, in the framework of which the
    We can send information to the e-mail address provided at the time of registration
    about our events, offers, promotions and other important
    information.

    Subscription is voluntary, and its absence has no restrictions or disadvantages
    It doesn’t work.

  • Your subscription
    and with this
    together with the
    By sending newsletter
    Related
    from the register to the
    Your personal data
    delete all
    Subscribed
    we will do it if
    This in writing
    calls on the
    above, Data
    can be found in part
    at our e-mail address
    or postal
    through our address,
    or
    sent in e-mails
    Unsubscriber
    link
    . This
    followed by several
    no newsletter
    We will send you.

    • Scope of data subjects: on the website for newsletter
      subscribers.

    • Purpose of data collection: sending newsletters, DM letters (information on the
      business-related opportunities, changes, novelties,
      discounts and other important information.)

    • Duration of data processing: until deletion at the request of the data subject (in accordance with the
      until unsubscribing from the newsletter.)

    • Data covered: Name, e-mail address, date of subscription,
      IP address at the time of subscription.

    Hosting provider

     

  • The technical conditions for the operation of the DATA CONTROLLER’S ONLINE INTERFACE are provided by:
    IT PROGRESS Kft. (hereinafter: HOSTING PROVIDER)

    Address: 3534 Miskolc, Gagarin utca 1. C. lház. FSZT. 3. Email Address:[email protected]

    Phone: +36 20 521 4224

    Personal data generated or received on the CONTROLLER’S ONLINE INTERFACE
    data CONTROLLER is at its disposal, with a password-protected
    through the administration interface, all the
    processing (e.g. deletion), so that the
    HOSTING PROVIDER as a data processor. DATA CONTROLLER
    hereby informs all natural persons who are DATA CONTROLLER
    PERSONAL DATA IS TRANSMITTED THROUGH ITS ONLINE INTERFACE data CONTROLLER
    that despite this, the HOSTING PROVIDER – interpretation of the law
    – it can still legally qualify as a data processor.

    Cookies

  • Cookies are codes that websites use to provide users with
    placed on your computer, most of the time with the aim of
    For subsequent visits from that computer, information will be
    previous visits.

    Cookies are linked to browsers, so if you use a computer
    for example, a web page is visited using the Chrome browser,
    then in the case of a subsequent visit from the same computer,
    only then will the website have information about the previous visit
    if the subsequent
    visit.

    You have the option of using cookies stored in your computer’s browsers
    and to disable the
    websites to place cookies in the given browser. These
    The location of the features may vary from browser to browser, but in general, the
    settings or security. All
    browser has a user manual (usually under the help heading).
    These contain detailed information on the
    settings.

     

  • When you visit our website, your browser will be able to use two types of cookies
    Direct cookies and indirect cookies may be placed.
    Ones that we place in your browser on the website
    (direct) and those that are used by our website
    external services used (indirect).

    Direct cookies used by our website:

    Session ID:

    When you open the website, a signal may be generated
    is to give the website information about when it will reach
    end of this visit. So that you know when browsing that this is still the same
    whether the visit is new or new. This is necessary so that if you
    you log in to your account or add something to your shopping cart,
    then this information will be retained until the end of your visit. So the
    do not lose your login when switching between different menu items,
    and the products you put in the cart should not be deleted.

    The session ID cannot be considered according to all legal interpretations
    cookie, as it is deleted when you close the browser, so it does not remain there
    user’s computer. However, there is an interpretation of the law according to which:
    It is considered a cookie, which is why it is listed here, in the cookies section.

    Coupon cookie:

    In case you get a discount coupon offer in the shopping cart, you can
    a cookie may be created for the purpose of providing the
    so that the website does not disturb you on future visits
    You with the same offer. The coupon system is not always available, or
    used in connection with all products. When not in use,
    then no such cookie will be created.

    Indirect cookies that may be generated when you use our website.

    Below is a list of third-party service providers that
    services of our website using plug-ins (scripts)
    He uses it. These services are used for statistical, marketing and
    customer relationship purposes and to this end they use their plug-in codes to
    cookies.

  •  

  • We have no say in their privacy policy, but if we find a violation of the law,
    We perceive them, we can decide not to use them anymore. The
    In the following, next to the name of each service provider, we indicate the data processing
    information of the Consumer Protection Agency. Please if you notice any violation
    experience with them, please let us know in the above, “Our Data”
    contact details in the section so that we can make the
    necessary steps.

    List of external providers:

    Google Inc http://www.google.hu/policies/technologies/ads/
    Facebook:
    https://www.facebook.com/policies

    Supervisory body

    If you find a violation of the law in our data processing, you may be subject to the National Data Protection and
    You can file a complaint with the Freedom of Information Authority:

    National Authority for Data Protection and Freedom of Information 1125 Budapest,
    Szilágyi Erzsébet fasor 22/C. Mailing address: 1530 Budapest, P.O. Box:
    5.

    Phone: +36 -1-391-1400

     

  • Fax: +36-1-391-1410

    E-mail:[email protected]