Data Management Notice - For the Data Processing of Representatives of Legal Entity Partners

1. Name of the Data Controller

2. Legal Basis for Data Processing

The data processing of representatives of legal entity partners is governed by the following laws and regulations:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or GDPR), dated April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC. The full text can be accessed here: 

https://eur-lex.europa.eu/legal-content/HU/TXT/PDF/?uri=CELEX:32016R0679&from=HU 

• Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Info Act), which outlines the national regulations for data privacy and freedom of information in Hungary. The full text is available here: https://net.jogtar.hu/jogszabaly?docid=A1100112.TV 

• Act CLV of 1997 on Consumer Protection, which provides guidelines on consumer rights and protections in Hungary. The full text is available here: https://net.jogtar.hu/jogszabaly?docid=99700155.TV

• 
  

3. Information Regarding the Processed Data

Based on its legitimate interest, the Data Controller processes the personal data of the designated contacts of its non-natural person partners, including customers, suppliers, subcontractors, and other businesses with which it has contractual relationships. The personal data processed typically includes the contact person's name, email address, and phone number.

Purpose of Data Processing: The purpose is to ensure the continuous maintenance of contractual relationships.

Duration of Data Processing: The data is processed for 5 years following the termination of the contract or until the termination of the data subject's relationship with the Data Controller's contractual partner.

4. to Data and Data Security Measures

1. Access to Data and Data Transfer

The personal data you provide may be accessed by the employees of the Data Controller to fulfill their duties. The Data Controller may transfer the personal data it processes to subcontractors listed in the appendix of this policy.

The Data Controller only transfers your personal data to other data controllers, such as state authorities not listed in the appendix, in exceptional cases. For instance:

• If legal proceedings concerning you are initiated, and it is necessary to provide documents containing your personal data to the court.

• If the police request the transfer of documents containing your personal data for an investigation.

2. IV.2. Data Security Measures

The Data Controller stores the personal data you provide on its own servers and, if applicable, in paper-based archives. The Data Controller does not use the services of other companies for the storage of personal data.

Appropriate measures are implemented by the Data Controller to protect personal data, including safeguarding against unauthorized access or modification. For instance, access to personal data stored on the server is logged, meaning it can always be checked who accessed which personal data and when.

5. Data Subject Rights Related to Data Processing 

1. Your Right of Access

You, as the data subject, have the right to access your personal data.

If you request feedback from the Data Controller on whether your personal data is being processed, the Data Controller is obliged to provide you with information on:

1. which of your personal data is being processed,

2. the legal basis for processing,

3. the purpose of the data processing,

4. the source of the data, and

5. the duration of the processing.

Your right to receive feedback on whether the Data Controller is processing your personal data:

1. applies to personal data concerning you,

2. does not apply to anonymous data,

3. does not apply to personal data that does not concern you, and

4. includes data that can be clearly linked to you under pseudonymization.

Upon your request, the Data Controller will provide access to and a copy of your personal data. If you request additional or repeated copies of your personal data, the Data Controller may charge a reasonable fee to cover the administrative costs associated with fulfilling your request, which you will be responsible for paying.

2. Your Right to Rectification

You have the right to have your personal data rectified.

This right:

1. does not apply to anonymous data,

2. applies to personal data concerning you,

3. does not apply to personal data that does not concern you, and

4. includes pseudonymized data that can be clearly linked to you.

The Data Controller will appropriately correct or supplement your personal data upon your request. The Data Controller will inform the recipients of your personal data (if any) about the rectification of your personal data. However, the Data Controller is not required to notify the recipients if doing so proves impossible or would require disproportionate effort.

3. Right to Erasure

Under certain conditions, you have the right to request the deletion of your personal data.

The Data Controller is obliged to delete your personal data without undue delay if: 

1. the Data Controller is processing the data, and

2. you request the deletion of your personal data, and

3. the personal data is no longer necessary for the purposes for which the Data Controller is processing it.

The Data Controller is obliged to delete your personal data without undue delay if: 

1. the Data Controller is processing the data, and

2. you request the deletion of your personal data, and

3. the personal data is no longer necessary for the purposes for which the Data Controller is processing it.

The Data Controller must delete your personal data without undue delay if: 

1. the Data Controller is processing your personal data, and

2. you request its deletion, and

3. you withdraw your consent on which the data processing is based, and

4. there is no other legal basis for further processing.

The Data Controller must delete your personal data without undue delay if:

1. the processing is necessary to protect the legitimate interests of the Data Controller or a third party, and

2. you object to the processing of your personal data, and

3. the legal grounds for processing do not override your objection.

The Data Controller must delete your personal data without undue delay if: 

1. you request the deletion of your personal data, and

2. the processing by the Data Controller is unlawful, or

3. deletion is mandatory under applicable law, or

4. your data was collected in relation to services offered by the information society.

The Data Controller will inform recipients of your personal data (if any) about its deletion. However, the Data Controller is not required to inform recipients if doing so proves impossible or would require disproportionate effort.

Az Adatkezelő az Ön személyes adatai kezelésének korlátozásáról tájékoztatja a személyes adatok címzettjeit (ha vannak ilyenek). Az Adatkezelő azonban nem tájékoztatja a címzetteket az ilyen korlátozásról, ha a címzettek tájékoztatása lehetetlen vagy aránytalanul nagy erőfeszítést igényelne.

Ha az Adatkezelő korlátozza az Ön személyes adatainak kezelését, akkor

(a)    tárolhatja az ilyen személyes adatokat,

(b)    az Ön hozzájárulása alapján kezelheti az ilyen személyes adatokat,

(c)    kezelheti a személyes adatokat jogi igényének előterjesztéséhez, érvényesítéséhez vagy védelméhez vagy valamely személy jogainak megvédéséhez.

4. Your Right to Restrict Data Processing

You have the right to request the restriction of the processing of your personal data.

Your right to request the restriction of the processing of your personal data:

1. does not apply to anonymous data;

2. applies to personal data concerning you;

3. does not apply to personal data that does not concern you; and

4. includes clearly pseudonymized data that can be linked to you.

The Data Controller will restrict the processing of your personal data during the period necessary to verify its accuracy if you request such a restriction and contest the accuracy of the data.

The Data Controller will restrict the processing of your personal data if you request it and the processing is unlawful, but you oppose the deletion of the data.

The Data Controller will restrict the processing of your personal data if: 

The Data Controller will restrict the processing of your personal data if:

1. you object to the processing of personal data that is necessary for the Data Controller’s legitimate interests, and

2. you are awaiting confirmation on whether the legal grounds for processing your personal data override your objection.

The Data Controller will inform the recipients of your personal data (if any) about the restriction of processing. However, the Data Controller is not required to notify the recipients if doing so is impossible or would involve disproportionate effort.

If the Data Controller restricts the processing of your personal data, they may:

1. store the personal data,

2. process it based on your consent,

3. process it for the establishment, exercise, or defense of legal claims, or to protect the rights of another person.

5. Your Right to Data Portability

You have the right to receive your personal data, which you have provided to a data controller, in a structured, commonly used, and machine-readable format. Additionally, you have the right to transmit these data to another data controller without hindrance from the data controller to whom you provided the data, where technically feasible, if the processing is based on consent or is necessary for the performance of a contract and the processing is carried out by automated means.

Your right to data portability:

1. does not apply to anonymous data;

2. applies to personal data concerning you;

3. does not apply to personal data that does not concern you; and

4. does not apply to clearly pseudonymized data.

6. Deadline for Processing Your Request as a Data Subject

The Data Controller will respond to your requests regarding the rights granted to you as outlined above without undue delay and, in any case, no later than one month from the receipt of the request.

7. Right to Lodge a Complaint

If you believe your rights have been violated, the Data Controller suggests initiating a discussion with them through direct contact. If such discussion does not yield satisfactory results, or if you do not wish to participate in such activities, you may turn to the court or the National Authority for Data Protection and Freedom of Information (NAIH). When initiating court proceedings, you may choose to file the case at the court with jurisdiction based on your residence or permanent address.

The contact details for NAIH are as follows:

Address: 1055 Budapest, Falk Miksa utca 9-11.

Phone: +36 1 391 1400

Fax: +36 1 391 1410

Email: ugyfelszolgalat@naih.hu

Website: www.naih.hu

8. Amendments to This Notice

The Data Controller reserves the right to modify this notice at any time. The Data Controller will inform customers about such modifications in writing or via email, and in all cases, in accordance with applicable laws.