Data protection and data management information
General Data Management Information of PHL International Limited Liability Company (Cg.: 01-09-337134; registered office: 2119 Pécel Kökény utca 13. fszt. 1.)
PHL International Limited Liability Company (hereinafter: PHL International Kft.) acquired or recorded personal data in the course of its activities in accordance with the European Parliament and Council on the protection of natural persons with regard to the management of personal data and the free flow of such data, as well as the 2016/679 on the repeal of Directive 95/46/EC. Decree No. and CXII of 2011 on the right to informational self-determination and freedom of information. according to the provisions of the law, it is handled as follows.
Purpose and scope of the information:
The aim and purpose of this information sheet is to record the data protection and management principles applied by PHL International Kft., as well as its data protection and management policy, which PHL International Kft., as a data controller, recognizes as binding on itself.
PHL International Kft., as a data controller, informs those concerned about general information related to the management of personal data by publishing this information.
Data controller:
PHL International Kft.
1141 Budapest Szugló utca 125/GA/207.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Scope of processed data: Name of data management: Data processed when visiting the website of PHL International Kft Data provided when contacting PHL International Kft. (callback, messaging). Legal basis for data management: Name of data management Data processed when visiting the website of PHL International Kft Data provided when contacting PHL International Kft. (callback, messaging). The purpose of data management: Name of data management: Data processed when visiting the website of PHL International Kft
Data provided when contacting PHL International Kft. (callback, messaging).
Time of data management:
Name of data management:
Data processed when visiting the website of PHL International Kft
Data provided when contacting PHL International Kft. (callback, messaging).
Whose data we manage, range of stakeholders:
Name of data management:
Data processed when visiting the website of PHL International Kft
Data provided when contacting PHL International Kft. (callback, messaging).
|
Scope of processed data: Data provided when using the website Data provided when using the website Legal basis for data management Your consent Your consent Purpose of data management Operation of the website, use of contents subject to registration Incorporating contact with you Time of data management: With regard to the technical data collected when visiting the website, the time determined in relation to the purpose, in the case of registration data until withdrawal, but no more than 2 years A maximum of 1 year from the date of entering the data required for contact Data management stakeholders: Natural persons visiting and registering on the website of PHL International Kft The range of visitors applying for contact |
|
Data transmission: PHL International Kft. forwards the data to legally defined recipients during official procedures and as a result of its other duties. All interested parties can request information about data transfers as described in the "rights related to data management" section. Data security measures: PHL International Kft. stores the personal data registered in electronic form on its own servers, and occasionally uses a data processor. In the case of any outsourcing of data management, it is ensured that the service provider used provides the appropriate guarantees for data management. PHL International Kft. takes appropriate measures to protect personal data from, among other things, unauthorized access or alteration.
|
|
|
PRIVACY POLICY
INFORMATIVE ON THE MANAGEMENT OF THE DATA OF NATURAL PERSONS BY THE COMPANY AND THE RIGHTS OF THE PERSONS CONCERNED CONTENTS
|
PRIVACY POLICY
INFORMATION ABOUT THE NATURAL PERSONAL DATA MANAGEMENT BY THE COMPANY AND THE RIGHTS OF THE PERSON CONCERNED CONTENTS |
|
INTRODUCTION CHAPTER I - NAME OF THE DATA PROCESSOR II. CHAPTER - NAME OF DATA PROCESSORS III. CHAPTER - INFORMATION ABOUT CERTAIN DATA PROCESSES ARC. CHAPTER - INFORMATION ON DATA SECURITY MEASURES CHAPTER V - INFORMATION ON DATA PROCESSING PERFORMED ON THE WEBSITE VI. CHAPTER - INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED |
INTRODUCTION CHAPTER I. - THE NAME OF THE CONTROLLER CHAPTER II. – THE NAMES OF THE PROCESSORS CHAPTER III. - INFORMATION ABOUT DATA MANAGEMENT CHAPTER IV. - INFORMATION ABOUT DATA SECURITY MEASURES CHAPTER V. - INFORMATION ON DATA MANAGEMENT ON THE WEBSITE VI. CHAPTER III - INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED |
|
|
|
|
INTRODUCTION 1. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC (hereinafter: Regulation) stipulates that the Data Controller takes appropriate measures in order to provide the data subject with all information related to the processing of personal data in a concise, transparent, understandable and easily accessible form, clearly and comprehensibly formulated, and that the Data Controller facilitates the exercise of the rights of the data subject . |
INTRODUCTION
1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 /EC (General Data Protection Regulation) (hereinafter referred to as GDPR) order that the controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means. |
|
|
|
|
2. The prior information obligation of the data subject on the right to self-determination of information and freedom of information is regulated by Art. CXII of 2011. is also required by law.
|
2. The obligation to inform the data subject in advance of the information on the right to information self-determination and the freedom of information in CXII. law also provides. |
|
|
|
|
3. We fulfill this legal obligation by providing the information below.
|
3. By the following information provided below, we comply with this statutory obligation. |
|
|
|
|
4. The information must be published on the company's website or posted on the notice board at the Data Controller's headquarters.
|
4. Information shall be disclosed on the company's website or suspended at the head office of the Controller on the notice board. |
|
|
|
|
CHAPTER I NAME OF DATA PROCESSOR |
CHAPTER I THE NAME OF THE CONTROLLER |
|
|
|
|
5. The name of the Data Controller is contained in Part I of the Data Protection Policy. |
5. The name of the Data Controller is contained in Part I of the Privacy Policy. |
|
|
|
|
II. CHAPTER NAME OF DATA PROCESSORS |
CHAPTER II. THE NAMES OF THE PROCESSORS |
|
|
|
|
6. Data processor: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller; (Regulation, Article 4, 8) Using a data processor does not require the prior consent of the data subject, but it is necessary to inform them. 7. The name of the data processors is contained in Part I of the Data Protection Regulations.
|
6. 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; (GDPR, Article 4. (8)) The use of the data processor does not require the prior consent of the data subject, but it is necessary to inform him / her. 7. The description of data processors is contained in Part I of the Privacy Policy.
|
|
|
|
|
III. CHAPTER INFORMATION ABOUT CERTAIN DATA MANAGEMENT
|
CHAPTER III. INFORMATION ABOUT DATA MANAGE MENT |
|
|
|
|
8. The following information presents the main data management activities of the Data Controller, according to data management purposes. 9. The Data Controller carries out the following main data operations in connection with the employment relationship with it.
9.1. Labor and personnel records 9.2. Data management related to employee suitability tests 9.3. Management of the data of employees applying for recruitment, applications, resumes. 9.4. Data management related to the control of devices provided by the employer 9.5. The Data Controller has regulated data management related to workplace camera surveillance - which must be applied if such activity is actually carried out.
|
8. The following information describes the controller's main data management activities for data management purposes. 9. The controller performs the following main data management in connection with the employment relationship. 9.1. Labor and personal records 9.2. Processing of employee aptitude tests 9.3. Handling data on employees who are applying for a position; admission, applications, curricula vitae. 9.4. Data management for controlling assets provided by the employer 9.5. The Controller has controlled data management for workplace camera surveillance, which is to be used when performing such activities.
|
|
10. The Data Controller carries out the following main data operations in connection with the existing civil law contracts with it and its contractual partners. 10.1. Customer data: managing the data of contractual partners and contacts - register of customers and suppliers 10.2. Data management related to certain special services 10.3. Management of the data of members, owners, shareholders and board members 11. The Data Controller carries out the following main data operations under the legal title of fulfillment of legal obligations. 11.1. Data management for the purpose of fulfilling tax and accounting obligations 11.2. Data management related to the management of travel records and waybills: 11.3. Payer data management 11.4. According to the Archives Act, data management for documents of lasting value 12. The Data Controller has regulated the data management based on the consent of the data subject, such data management can be carried out, for example, by the Data Controller if it carries out direct marketing activities or the organization of gift sorting. 13. We provide information on data management on the Data Controller's website in Chapter V of this Information.
|
10. The Controller performs the following main data management in connection with civil law contracts and contractual partners.
10.1. Customer Data: Managing Data of Contract Partners, Contact Points - Registering Buyers and Suppliers 10.2 . Data handling for specific services 10.3. Manage the data of members, owners, shareholders, corporate members
11. The Controller performs the following main data management tasks as a legal obligation. 11.1. Data management for tax and accounting obligations 11.2. Data logging and data management related to the keeping of a ticket: 11.3. Payroll Data Management 11.4. Data management for documents of lasting value under the Archives Act
12. The Data Controller has regulated data management based on the consent of the data subject, such data management can be done, for example, by the Data Manager if it performs direct marketing activities and organizing a gift classification. 13. Data Management on the Data Management website is provided in Chapter V of this Prospectus. |
|
ARC. CHAPTER DATA SECURITY MEASURES
|
CHAPTER IV. INFORMATION ABOUT DATA SECURITY MEASURES |
|
14. The Data Controller has taken the technical and organizational measures and established the procedural rules necessary to enforce the Regulation and Infotv. in order to ensure the security of personal data for all purposes and rights-based data management. 15. The Data Manager protects the data with appropriate measures against accidental or illegal destruction, loss, alteration, damage, unauthorized disclosure or unauthorized access to them.
|
14. With regard to the security of personal data, the Data Controller has taken all technical and organizational measures and established the procedural rules necessary for the enforcement of the Decree and the Infotv. 15. The controller protects the data by appropriate measures against accidental or unlawful destruction, loss, alteration, damage, unauthorized disclosure or unauthorized access. |
|
|
|
|
CHAPTER V INFORMATION ABOUT DATA PROCESSING PERFORMED ON THE WEBSITE
|
CHAPTER V INFORMATION ABOUT DATA MANAGEMENT ON THE WEBSITE
|
|
|
|
|
16. VISITOR DATA MANAGEMENT - INFORMATION ON THE USE OF COOKIES
|
16. DATA MANAGEMENT OF THE VISITORS - INFORMATION ABOUT APPLICATION OF COOKIES |
|
16.1. Website visitors must be informed about the use of cookies on the website, and their consent must be requested. 16.2. During the visit, the scope of data affected by the cookies, depending on the type of cookies, may include, among other things, the IP address used by the visitor, the type of browser, the characteristics of the operating system of the device used for browsing (e.g., set language), the time of the visit, the (sub)page visited, function or service, action, click. 16.3. The purpose of data management is to ensure the functional operation of the website, its use, to ensure access to website services, to increase the efficiency of the service, to increase the user experience, to make the use of the website more convenient, to analyze the website, to place and display advertisements. 16.4. The legal basis for data management is the voluntary consent of the person concerned - the visitor - which can be given or rejected by checking the checkbox in the cookie bar on the website. The choice is made by ticking the checkbox and saving the choice. By saving, we store your choice and provide the user with the use of the website accordingly. It should be taken into account that certain functions of the site may not work correctly if the use of cookies is rejected. CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. According to § (3), the provider of the website may process the personal data that is technically absolutely necessary for the provision of the service for the purpose of providing the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other goals defined by law , but also in this case only to the necessary extent and for the duration. 16.5. Recipients: employees of the data controller, data processing employees of the IT service provider, and in the case of third-party cookies, the third party as well. In the case of cookies that provide advertising display, data may be transferred to a third country. 16.6. Duration of data storage: according to the cookie settings of the browser.
|
16.1. Visitors of the website should be informed about the application of cookies on the page and the controller of the platform should obtain their consent. 16.2. During the visit, the cookie related data range may vary depending on the type of cookies, including the IP address used by the visitor, the browser type, features of the operating system of the device being browsed (eg, set language), visit date , function or service, action, click. 16.3. The purpose of processing is to ensure the functioning of the website, to access the web services, to increase the efficiency of the service, to increase user experience, to make the website more convenient, to analyze the website, to place advertisements. 16.4. The legal basis for processing is the volunteer contribution of the visitor, who can enter or reject the check box placed in the cookie bar located on the web page. The selection is made by ticking the check box and saving the selection. By saving, your choice will be stored and the user will be provided with the web site. It should be noted that if some cookies are rejected, some features on the page may not work correctly. In accordance with the CVIII Act of 2001 on certain aspects of electronic commerce services and information society services, 13 / A. Section (3) states that your website provider may treat the personal information that is technically necessary to provide the service in order to provide the service. If the other conditions are identical, the service provider must choose and always operate the tools used to provide the information society service in such a way that personal data is processed only if it is absolutely necessary for the provision of the service and for the fulfillment of other purposes set by law, but in this case also to the extent and time required. 16.5. Addressees: Controller's Employees, Controller's Employees of the IT Service Provider, Third Party Cookies, Third Party. In the case of cookies providing advertising, data may be transmitted to a third country. 16.6. Storage time: According to the browser cookie settings. |
|
16.7. Learn more about cookies A cookie is data that the visited website sends to the browser running on the visitor's device (computer, tablet, mobile phone, etc.) so that it stores it and later the same website can load its content. Cookies can be valid, they can be valid until the browser is closed, or for an unlimited time. The cookie does not identify the user, but the device or browser used by the user, but it can be used to identify the person through this. The danger lies in the fact that the user is not always aware of this and it may be possible for the user to be followed by the operator of the website or another (third) service provider whose content is integrated into the site (e.g. Facebook, Google Analytics), thereby a profile is created about it, and in this case the content of the cookie can be considered personal data. The types of cookies are usually distinguished according to the functions they fulfill or the purposes of application, there is no uniform terminology for this, and there may be overlap between the individual groups.
|
16.7. Further information about the cookies A cookie is a data that a visited web site sends to a browser running on the visitor's device (computer, tablet, mobile, etc.) to store it and later to upload the same web page. Cookies can be valid until the browser closes, but for an unlimited period of time. The cookie does not identify the user, but the device, browser they use, but it is suitable for identifying the person. The risk lies in the fact that this user is not always aware of and may be able to follow the user from the web site operator or other (third) service provider whose content is built into the site (eg Facebook, Google Analytics), thereby a profile is created, and in that case the contents of the cookie can be considered as personal information. The types of cookies are customary for the functions or for the purposes used, no uniform terminology, and overlapping between the individual groups. |
|
ad 1. Technically essential cookies. They are also called session cookies or functional cookies. Their essence is that without them the site would simply not work functionally, they provide the minimum conditions necessary for the proper functioning of the website. These are necessary to identify the user, e.g. to manage whether you entered, what you added to the cart, etc. This is typically the storage of a session ID, the rest of the data is stored on the server, which is therefore more secure. Other terminologies call all cookies that are deleted when you exit the browser a session cookie (a session is a browser usage from start to close). The duration of the data management of these cookies applies only to the visitor's current visit, this type of cookie is automatically deleted from the computer when the session ends or when the browser is closed.
|
ad 1. Technically indispensable cookies. They are referred to as session cookies or functional cookies. Their essence is that without them, the site simply would not work functionally, providing the minimum conditions required for the proper functioning of the website. These are needed to identify the user, eg to manage whether you have accessed what you did in the basket, etc. This typically stores a session id; other data is stored on the server, making it safer. Other terminology is called a session cookie called "cookies" that are deleted when you exit the browser (a session is a browser usage from start to finish). The duration of this cookie's data management is limited to the visitor's current visit, this type of cookies will automatically be deleted from your computer when the session is completed or when the browser is closed. |
|
ad 2. Usage-facilitating cookies: these are also called in different ways: analysis, analysis, page development or statistics cookies. These cookies remember the user's choices, for example in what form the user wants to see the page. These types of cookies essentially mean the setting data stored in the cookie.
|
ad 2. Cookies helping the use: These are also called in several ways: analyzing, twisting page development or statistics cookies. These cookies note the user's choices, for example, in what form you want the user to see the page. These types of cookies are essentially the setting data stored in the cookie. |
|
ad 3. Advertising display and social media related cookies. These are also called performance cookies, experience cookies, and marketing cookies. They don't have much to do with "performance", that's usually the name given to cookies that collect information about the user's behavior, time spent, and clicks on the visited website. They are also connected to social media. These are typically third-party applications (e.g. Google Analytics, AdWords, Facebook Like Box or Yandex.ru cookies). These are suitable for profiling the visitor. In the case of such cookies, data may also be transferred to a third country - acceptance of the use of cookies also means the user's consent to the transfer of data to a third country.
|
ad 3. Banners for advertising and social media. These are known as performance cookies, experience cookies, and marketing cookies. They do not have much to do with "performance," usually referred to as cookies that collect information about the user's behavior, time spent, and clicks on the site they visit. They are also connected to social media. These are typically third-party apps (such as Google Analytics, AdWords, Facebook Like Box, or Yandex.ru cookies). They are suitable for profiling from the visitor. For such cookies, data may also be transmitted to a third country - acceptance of the use of cookies also means a contribution from the user to the transfer to a third country. |
|
In the case of such cookies, data may also be transferred to a third country - acceptance of the use of cookies also means the user's consent to the transfer of data to a third country. • You can find out more about Google Analytics cookies here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage • You can find information about Google AdWords cookies here: https://support.google.com/adwords/answer/2407785?hl=en • You can find information about Facebook cookies here. https://www.facebook.com/policies/cookies/ Accepting and authorizing the use of cookies is not mandatory. You can reset your browser settings to reject all cookies or to notify you when a cookie is currently being sent. Although most browsers automatically accept cookies by default, they can usually be changed to prevent automatic acceptance and offer a choice each time.
|
For such cookies, data may also be transmitted to a third country - acceptance of the use of cookies also means a contribution from the user to the transfer to a third country. • Learn more about Google Analytics cookies here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage • Learn more about Google AdWords cookies here: https://support.google.com/adwords/answer/2407785?hl=en • Find out more about Facebook cookies here. https://www.facebook.com/policies/cookies/ Accepting or enabling cookies is also optional. You can reset your browser settings to reject all cookies or to indicate when a cookie is just being sent. Most browsers accept cookies automatically as default, but they can usually be changed to prevent automatic acceptance and offer options every time. |
|
You can find information about the cookie settings of the most popular browsers at the links below However, we would like to point out that certain website functions or services may not function properly without cookies. Individual websites use cookies with different intensity, it is also possible that a website does not use them because it is not necessary for its operation, or only uses them to a minimal extent.
|
See the links below for more information about the most popular browser cookie settings
Google Chrome: https://support.google.com/accounts/answer/61416?hl=en However, we also note that certain site features or services may not function properly without cookies. Some websites use cookies with varying intensity, or may not be used by a web site because it is not necessary to operate or use only minimal. |
|
17. DATA MANAGEMENT RELATED TO THE CONTACT, CUSTOMER SERVICE, TECHNICAL ASSISTANCE REQUEST MENU POINTS OF THE WEBSITE
|
17. MANAGEMENT OF THE WEBSITE CONTACT, CUSTOMER SERVICE, TECHNICAL ASSISTANCE QUESTIONS |
|
17.1. These rules must be applied if the website has Contact, Customer Service or functions with the same content.
|
17.1. These rules apply if the website has a Contact, Customer Service or similar content. |
|
17.2. Stakeholders: website visitor who Contact etc. send a message or e-mail using the menu item.
|
17.2. Target group: visitor on the site who has contact etc. send a message or send an e-mail message. |
|
17.3. Managed data: Name, e-mail address, phone number, and other unsolicited data provided by the user in the message.
|
17.3. Managed data circle: Name, e-mail address, phone number, and other unsolicited data provided by the user in the message. |
|
17.4. Purpose of data management: Ensuring the visitor's contact with the data manager, providing customer service, handling complaints, providing information about the operation of the website, analyzing the website, placing, displaying and sending advertising offers.
|
17.4. The purpose of the data management is to: Provide the visitor with contact data manager, fulfill customer service, complaint handling, information on website operation, website analysis, placement, display and submission of promotional offers. |
|
17.5. The legal basis for data management: the data subject's consent, which is given by reading the data management information sheet, voluntarily providing the data subject's data and checking the check box placed in front of the data management statement, and by sending the message or, in case of sending an e-mail, by sending the e-mail. Pre-checking the check box is prohibited. Before sending the message, the data management information must be made available with a link.
|
17.5. The legal basis of the processing is the consent of the data subject, who is informed by entering the data management information, by ticking the checkbox next to the volunteer and data management declaration of the data concerned, by sending the message and by sending an e - mail message. Do not tick the check box in advance. Before submitting the message, the Privacy Statement must be available with a link. |
|
17.6. Recipients: who can view this data: customer service staff of the data controller, IT data processing employees.
|
17.6. Recipients: who can access this data: the data processing customer service staff, the IT processor's employees. |
|
17.7. Information about data processors: the Company's IT service provider (Data Protection Policy Part I.) 17.8. Duration of data storage: The data provided will be deleted within 30 days after the contact.
|
17.7. Information about data processors: the IT Service Provider of the Company (Data Protection Policy Part I.) 17.8. Storage duration: The data entered will be deleted within 30 days of the contact. |
|
|
|
|
18. DATA MANAGEMENT RELATED TO REGISTRATION ON THE WEBSITE
|
18. DATA MANAGEMENT RELATED TO REGISTERING TO THE WEBSITE |
|
18.1. These rules must be applied if the website has a registration function or a function with the same content.
|
18.1. These rules should be applied if the website has a registration or a function with the same content. |
|
18.2. Stakeholders: the user who registers for the website's services provides his personal data. It is the user's responsibility to ensure that only he uses the service from the provided e-mail address and using the data provided by him. Persons under the age of 16 can only register on the website with the consent of the person exercising parental supervision. In the absence of a statement of consent, the Data Controller does not collect personal data concerning persons under the age of 16.
|
18.2. Scope: the user who registers the services of the site will provide his/her personal data. It is the responsibility of the user to use the service provided by the specified e-mail address and the information provided by him. Persons who have been posted on the website 16 years may only register with the consent of the person exercising parental supervision. In the absence of a contributing statement, Data Manager will not collect any personal data relating to the person who has not completed the age of 16 years. |
|
18.3. Managed data: name, e-mail address, phone number, billing name, address, mailing name address, online ID, password. 18.4. The purpose of data management: ■ Fulfillment of the services provided on the website ■ using the Data Controller's services. ■ Contact via electronic, telephone, SMS and postal inquiry. ■ Information about the Company's products, services, contract terms and promotions. ■ Advertising mail can be sent electronically or by post during the information process. ■ Analysis of the use of the website.
|
18.3. Scope of managed data : name, email address, phone number, billing name, address, mailing name, online identifier, password. 18.4. The purpose of processing is: ■ Completion of services provided on the website ■ using the Data Manager services. ■ Contact by email, telephone, SMS, and postal inquiry. ■ Information about the Company's products, services, contract terms and promotions. ■ Advertising bulletins can be sent electronically and via postal information. ■ Analysis of the use of the site. |
|
18.5. The legal basis for data management: the data subject's consent, which is given by reading the data management information sheet, voluntarily providing the data subject's data and checking the check box placed in front of the data management statement, and by sending the message or, in case of sending an e-mail, by sending the e-mail. Pre-checking the checkbox is prohibited. Before sending the message, the data management information must be made available with a link.
|
18.5. The legal basis of the data handling is the consent of the data subject, who is informed by entering the data management information, by ticking the checkbox next to the volunteer and data management declaration of the data concerned, by sending the message and by sending an e-mail message. Do not tick the check box in advance. Before submitting the message, the Privacy Statement must be available with a link. |
|
18.6. Recipients: who can view this data: customer service employees of the data controller, IT data processing employees?
|
18.6. Recipients: who can access this data: Data Management Customer Service Staff, IT Data Processing Employees? |
|
18.7. Information on the use of data processors: the Data Controller's IT service provider (Part I of the Data Protection Regulations)
|
18.7. Information on the use of data processors: Data provider's IT provider (Privacy Policy Part I) |
|
18.8. Duration of data storage: until the active existence of the registration / service, or until the consent of the data subject is withdrawn (deletion request).
|
18.8. Data storage period: until the registration / service is active or until the consent of the person concerned is withdrawn (until the request for cancellation is made). |
|
|
|
|
19. DATA MANAGEMENT RELATED TO NEWSLETTER SERVICE
|
19. PRECESSING RELATED TO NEWSLETTER SERVICE |
|
19.1. These rules must be applied if the website has a function for subscribing to and sending newsletters or with the same content.
|
19.1. These rules apply if your website has a newsletter subscription, and sends or has the same content feature. |
|
19.2. Scope of stakeholders: the user who registers (subscribes) to the Data Controller's newsletter service. It is the user's responsibility to ensure that only he uses the service from the e-mail address provided and using the data provided by him. Persons under the age of 16 may not register for the newsletter without the consent of the person exercising parental supervision.
|
19.2. Scope: The user who registers (subscribes) to the Data Manager newsletter service. It is the responsibility of the user to use the service provided by the specified e-mail address and the information provided by him. Persons not over 16 years old cannot register with the consent of the person exercising parental control. |
|
19.3. Managed data: name (surname, first name), e-mail address. 19.4. The purpose of data management: 1. Sending a newsletter about the Company's products and services 2. Sending advertising material
|
19.3. Treated domain: name (surname, first name), e-mail address. 19.4. The purpose of data management is: 1. Send a newsletter about the Company's products and services 2. Sending the Bulletin |
|
19.5. Legal basis for data management: The data subject's consent, which is given by reading the data management information sheet, by voluntarily providing the data subject's data and ticking the check box placed in front of the data management statement, and by sending the message or, in the case of sending an e-mail, by sending the e-mail. Pre-checking the check box is prohibited. Before sending the message, the data management information must be made available with a link. The user can give his consent to subscribe to the newsletter in the written contract concluded with the data manager or in a separate written consent statement. The person concerned can unsubscribe from the newsletter at any time by using the "Unsubscribe" application of the newsletter, or by making a statement in writing or by e-mail, which means withdrawal of consent. In such a case, all data of the unsubscriber must be deleted immediately.
|
19.5. The purpose of the processing: The consent of the data subject, which is obtained by knowing the data management information, by ticking the checkbox placed voluntarily before and after the data management statement of the data concerned, and by sending the message, sending an e -mail by sending an e-mail. Do not tick the check box in advance. Before submitting the message, the Privacy Statement must be available with a link. To subscribe to the newsletter, your consent may be provided by the user in a written contract with the data controller or in a separate written consent statement. You may unsubscribe from this newsletter by using the "Unsubscribe" newsletter or by writing or e-mail at any time, which means that your consent is revoked. In this case, all unsubscribers must be deleted immediately. |
|
19.6. Recipients: who can access this data: employees of the Company performing tasks related to customer service and marketing activities, employees of the Company's IT service provider as data processors for the purpose of providing hosting services, 19.7. Information on the use of data processors: the Data Controller's IT service provider (Part I of the Data Protection Regulations)
|
19.6. Recipients : who can access this data: employees of the Company as customer service and marketing activities are employees of the IT service provider of the Company for the purpose of hosting the hosting service,
19.7. Information on the use of data processors: Data provider IT provider (Privacy Policy Part I) |
|
19.8. Duration of data storage: until the existence of the newsletter service, until the existence of subscription to the newsletter, until unsubscribing, until the consent of the data subject is withdrawn (deletion request).
|
19.8. Storage duration: until the news service; until the subscription to the newsletter; until the subscription, until the consent of the party concerned is withdrawn (until the request for cancellation). |
|
20. DATA MANAGEMENT RELATED TO THE WEB STORE
|
20. PROCESSING RELATED TO THE WEBSHOP |
|
20.1. These rules must be applied if the website has an online store or a function with the same content. 20.2. Scope of stakeholders: the user who buys a product or service in the Data Controller's online store.
|
20.1. These rules apply if your website has a web store or a function with the same content. 20.2 . Scope of the data subject: the user who buys a product or service in the Data Handler's webshop. |
|
20.3. The purpose of data management is: creating a contract, defining its content, amending it, fulfilling it, monitoring its fulfillment, invoicing the fees resulting from it, and asserting related claims 20.3. Managed data: natural personal identification data required to identify a customer registering in the online store, residential address, telephone number, e-mail address, bank account number, online identifier, tax number.
|
20.3. The purpose of data management is to create a contract, define, modify, fulfill its content, monitor its performance, bill billing and claim related claims 20.3. Treated scope of data: the personal identification data, address, telephone number, e-mail address, bank account number, online identifier, tax number required to identify the customer in the webshop. |
|
20.4. The legal basis for data management: In the case of a purchase in an online store, the legal basis for data management is the fulfillment of the contract. A purchase in the online store is considered a contract, subject to the CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. 13/A. of the Act, and 45/2014 on the detailed rules of contracts between the consumer and the business. (II. 26.) also by government decree. The legal title for processing the data provided for invoicing during the purchase is the fulfillment of a legal obligation based on the provisions of the VAT and Accounting Acts, in this case the duration of data processing is 8 years.
|
20.4. Legal basis for data handling: When purchasing in a webshop, the title of the data processing is the performance of the contract. Purchase in the webshop is considered to be a contract, subject to the provisions of Section CVIII of 2001 on Electronic Commerce Services and Certain Issues of Information Society Services. Act 13 / A of the Act and the 45/2014 on the detailed rules for contracts between the consumer and the business. (II.26.) Government Decree. The right to handle the data provided for billing purposes is the fulfillment of a legal obligation under the provisions of the VAT and Accounting Laws, and the duration of this processing is 8 years. |
|
20.5. Recipients: who can access this data: employees of the Data Controller performing tasks related to customer service, finance, transport, and marketing activities, as data processors, employees of the Company's company performing tax and bookkeeping duties, for the purpose of fulfilling tax and accounting obligations, employees of the Company's IT service provider for the performance of hosting services for this purpose, employees of the courier service in relation to delivery data (name, address, telephone number), Bank in relation to financial performance.
|
20.5. recipient: who can access this data: employees of the company providing taxation and accounting tasks as employees and data processors performing tasks related to customer service, finance, transportation and marketing activities of the Company, employees of the Company's IT service provider to fulfill the tax and accounting obligations for the courier service for the transport data (name, address, telephone number), the Bank for financial execution. |
|
20.6. Information on the use of data processors: ■ The Data Controller's IT service provider ■ Accounting, taxation, payroll data processor ■ Hungarian Post ■ Courier service- ■ Account managing bank The contact details of the data processors can be found in Part I of the Data Protection Policy. 20.7. Duration of data storage: until the end of 5 years following the year of purchase, 8 years for the data recorded on the accounting documents related to the purchase. The data of a failed purchase must be deleted immediately.
|
20.6. Information on the use of data processors: ■ The Data Provider's IT Service Provider ■ Accounting, Tax, Payroll Data Processor ■ Hungarian Post ■ courier service ■ Accounting Bank The contact details of the data processors are contained in Part I of the Privacy Policy. 20.7. Data storage: 8 years from the date of purchase up to the end of 5 years of the accounting records related to the purchase. Failed shopping information must be deleted immediately. |
|
21 . RIGHTS OF THE DATA PARTIES Those concerned can use the rights described in the next chapter.
|
21. RIGHTS OF THE INTERESTED PARTIES
Those concerned can exercise the rights described in the following chapter. |
|
|
|
|
VI. CHAPTER INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED
|
VI. CHAPTER INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED |
|
|
|
|
22. The rights of the data subject in brief: 1. Transparent information, communication and facilitating the exercise of the rights of the person concerned 2. Right to preliminary information - if personal data is collected from the data subject 3. Informing the data subject and the information to be made available to him, if the personal data was not obtained from him by the data controller 4. The data subject's right of access 5. Right to rectification 6. The right to erasure (“the right to be forgotten”) 7. The right to restrict data processing 8. Notification obligation related to the correction or deletion of personal data or the limitation of data management 9. The right to data portability 10. Right to protest 11. Automated decision-making in individual cases, including profiling 12. Limitations 13. Informing the data subject about the data protection incident 14. The right to complain to the supervisory authority (right to an official remedy) 15. Right to an effective judicial remedy against the supervisory authority 16. The right to an effective judicial remedy against the controller or data processor
|
22. Rights of the persons concerned briefly summarized: 1. To promote transparent communication, communication and the exercise of the relevant case law 2. Right to prior information - where personal data are collected from the data subject 3. Information to the person concerned and information to be made available if personal data are not obtained from the data controller 4. Right of access to the subject 5. Right to rectification 6. The right to cancel ("the right to be forgiven") 7. Right to Restrict Data Management 8. The obligation to notify you of correcting or deleting personal data or limiting your data handling 9. Right to data storage 10. Right to Protest 11. Automated decision-making in individual cases, including profiling 12. Restrictions 13. Informing the person concerned about the privacy incident 14. Right to complain to a supervisory authority (right to an administrative remedy) 15. Right to an effective remedy against a supervisory authority 16. Right to an effective remedy against data controller or data processor |
|
|
|
|
23. The rights of the data subject in detail and in full: Below, we provide complete information on data subject rights.
|
23. Rights of the data concerned in detail and in full:
Below we provide full information on the rights of the person (data subject) concerned. |
|
|
|
|
1. Transparent information, communication and facilitating the exercise of the rights of the person concerned
|
1. To promote transparent communication, communication and the exercise of the relevant case law |
|
|
|
|
1.1. The data controller must provide the data subject with all information and every piece of information regarding the processing of personal data in a concise, transparent, understandable and easily accessible form, clearly and comprehensibly worded, especially in the case of any information addressed to children. The information must be provided in writing or in another way, including, where applicable, the electronic way. Verbal information can also be provided at the request of the data subject, provided that the identity of the data subject has been verified in another way.
|
1.1. The data controller shall provide the data subject with all information and information on the management of personal data in a concise, transparent, comprehensible and easily accessible form, in a clear and unambiguous manner, in particular for any information addressed to children. The information shall be provided in writing or otherwise, including, where appropriate, the electronic path. Oral information may be provided at the request of the person concerned, provided that the identity of the person concerned has been verified otherwise. |
|
1.2. The data controller must facilitate the exercise of the data subject's rights. 1.3. The data controller informs the data subject without undue delay, but in any case within one month of the receipt of the request, of the measures taken as a result of his request to exercise his rights. This deadline can be extended by another two months under the conditions set out in the Regulation. about which the data subject must be informed.
|
1.2. The data controller must facilitate the exercise of the rights of the data subject. 1.3. The data controller shall inform the data subject of undue delay, but in any event within one month of the receipt of the request, of the measures taken on his or her application for the exercise of his rights. This time limit may be extended by two additional months under the terms of the Regulation. to which the person concerned should be informed. |
|
1.4. If the data controller does not take measures following the data subject's request, it shall inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as that the data subject may file a complaint with a supervisory authority and exercise his right to judicial redress. 1.5. The data manager provides the information and information and measures about the rights of the data subject free of charge, however, in the cases described in the Regulation, a fee may be charged. The detailed rules can be found under Article 12 of the Regulation.
|
1.4. If the data controller fails to take measures in response to his request, he shall inform the data subject without delay and within one month of the receipt of the request for reasons of non-action and whether he or she may file a complaint with a supervisory authority and exercise his right of judicial redress.
1.5. The data controller provides information and action about the information and rights of the user free of charge, but fees may be charged in the cases described in the Regulation. The detailed rules are set out in Article 12 of the Regulation. |
|
|
|
|
2. Right to preliminary information - if personal data is collected from the data subject
|
2. Right of prior information - if personal data is collected from the data subject |
|
|
|
|
2.1. The data subject has the right to receive information about the facts and information related to data management before the start of data management. In this context, the data subject must be informed: a) the identity and contact details of the data controller and his representative, b) the contact details of the data protection officer (if any), c) the purpose of the planned processing of personal data and the legal basis of data processing, d) in the case of data management based on the assertion of a legitimate interest, about the legitimate interests of the data controller or a third party, e) about the recipients of the personal data - with whom the personal data is communicated - and the categories of recipients, if any; e) where applicable, the fact that the data controller wishes to transfer the personal data to a third country or international organization.
|
2.1. The person concerned has the right to be informed about the facts and information related to data management prior to commencing the processing of data. In this context, the person concerned should be informed: (a) the identity and contact details of the data controller and his representative, b) contact details of the Data Protection Officer (if any), (c) the purpose of the planned treatment of personal data and the legal basis for data processing, d) in the case of data handling based on the validation of a legitimate interest, on the legitimate interests of the data controller or third party, (e) the addressees of personal data with whom personal data are communicated, and the categories of recipients, if any; (e) where applicable, the fact that the data controller wishes to transmit personal data to a third country or an international organization. |
|
|
|
|
2.2. In order to ensure fair and transparent data management, the data controller must inform the data subject of the following additional information: a) on the period of storage of personal data, or if this is not possible, on the criteria for determining this period; b) the data subject's right to request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and to object to the processing of such personal data, as well as the data subject's right to data portability; c) in the case of data processing based on the consent of the data subject, the right to withdraw the consent at any time, which does not affect the legality of the data processing carried out on the basis of the consent before the withdrawal; d) on the right to submit a complaint to the supervisory authority; e) whether the provision of personal data is based on legislation or a contractual obligation or is a prerequisite for the conclusion of a contract, as well as whether the data subject is obliged to provide the personal data, and what possible consequences the failure to provide data may have; f) the fact of automated decision-making, including profiling, as well as, at least in these cases, the logic used and understandable information regarding the significance of such data management and the expected consequences for the data subject.
|
2.2. In order to ensure fair and transparent data management, the data controller must inform the data subject of the following additional information: (a) the duration of the storage of personal data or, where this is not possible, the criteria for determining that period; (b) the right of the data subject to request the data controller to access, correct, delete or restrict the personal data relating to the data subject, and object to the handling of such personal data and the right to the data concerned to be covered ; (c) in the case of data handling based on the consent of the party concerned, the right to withdraw the consent at any time without prejudice to the lawfulness of the data processing carried out on the basis of the consent prior to the withdrawal; (d) the right to lodge a complaint addressed to the supervisory authority; e) whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for the conclusion of a contract and whether the data subject is obliged to provide personal data and the possible consequences of the lack of data provision; (f) the existence of automated decision-making, including profiling, and at least in such cases the logic employed and information about the significance of such data management and the likely consequences for the data subject. |
|
|
|
|
2.3. If the data controller wishes to carry out further data processing on personal data for a purpose other than the purpose of their collection, it must inform the data subject of this different purpose and all relevant additional information before further data processing.
|
2.3. If the data controller wishes to perform further data processing for personal purposes other than the purpose of their collection, he / she must inform the person concerned of this different purpose and any relevant additional information prior to further processing. |
|
The detailed rules of the right to prior information are contained in Article 13 of the Regulation. |
The detailed rules for the right of prior information are contained in Article 13 of the Regulation. |
|
|
|
|
3. Informing the data subject and the information to be made available to him, if the personal data was not obtained from him by the data controller
|
3. Information to the person concerned and information to be made available if personal data are not obtained from the data controller |
|
3.1. If the data controller did not obtain the personal data from the data subject, the data controller shall notify the data controller within one month at the latest from the date of acquisition of the personal data; if the personal data is used for the purpose of contacting the data subject, at least during the first contact with the data subject; or if it is expected that the data will be communicated to another recipient, at the latest when the personal data is communicated for the first time, you must inform about the facts and information written in point 2 above, as well as the categories of the personal data concerned, as well as the source of the personal data and, where applicable, that the data whether they come from publicly available sources.
|
3.1. If the data controller has not obtained the personal data from the data subject, the data controller shall be kept by the data controller within no more than one month after the personal data has been obtained; where personal data are used for contact with the data subject, at least when contacting the person concerned; or if it is expected to communicate with other addressees, it must notify the facts and information referred to in paragraph 2 above, the categories of personal data concerned, the source of personal data and, where applicable, the fact that the data publicly available sources . |
|
3.2. The additional rules are governed by the previous point 2 (Right to prior information). The detailed rules of this information are contained in Article 14 of the Regulation.
|
3.2. Further rules are set out in Section 2 (Right to Advance Advice). Detailed rules for this information are contained in Article 14 of the Regulation. |
|
4. The data subject's right of access
|
4. Right of access of the data subject |
|
4.1. The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to receive access to the personal data and related information. (Regulation Article 15).
|
4.1. The person concerned has the right to receive feedback from the data controller about whether his personal data is being processed and, if such data is being processed, he has the right to access personal data and related information. (Article 15 of the Regulation). |
|
|
|
|
4.2. If personal data is transferred to a third country or to an international organization, the data subject is entitled to receive information about the appropriate guarantees in accordance with Article 46 of the Regulation regarding the transfer.
|
4.2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the corresponding guarantees provided for in Article 46 of the Regulation. |
|
4.3. The data controller must provide the data subject with a copy of the personal data that is the subject of data management. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.
|
4.3. The data controller shall provide the data subject with a copy of the personal data subject to data handling. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. |
|
Detailed rules regarding the data subject's right of access are contained in Article 15 of the Regulation.
|
Detailed rules for the right of access to the subject are set out in Article 15 of the Regulation. |
|
5. Right to rectification 5.1. The data subject is entitled to have the Data Controller correct inaccurate personal data concerning him without undue delay upon request. 5.2. Taking into account the purpose of the data management, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement. These rules are contained in Article 16 of the Regulation.
|
5. Right to rectification
5.1. The data subject shall have the right to rectify any inaccurate personal data that he or she is entitled upon request by the Data Controller without undue delay.
5.2. Taking into account the purpose of data management, the person concerned has the right to request the addition of incomplete personal data, including by means of a supplementary statement.
These rules are set out in Article 16 of the Regulation. |
|
6. The right to erasure (“the right to be forgotten”) 6.1. The data subject has the right to have the data controller delete the personal data concerning him/her without undue delay upon request, and the data controller is obliged to delete the personal data concerning the data subject without undue delay if a) the personal data are no longer needed for the purpose for which they were collected or otherwise processed; b) the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management; c) the data subject objects to the processing of his data and there is no overriding legal reason for the data processing, d) personal data were handled unlawfully; e) personal data must be deleted in order to fulfill the legal obligation prescribed by EU or Member State law applicable to the data controller; f) the collection of personal data took place in connection with the offering of information society-related services offered directly to children.
|
6. The right to cancel ("the right to be forgotten")
6.1. The data subject shall have the right to delete the personal data relating to him without undue delay, and the data controller shall be required to delete the personal data of the data subject without undue delay if (a) personal data is no longer required for the purpose from which they have been collected or otherwise handled; (b) the party concerned withdraws the consent of the data controller and does not have any other legal basis for data processing; c) the person concerned objects to his or her data handling and has no prior legitimate reason for data handling, (d) the personal data has been unlawfully handled; (e) the personal data are to be deleted in order to comply with the legal obligation imposed on the data controller in the Union or Member States' law; (f) the provision of information society-related services offered directly to children for the collection of personal data. |
|
6.2. The right to deletion cannot be asserted if data management is necessary a) for the purpose of exercising the right to freedom of expression and information; b) for the purpose of fulfilling an obligation under EU or member state law applicable to the data controller, or for the purpose of performing a task performed in the public interest or in the context of the exercise of a public authority conferred on the data controller; c) on the basis of public interest in the field of public health; d) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, if the right to erasure would likely make this data management impossible or seriously jeopardize it; obsession e) to present, enforce and defend legal claims.
|
6.2. The right to cancel cannot be enforced if data management is required (a) to exercise the right to freedom of expression and information; (b) the performance of a task under the law of the Union or of a Member State applicable to the data controller, or to carry out a task carried out in the exercise of public authority exercised in the public interest or on the data controller; (c) public interest in the field of public health; (d) for purposes of public interest archiving, for scientific and historical research purposes or for statistical purposes, provided that the right to cancel would be likely to render impossible or seriously undermine this data management; guard e) filing, enforcing or protecting legal claims. |
|
|
|
|
Detailed rules regarding the right to deletion are contained in Article 17 of the Regulation.
|
Detailed rules on the right to cancel are set out in Article 17 of the Regulation. |
|
7. The right to restrict data processing
|
7. Right to Restrict Data Processing |
|
7.1. In the case of data management restrictions, such personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.
|
7.1. In the case of limitation of data processing, such personal data may only be managed with the consent of the person concerned, with the exception of storage, with the submission, validation or protection of legal claims or in the protection of the rights of a natural or legal person, or in the public interest of the Union or of a Member State. |
|
7.2. The data subject has the right to request that the Data Controller restricts data processing if one of the following is met: a) the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the Data Controller to check the accuracy of the personal data; b) the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use; c) the Data Controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims; obsession d) the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.
|
7.2. The data subject shall have the right to request that the Data Controller restricts the processing of data if one of the following conditions is met: (a) the person concerned disputes the accuracy of the personal data; in this case, the restriction concerns the period of time that the Data Controller may check the accuracy of the personal data; (b) data manipulation is unlawful and the data subject is opposed to the deletion of the data and, instead, requests that they be restricted; c) the Data Controller no longer needs personal data for data processing, but the data subject requires them to submit, enforce, or protect legal claims; guard (d) the person concerned objected to the data handling; in this case, the restriction applies to the duration of determining whether the data controller's legitimate reasons prevail over the legitimate grounds of the party concerned. |
|
7.3. The data subject must be informed in advance of the lifting of the limitation of data management. The relevant rules are contained in Article 18 of the Regulation.
|
7.3. The person concerned must be informed in advance of the discontinuation of the data handling. The relevant rules are set out in Article 18 of the Regulation. |
|
8. Notification obligation related to the correction or deletion of personal data or the limitation of data management
The data manager informs all recipients of all corrections, deletions or data management restrictions to whom or to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the data controller informs about these recipients.
|
8. The obligation to notify you of correcting or deleting personal data or limiting your data handling
The data controller informs all addressees of any rectification, deletion or data limitation with whom or with which personal information has been communicated, unless this proves impossible or requires disproportionate effort. At the request of the data subject, the data controller shall inform the addressees thereof. |
|
These rules can be found under Article 19 of the Regulation.
|
These rules are contained in Article 19 of the Regulation. |
|
9. The right to data portability
|
9. Right to data portability |
|
9.1. Under the conditions set out in the Regulation, the data subject is entitled to receive the personal data relating to him/her provided to a data controller in a segmented, widely used, machine-readable format, and is also entitled to forward this data to another data controller without being hindered by the the data controller to whom you made the personal data available, if a) data management is based on consent or a contract; and b) data management is performed in an automated manner.
|
9.1. Subject to the conditions set out in this Decree, the data subject shall have the right to receive the personal information provided to him by a data controller in a fragmented, widely used machine-readable format and shall be entitled to transmit this data to another data controller without obstructing the data controller who has provided the personal data if (a) the legal basis of the data-processing is either a contribution or a contract; and (b) data management is carried out in an automated manner. |
|
9.2. The data subject can also request the direct transmission of personal data between data controllers.
|
9.2. The person concerned may also request the direct transfer of personal data between data controllers. |
|
9.3 . The exercise of the right to data portability may not violate Article 17 of the Regulation (The right to erasure ("the right to be forgotten"). The right to data portability does not apply in the event that the data processing is in the public interest or is a task carried out in the context of the exercise of public authority delegated to the data controller This right must not adversely affect the rights and freedoms of others.
|
9.3. The exercise of the right to data portability shall not be in breach of Article 17 of the Regulation (Right of Cancellation). The right to portability is not applicable in the event that the task of data processing is in the public interest or exercised in the exercise of its public authority powers conferred on the data controller This right should not adversely affect the rights and freedoms of a third party . |
|
The detailed rules are contained in Article 20 of the Regulation.
|
Detailed rules are set out in Article 20 of the Regulation. |
|
10. Right to protest
10.1. The data subject has the right to object at any time to the processing of his personal data based on the public interest, performance of a public task (Article 6 (1) e)) or legitimate interest (Article 6 f)) for reasons related to his own situation, including profiling based on the aforementioned provisions too. In this case, the data controller may no longer process the personal data, unless the data controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are necessary for the presentation, enforcement or defense of legal claims. are connected. In the framework of the interest assessment test, the data controller reveals the content of the legitimate interest and examines how the enforcement of the legitimate interest affects the interests or fundamental rights and freedoms of the data subject. It must then be considered whether the latter take precedence over the legitimate interest of the data controller, especially if the person concerned is a child. If, during the consideration, the interests of the data subject require the protection of personal data - data processing cannot be continued.
|
10. Right to object 10.1. The subject of the processing has the right to object at any time to the processing of personal data in the public interest, the performance of a public task (Article 6 (1) (e)) or legitimate interest (Article 6 (f)) , including profiling based on those provisions too. In this case, the data controller may not process the personal data unless the data controller proves that the data processing is justified by compelling reasons of lawfulness that prevail over the interests, rights and freedoms of the data subject, or for the purpose of submitting, enforcing or protecting legal claims related. In the interest weighing test, the data controller reveals the content of the legitimate interest and examines how the enforcement of legitimate interests affects the interests or fundamental rights and freedoms of the person concerned. They will then have to consider whether they have priority over the legitimate interests of the data controller, especially if a child is concerned. If, during the weighing, the interests of the person concerned require the protection of personal data - data processing cannot be carried out. |
|
10.2. If personal data is processed for direct business acquisition, the data subject has the right to object at any time to the processing of personal data concerning him for this purpose, including profiling, if it is related to direct business acquisition. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, then the personal data may no longer be processed for this purpose.
|
10.2. If your personal data is handled for direct business, the person is entitled to object at any time to the handling of personal data relating to that purpose, including profiling, if it is related to direct business acquisition. If a data subject objects against the handling of personal data for direct business purposes, personal data may no longer be handled for that purpose . |
|
10.3. These rights must be specifically brought to the attention of the data subject during the first contact at the latest, and the relevant information must be displayed clearly and separately from all other information.
|
10.3. These rights must be explicitly mentioned in the notice of first contact with the person concerned at the latest, and the relevant information must be clearly and completely separate from any other information. |
|
10.4. The data subject can also exercise the right to protest using automated means based on technical specifications. 10.5. If personal data is processed for scientific and historical research purposes or for statistical purposes, the data subject has the right to object to the processing of personal data concerning him for reasons related to his own situation, unless the data processing is necessary for the performance of a task carried out for reasons of public interest.
|
10.4. The right to protest can also be exercised by automated means based on technical specifications. 10.5. If the personal data are handled for scientific and historical research purposes or for statistical purposes, the data subject is entitled to object to the processing of personal data relating to his / her own personal situation, unless it is necessary for the performance of a task for public interest purposes. |
|
The relevant rules are contained in Article 21 of the Regulation. 11. Automated decision-making in individual cases, including profiling
|
The relevant rules are contained in Article 21 of the Regulation. 11. Automated decision-making in individual cases, including profiling |
|
11.1. The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on him or affect him to a similar extent.
|
11.1. The data subject shall be entitled to exclude the scope of a decision based solely on automated data management, including profiling, which would have a bearing on him or would have a significant effect on him. |
|
11.2. This right does not apply if the decision: a) necessary for the conclusion or fulfillment of the contract between the data subject and the data controller; b) it is made possible by EU or Member State law applicable to the data controller, which also establishes appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; obsession c) is based on the express consent of the data subject.
|
11.2. This right shall not apply if the decision is: (a) it is necessary for the conclusion and performance of the contract between the data subject and the data controller; (b) be made available to the data controller by means of Union or Member State law which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; guard (c) is based on the explicit consent of the person concerned. |
|
11.3. In the cases mentioned in points a) and c) above, the data controller is obliged to take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention on the part of the data controller, to express his position and to oppose the decision file an objection. Additional rules are contained in Article 22 of the Regulation.
|
11.3. In the cases referred to in points (a) and (c), the data controller shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention, submit an objection. Further rules are set out in Article 22 of the Regulation. |
|
12. Limitations The EU or Member State law applicable to the data controller or data processor may limit the scope of rights and obligations (Regulation Articles 12-22, Article 34, Article 5) through legislative measures if the restriction respects the essential content of fundamental rights and freedoms. The terms of this restriction are contained in Article 23 of the Regulation.
|
12. Restrictions The law of the Europian Union or of the Member States applicable to a data controller or data processor may restrict the scope of rights and obligations (Articles 12 to 22, Article 34 and Article 5) by means of legislative measures if the restriction respects the essential content of fundamental rights and freedoms. The conditions for this restriction are laid down in Article 23 of the Regulation. |
|
13. Informing the data subject about the data protection incident 13.1. If the data protection incident likely involves a high risk for the rights and freedoms of natural persons, the data controller must inform the data subject about the data protection incident without undue delay. In this information, the nature of the data protection incident must be described in a clear and understandable manner, and at least the following must be disclosed: a) the name and contact details of the data protection officer or other contact person providing additional information; c) the likely consequences of the data protection incident must be described; d) the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.
|
13. Informing the person concerned about the privacy incident
13.1. If the privacy incident is likely to pose a high risk to the rights and freedoms of natural persons, the data controller must inform the data subject of the data protection incident without undue delay. This information must clearly and easily explain the nature of the privacy incident and provide at least the following information: (a) the name and contact details of the Data Protection Officer or other contact person providing further information; (c) the likely consequences of a data protection incident; (d) measures to be taken or planned by the data controller to remedy a data protection incident, including, where appropriate, measures to mitigate any adverse consequences resulting from a data protection incident. |
|
13.2. The data subject does not need to be informed if any of the following conditions are met: a) the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures - such as the use of encryption - that would be incomprehensible to persons not authorized to access personal data they make the data; b) after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future; c) providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects. Additional rules are contained in Article 34 of the Regulation.
|
13.2. The data subject need not be informed if any of the following conditions are met: (a) the data controller has implemented adequate technical and organizational protection measures and applies those measures to the data covered by the data protection incident, in particular the measures, such as the use of encryption, which are unintelligible to unauthorized persons making the data; (b) after the data protection incident, the data controller has taken further measures to ensure that high risk for the rights and freedoms of the person concerned is no longer likely to be realized; (c) the information would require a disproportionate effort. In such cases, the data subject shall be informed by means of publicly disclosed information or a similar measure shall be taken to ensure that such information is equally effective. Further rules are set out in Article 34 of the Regulation. |
|
14. The right to complain to the supervisory authority (right to an official remedy) The data subject has the right to file a complaint with a supervisory authority - in particular in the Member State of his or her usual place of residence, workplace or the place of the suspected infringement - if, in the opinion of the data subject, the processing of personal data concerning him/her violates the Regulation. The supervisory authority to which the complaint was submitted is obliged to inform the customer about the procedural developments related to the complaint and its outcome, including whether the customer is entitled to legal remedies.
|
14. Right to complain to a supervisory authority (right to an administrative remedy) The person concerned has the right to lodge a complaint with a supervisory authority, in particular in the Member State where he or she is habitually resident, in the workplace or in the suspected breach, if the person concerned considers that the processing of personal data relating to him violates the Regulation. The supervisory authority to which the complaint has been filed shall inform the client about the procedural developments and the outcome of the complaint, including the fact that the client is entitled to seek judicial redress. |
|
These rules are contained in Article 77 of the Regulation.
15. Right to an effective judicial remedy against the supervisory authority
15.1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons are entitled to an effective judicial remedy against the legally binding decision of the supervisory authority.
|
These rules are contained in Article 77 of the Regulation.
15. Right to an effective remedy against a supervisory authority
15.1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons shall be entitled to effective judicial remedies against the legally binding decision of the supervisory authority. |
|
15.2. Without prejudice to other administrative or non-judicial legal remedies, all data subjects are entitled to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the data subject within three months of the procedural developments related to the submitted complaint or its result. 15.3. Proceedings against the supervisory authority must be initiated before the court of the Member State where the supervisory authority is based.
|
15.2. Without prejudice to other administrative or non-judicial remedies, all parties concerned shall be entitled to an effective remedy if the competent supervisory authority does not deal with the complaint or within three months shall not inform the person concerned of the procedural developments or results of the complaint submitted.
15.3. The procedure against the supervisory authority shall be initiated before the courts of the Member State in which the supervisory authority is situated. |
|
15.4. If proceedings are initiated against a decision of the supervisory authority in relation to which the Board previously issued an opinion or made a decision within the framework of the uniformity mechanism, the supervisory authority is obliged to send this opinion or decision to the court.
These rules are contained in Article 78 of the Regulation.
|
15.4. If a supervisory authority commits a decision against which a body has previously issued an opinion or made a decision under the unity mechanism, the supervisory authority shall send that opinion or decision to the court. These rules are set out in Article 78 of the Regulation. |
|
16. The right to an effective judicial remedy against the controller or data processor
|
16. Right to an effective remedy against data controller or data processor |
|
16.1. Without prejudice to the available administrative or non-judicial legal remedies, including the right to file a complaint with the supervisory authority, each person concerned is entitled to an effective judicial remedy if, in his opinion, his rights according to this regulation have been violated as a result of the processing of his personal data not in accordance with this regulation.
|
16.1. Without prejudice to any available administrative or non-judicial remedies, including the right to complain to the supervisory authority, all concerned shall be entitled to an effective judicial remedy if it considers that their rights under this Regulation have been infringed as a result of the non -compliance of their personal data with this Regulation. |
|
16.2. Proceedings against the data controller or data processor must be initiated before the court of the Member State where the data controller or data processor operates. Such a procedure can also be initiated before the court of the Member State of the habitual residence of the person concerned, unless the data controller or the data processor is a public authority of a Member State acting in the capacity of public authority.
|
16.2. The data controller or processor shall be initiated before the court of the Member State in which the data controller or the processor is established. Such proceedings may be instituted before the courts of the Member State in which the person concerned is habitually resident, unless the data controller or the data processor is a public authority of a Member State acting within the scope of his public authority. |
|
These rules are contained in Article 79 of the Regulation. Date: Budapest, March 13, 2019.
|
These rules are set out in Article 79 of the Regulation. |
|
|
|
|
|
PHL International Kft. Data controller
|
|
|
|
|
|
|