Privacy Notice and Policyr
1. Data Controller
Company Name: Irbex kft.
Company address: 1053 Budapest, Veres Pálné u.14.
In all cases personal data are handled in compliance with all applicable Hungarian and European legislation, and ethical requirements; and all necessary technical and organizational measures are taken to ensure proper secure data management.
2. DEFINITIONS
Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Consent: Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the data processing or the deletion of the processed data.
Data controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
Data management: any operation or set of operations on data, regardless of the procedure used, in particular their collection, recording,, systematisation, storage, alteration, use, interrogation, transmission, disclosure, coordination or linking, blocking, erasure and destruction, and to prevent further use of the data, to take photographs, sound or images and to record physical characteristics capable of identifying the person.
Data transfer: making the data available to a specific third party.
Disclosure: making data available to anyone.
Data erasure: making data unrecognizable in such a way that it is no longer possible to recover it
Data marking: the identification of the data in order to distinguish it.
Data blocking: the identification of data to limit their further processing permanently or for a specified period of time
Data destruction: the complete physical destruction of the data carrier containing the data
Data processing: the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data.
Data processor: a natural or legal person or an organization without legal personality who carries out the processing of data on the basis of a contract, including a contract concluded on the basis of a provision of law.
Data set: the totality of the data managed in one register.
Third party: a natural or legal person or an entity without legal personality who is not the same as the data subject, the controller or the processor.
3. Data Management Principles
Personal data may be processed if the data subject consents to it or if it is ordered by law or – on the basis of the authorization of law, within the scope specified therein – by a decree of a local government.
Only personal data which is necessary for the realization of the purpose of the data processing, suitable for the achievement of the purpose, may be processed only to the extent and for the time necessary for the realization of the purpose.
Personal data may be transferred and the various data processing operations may be combined if the data subject has consented to it or is permitted by law and if the conditions for data processing are met for each personal data.
Personal data may be transferred from the country of data subject to a controller or processor in a third country, regardless of the method of data transmission, if the data subject has expressly consented to it or is permitted by law, and the handling or processing of the transferred data in the third country an adequate level of protection of personal data is ensured.
In the case of mandatory data processing, the purpose and conditions of data processing, the scope of the data to be processed, the duration of data processing and the identity of the data controller are determined by the law or local government decree ordering data processing.
The law may, in the public interest, order the disclosure of personal data by explicitly indicating the scope of the data. In all other cases, disclosure requires the consent of the data subject and, in the case of special data, written consent. In case of doubt, it shall be presumed that the data subject has not given his consent.
The consent of the data subject shall be deemed to have been given in respect of the data communicated by him or her in the course of his or her public participation or for the purpose of disclosure.
In proceedings initiated at the request of the data subject, his or her consent to the processing of his or her necessary data shall be presumed. This fact must be brought to the attention of the data subject.
The data subject may also give his / her consent within the framework of a written contract concluded with the Data Controller in order to fulfill the provisions of the contract. In this case, the contract must contain all the information that the data subject must know from the point of view of the processing of personal data, in particular the definition of the data to be processed, the duration of data processing, the purpose of use, data transmission and data processing. The contract must state unequivocally that, by signing, the data subject consents to the processing of his or her data as specified in the contract.
The right to the protection of personal data and the personal rights of the data subject, unless otherwise provided by law, may not be infringed by other interests in the processing of data, including the disclosure of data of public interest.
Personal data may be processed if the data subject consents to it or if it is ordered by law or – on the basis of the authorization of law, within the scope specified therein – by a decree of a local government.
Only personal data which is necessary for the realization of the purpose of the data processing, suitable for the achievement of the purpose, may be processed only to the extent and for the time necessary for the realization of the purpose.
Personal data may be transferred and the various data processing operations may be combined if the data subject has consented to it or is permitted by law and if the conditions for data processing are met for each personal data.
Personal data may be transferred from the country of data subject to a controller or processor in a third country, regardless of the method of data transmission, if the data subject has expressly consented to it or is permitted by law, and the handling or processing of the transferred data in the third country an adequate level of protection of personal data is ensured.
In the case of mandatory data processing, the purpose and conditions of data processing, the scope of the data to be processed, the duration of data processing and the identity of the data controller are determined by the law or local government decree ordering data processing.
The law may, in the public interest, order the disclosure of personal data by explicitly indicating the scope of the data. In all other cases, disclosure requires the consent of the data subject and, in the case of special data, written consent. In case of doubt, it shall be presumed that the data subject has not given his consent.
The consent of the data subject shall be deemed to have been given in respect of the data communicated by him or her in the course of his or her public participation or for the purpose of disclosure.
In proceedings initiated at the request of the data subject, his or her consent to the processing of his or her necessary data shall be presumed. This fact must be brought to the attention of the data subject.
The data subject may also give his / her consent within the framework of a written contract concluded with the Data Controller in order to fulfill the provisions of the contract. In this case, the contract must contain all the information that the data subject must know from the point of view of the processing of personal data, in particular the definition of the data to be processed, the duration of data processing, the purpose of use, data transmission and data processing. The contract must state unequivocally that, by signing, the data subject consents to the processing of his or her data as specified in the contract.
The right to the protection of personal data and the personal rights of the data subject, unless otherwise provided by law, may not be infringed by other interests in the processing of data, including the disclosure of data of public interest.
4. FUNDAMENTALS OF DATA MANAGEMENT
In all cases, the processing of personal data by the Data Controller is based on law or voluntary consent. Personal data may only be processed for a specific purpose, in order to exercise a right and fulfill an obligation. Only personal data that is essential for the purpose of the data processing, suitable for the achievement of the purpose and only to the extent and for the time necessary for the realization of the purpose may be processed.
In some cases, the processing is based on other legal bases or Article 6 of the Regulation in the absence of consent
a) Purpose :invoice issue
Data : Name, Address, tax number (for legal entities
b) Purpose: contract
Data : name, surname, address, ID number
c) Purpose: newsletter subscription
Data: e-mail address
The Data Controller does not record the user’s IP address or other personal data when visiting the websites it operates.
The html code of the websites operated by the Data Controller may contain independent links from and to an external server for web analytics. It also includes conversion tracking.
You can delete cookies from the your own computer or disable their application in your browser. These options are browser-dependent, but are typically set in Settings / Privacy.
5. DATA MANAGEMENT SECURITY
Hosted by:
NETJEL Bt. 9023 Győr, Ifjúság körút 87. fszt. 2.
The information you provide is stored on a server operated by the hosting provider.
The data can only be accessed by our employees and the employees operating the server, but they are all responsible for the secure handling of the data.
The activity name: hosting, server services
The purpose of data management is to ensure the operation of the website. Data processed: personal data provided by the data subject. Data management lasts until the end of the operation of the website or in accordance with the contractual agreement between the operator of the website and the hosting provider.
If necessary, the person concerned may also request the storage provider to delete his / her data. The legal basis for the processing of data is the consent of the person concerned and the processing of data based on law.
Duration of data management
The data will be processed until the consent is withdrawn. Your consent to data management may be revoked at any time by sending a letter to your contact email address.
Deleting data
This is done when the consent to the data processing is revoked. You can revoke your consent to data management at any time by sending an email to your contact email address. Modification or deletion of personal data can be initiated by e-mail, telephone or letter using the contact options provided above.
The manager and employees of the data controller have the right to modify or delete the data.
Method of data storage: electronic
Data transfer: Data transfer is not performed by the data controller.
You can give your consent to the data management by ticking the empty checkbox on the website specifically created for this purpose.
The Data Controller makes sure to protect the data in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage. The Data Controller, together with the server operators, ensures the security of the data with technical, organizational and organizational measures that provide a level of protection appropriate to the risks associated with data management.
6. RIGHTS OF DATA SUBJECT
Right to request information
You can request information from us via the contact details provided, regarding what kind of data, on what legal basis, for what data management purpose, from what source, for how long we process data. We will provide you this information upon your request within 30 days from the date of your request, to the e-mail address you have provided
Right to rectification
You can ask us to change any of your details via the contact details provided. We will take action on your request immediately, but within a maximum of 30 days, and we will send you information by e-mail.
Right of cancellation
You can ask us to delete your data via the contact details provided. At your request, we will do this immediately, but within a maximum of 30 days, and we will send information to the email contact you provided. Personal data is deleted by the Data Controller if its processing is unlawful, requested by the data subject, incomplete or incorrect – and this condition cannot be legally corrected – provided that deletion is not precluded by law if the purpose of data processing has ceased. expired or ordered by a court or the Data Protection Commissioner
Right to lock
You can ask us to block your data via the contact details provided. The lock lasts as long as the reason you specify requires the data to be stored. At your request, we will do this immediately, but within a maximum of 30 days, and we will send information to the email address provided by you.
Right to protest
You have the right to object to the data management via the contact details provided. We will investigate your objection as soon as possible, but no later than within 15 days from the submission of your request. , we will make a decision on it and we will inform you about our decision by e-mail.
The data subject may object to the processing of his / her personal data if the processing (transfer) of personal data is only necessary to enforce the right or legitimate interest of the data controller or the data recipient, unless the data processing is required by law, the use or transfer of personal data or for the purpose of scientific research, the exercise of the right to protest is otherwise permitted by law.
With the simultaneous suspension of data processing, the Data Controller is obliged to examine the protest as soon as possible, but not later than within 15 days from the submission of the request, and to inform the applicant in writing of the result. If the protest is justified, the data controller is obliged to terminate the data processing, including further data collection and data transfer, and to block the data, as well as to notify all persons to whom the protested personal data have previously been transmitted and who have taken action against them. are obliged to take measures to enforce the right to protest.
Possibility of data management enforcement
In the event of any illegal data processing you experience, notify our company so that you have the opportunity to restore the legal status in a short time. We will do our best to solve the problem outlined.
If you consider that the legal situation cannot be restored, please notify the authority at the following contact details: National Data Protection and Freedom of Information Authority; 1530 Budapest, Pf .: 5; 1125 Budapest, Szilágyi Erzsébet avenue 22 / c; Phone: +36 (1) 391-1400