PRIVACY NOTICE AND INFORMATION ON THE PROCESSING OF PERSONAL DATA
Tóth Katalin EV. (seat: 1118 Budapest, Kelenhegyi út 50. 2 em. 5 ajtó; registration number: 51109547), as a data controller (hereinafter referred to as the Company or the Data Controller), processes the data concerned in the course of the activities it provides in accordance with the provisions of this information.
The Company aims to fully comply with the legal requirements for the processing of personal data, in particular with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (the “Privacy Act”) and Regulation (EU) 2016/679 of the European Parliament and of the Council (the “Regulation” or “GDPR”), and therefore, through this notice, the Company aims to ensure the enforcement of the right to transparent information as provided for in Article 12 of the GDPR.
This Privacy Notice has been prepared in accordance with the GDPR and the Privacy Act.
The Data Controller declares that it will process personal data in accordance with the provisions of this Privacy Notice and will comply with the provisions of the GDPR, the Privacy Act and any other applicable legislation, in particular with regard to the content of this section:
The processing of personal data shall be lawful, fair and transparent for the data subject.
The processing of personal data must be carried out lawfully, fairly and fairly, and in accordance with the law and fairness of the data subject.
The purposes for which the personal data are processed must be adequate, relevant and the processing must be limited to what is necessary.
Personal data must be accurate and up to date. Inaccurate personal data must be deleted without delay.
Personal data must be stored in such a way that the identification of the data subjects is limited to the shortest period of time necessary for the purposes for which the data are processed.
Further processing of personal data other than as provided for in this notice shall be considered lawful where the processing is necessary to comply with a legal obligation, for reasons of public interest, for scientific research purposes, for statistical purposes or to present and pursue legal claims.
Personal data should be processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organizational measures.
The principles of data protection apply to any information relating to an identified or identifiable natural person.
Company registration number: 51109547
Tax number: 68061146-1-43
Registered office: 1118 Budapest, Kelenhegyi út 50. 2 em. 5 ajtó
Postal address: 1118 Budapest, Kelenhegyi út 50. 2 em. 5 ajtó
Website: www.plantebudpest.com
E-mail: help@ssolerawap.com
ssolerawap.com
The website accessible at the Internet address, the webpages and subpages accessible from that address.
In view of the above, the Data Controller shall primarily:
– REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); (The EU General Data Protection Regulation), (hereinafter referred to as GDPR),
– Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Privacy Act.),
– Act CVIII of 2001 on certain issues of electronic commerce activities and information society services,
– Act CXIX of 1995 on the processing of name and address data for the purposes of research and direct marketing (DMtv.), and
– the provisions of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising Activities (Act XLVIII of 2008).
III. Legal basis for processing
– processing is necessary for compliance with a legal obligation to which the controller is subject;
– processing is necessary for the protection of the vital interests of the data subject or of another natural person;
– processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
– processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
2.Pursuant to Article 6 Section (1) (d) and (f) of the GDPR, we further inform you that the Controller may process the User’s personal data without the consent of the User, even if the processing is necessary for the protection of the vital interests of the User or of another natural person or if the processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the User concerned which require the protection of personal data, in particular where the User is a child.
In any case, before starting the processing on the basis of the above legitimate interests, the Data Controller will carry out – as a mandatory requirement – the so-called interest balancing test as described in points 4.3 to 4.5 of this Notice.
The service provided by the Data Controller is an information society – electronic commerce – service within the meaning of the Act.
The Data Controller may process the natural person identification data and the address of the user (User) for the purpose of creating the contract for the provision of its service, determining the content, amending it, monitoring its performance, invoicing the fees arising from it and enforcing claims relating to it.
The Data Controller may process the natural person’s identification data, the address of the User who has used its services, as well as data relating to the time, duration and place of use of the services, for the purpose of invoicing the fees resulting from the contract for the provision of its services.
The controller may process personal data that are technically necessary for the provision of the service. The Controller shall, other things being equal, choose and in any case operate the means used for the provision of the service in such a way that personal data are processed only to the extent strictly necessary for the provision of the service and for the fulfilment of the other purposes laid down in this Act, but even then only to the extent and for the duration necessary.
The data controller may process data relating to the use of the service for any purposes other than those set out above, in particular to improve the effectiveness of its service, to deliver electronic advertising or other targeted content to the recipient, to conduct market research, only with the prior specification of the purpose of the processing and with the consent of the recipient.
Data processed to enable user-friendly browsing:
– the web pages visited during your visit to the website and the order in which they were opened
– IP address of the device used by the user.
The scope of the data processed to measure the number of visits to the site:
– the web pages visited during the visit to the website and their opening order
– the frequency with which each web page of the site is viewed
– which other website the User came to this website from (only for websites with a link to this website)
– the geographical location of the User visiting the site (based on the ISP’s data, only approximate data on the location of the browsing device)
– the time you started browsing the site
– the time you leave the website (end your browsing)
– the duration of your browsing of the website.
Data processed to verify access to the website:
– User name and password (may be stored at the User’s discretion)
– User’s e-mail address
– IP address of the device used by the User.
4.Purpose of processing: The use of “cookies” and log files is necessary for the user-friendly and secure operation of the website. The purpose of the processing of data through the use of cookies and “cookies” is to ensure the user-friendly operation of the website for the User concerned and to collect anonymous data about the use of the website.
In particular:
– Identification of the User’s device used for browsing, storage of identification data – until the time of browsing: based on the IP address. This makes browsing smoother, without which the User would have to identify himself or repeat processes for each page visited.
The data required for the following purposes are recorded anonymously and cannot be linked to an individual:
– To measure the number of visits to the website, to measure the frequency of visits to each page of the website and to measure the browsing time of each page of the website in order to enable the Data Controller to tailor the website to the maximum extent possible to the needs of the Users.
– Determining the location of the User (browsing device), mapping the level of interest in the Data Controller’s service by territory.
– Identification of the website from which the User came to this website, in order to learn about other topics of interest to Users interested in the Controller’s service and to measure the effectiveness of the activity promoting the Controller’s service.
To measure this data, the Controller’s IT system uses the tools of Google Analytics (Google Inc.). When viewing pages that use Google Analytics, Google cookies remember the preferences and information indicated by the user, which also means that anonymous data is collected to measure the number of visits to the website and to map browsing habits.
The above anonymous data is also accessed by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), the owner and operator of the Google Analytics tools. Google Inc. will also use this data for the purpose of delivering targeted advertising to the browser user, in addition to the aforementioned analysis. Google Inc. will do this by combining the anonymous data with the IP address of the browsing device used to determine the discoverable interests based on the browsing habits of the device and then deliver targeted advertising to the device. Google Inc. will not have access to any data other than the anonymous data described in this section.
The cookies (Facebook button, Facebook share button, Facebook like button) that facilitate your visit to the Facebook social networking site and the sharing and liking of this website on the social networking site are provided by Facebook Inc. and the anonymous data processed by these cookies is also accessed by Facebook Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
The cookies that facilitate the visit of the social networking site of the data controller Instagram (Instagram button) are provided by Instagram LLC., so that the anonymous data processed by these cookies is also accessed by Instagram LLC. Instagram LLC. is owned by Facebook Inc. and the Instagram service is operated by Facebook Inc., so the processing of data through the use of the service is carried out jointly by Facebook Inc. and Instagram LLC.
Through these services, Facebook Inc. and Instagram LLC. therefore have access to the anonymous data described above, which are processed to measure website traffic and to map browsing habits. Facebook Inc. and Instagram LLC. also use the above data to deliver targeted advertising to the browsing user, in addition to the aforementioned analyses. Facebook Inc. and Instagram LLC. do this by combining the anonymous data with the IP address of the browsing device used to determine the discoverable interests based on the browsing habits of the device and then deliver targeted advertising to that device. Facebook Inc. and Instagram LLC. do not have access to any data other than the anonymous data described in this section.
The following data are collected in a way that can be linked to the User’s person, but can only be accessed by the Data Controller:
– the possible storage of the user name and password to facilitate access (at the User’s choice)
– (user name, e-mail address, password), for the User’s convenience (for the User’s personal use only).
5.Duration of data processing.
Data necessary to ensure the user-friendliness of the website (IP address, order of the pages visited on the website during browsing) are recorded for the duration of the browsing session (i.e. the duration of the browsing session) and are deleted once the browsing session is completed. The processing of such data is carried out by the Data Controller’s own IT system and is not accessible to third parties, except in the case of IT processing (see below under “Use of a data processor”).
The data required to verify access and grant usage rights are stored for the duration of the browsing session (i.e. the duration of your browsing session) and are deleted once the session is over. The processing of such data is carried out by the Data Controller’s own IT system and is not accessible to third parties, except in the case of IT processing (see below under “Use of a data processor”).
The user name and password may be stored permanently at the User’s choice, by cookies on the User’s device, and the User may delete them in his/her browser settings, thus controlling the time of data storage.
The data on which the measurement of the number of visits and the mapping of habits regarding the use of the website are based are recorded anonymously by the Data Controller’s IT system from the outset and cannot be linked to any individual. The Controller’s IT system uses Google Analytics to measure this data. Only the cookie that the User has used to authorize the collection of data by Google Analytics is stored on the User’s device. You can delete this in your browser settings, which will stop the data collection.
Anonymous data processed to measure the number of visits to the website and to map browsing habits, which is also accessible by Facebook Inc., which provides cookies to facilitate visits to the social networking sites of the Data Controller and the sharing and liking of this website on social networking sites, are permanently stored by Facebook Inc.’s tools, but for a maximum of 2 years, using cookies that are stored on the User’s browsing device. The User can delete these cookies or prevent them from working at any time by changing the settings of his browser.
VII. Processing of data related to the receipt and response to a message
Users sending messages to the Data Controller by e-mail using the e-mail address(es) indicated on the website.
3.Definition of the scope of the data processed: for users who send messages, the data processing concerns the personal data and contact details to be filled in on the above-mentioned messaging interface, as well as any additional data that the User may provide in the message (including the e-mail message).
Scope of the data:
– surname
– first name
– e-mail address
With regard to the additional data that the User may provide in the message (including e-mail), the Data Controller will only process the data when receiving the message, if necessary in relation to the content of the message sent, but the Data Controller will not ask the User to provide any personal data that may be provided there. When such unexpected personal data is provided, the Data Controller shall not store the unexpected personal data and shall delete it from its IT system without delay.
The related services are:
– Messaging via the messaging interface (“Contact us / Have a question?” page),
– Receiving messages sent by e-mail (using the e-mail address(es) indicated on the site),
– replying to messages sent to the Data Controller by the above means, which the Data Controller will complete within 3 working days.
VIII. Data processing related to the sending of newsletters
Legal basis for data processing. Article 6 Section (1) and (2) of the GDPR. Voluntary consent is given by the User by reading this Privacy Policy and by filling in the fields for subscribing to the newsletter, by ticking the consent form provided therein or by ticking the consent form for sending the newsletter included in the written contract and signing the contract, or by filling in and signing a separate paper declaration. By doing so, the User declares that he or she consents to the processing of his or her data as set out in the privacy policy or the contract/declaration and to the sending of newsletters.
In addition to sending useful information, the newsletter service also aims at direct marketing by the Data Controller. The User may subscribe to this service independently of the use of other services. The use of this service is voluntary and based on the User’s decision, after having been duly informed. The User’s non-use of the newsletter service does not imply any disadvantage for him/her in using the website and its other services. The Data Controller does not make the use of its direct marketing service a condition for the use of any of its other services.
– surname
– first name
– e-mail address.
4.Purpose of processing: sending of newsletters by the Data Controller to the User by e-mail. Sending newsletters means sending information about the Controller’s services, news and updates, attention-grabbing offers, promotional content.
5.Duration of data management: the Data Controller manages the data processed for the purpose of sending the newsletter until the User’s consent is withdrawn (unsubscribe) or until the data is deleted at the User’s request.
Scope of data:
– lead name
– first name
– phone number
– e-mail address
– username
– password
– shipping address
– billing address.
Related services:
– browse the site
– product information
– browsing the site, browsing the website
– sending messages to the Data Controller.
5.Duration of data processing. The data processing may also cease upon the User’s cancellation of the registration or upon the deletion of the User’s registration by the Data Controller. The User may delete his/her registration or request its deletion from the Data Controller at any time, which request shall be executed by the Data Controller without delay, but no later than 10 working days after receipt of the request.
3.Definition of the scope of the data processed: the data processing concerns the personal data and contact details to be filled in on the registration form displayed prior to placing the order referred to above – or in case of previous registration, on the registration form filled in at that time.
Scope of the data:
– lead name
– first name
– telephone number
– e-mail address
– password
– delivery address
– billing address
– purchase price of the order
– receipt/delivery method
– payment method
– date of payment.
The related services are:
– information on the availability and characteristics of the product
– ordering a product
– the availability of the ordered product, the availability of the product information, the availability of the product, the availability of the product
– arranging delivery
– arranging the delivery of the product
– notifying the delivery
– invoicing
As long as the possibility of enforcing the order exists, the data necessary for issuing the invoice (name, address) and the above data processed for the fulfilment of the order are processed for the period of the possible enforcement of the order (5 years from the conclusion of the contract – receipt of the confirmation of acceptance of the order), and the data necessary for issuing the invoice (name, address) for the period necessary to fulfil the obligation to keep records under the Accounting Act (8 years from the issue of the invoice).
6.Data transfer register: The Data Controller shall keep a data transfer register for the purpose of monitoring the lawfulness of the data transfer and informing the data subject, which shall contain the date of the transfer of personal data processed by the Data Controller, the legal basis and the recipient of the transfer, the scope of the personal data transferred and other data specified in the legislation providing for the processing.
XII. Duration of data processing
2.This means that the data processing lasts until the withdrawal of the consent, the execution of the cancellation request, the cancellation of the registration, the unsubscription from the newsletter, and in the relevant cases until the fulfilment of the legal obligation. The User may at any time object to the processing, request the cessation of the processing, the cessation of certain processing methods or the deletion of the data, both for specific purposes and in full. In such cases, the processing shall continue until the receipt and processing of such a request, which shall be carried out by the Controller without undue delay, but not later than 10 working days. The User may unsubscribe from the newsletter at any time by using the unsubscribe link included in the newsletters, by sending a written request to help@ssolerawap.com e-mail or by sending the objections or requests outlined above by e-mail. Requests sent by e-mail will be considered valid by the Data Controller only if they are sent from the e-mail address provided by the User to the Data Controller in connection with the use of the website, or provided when subscribing to the newsletter or in the written contract/statement and registered with the Data Controller, but the use of another e-mail address does not imply that the request is ignored.
XIII. How data is stored
XIV. Deletion of data, restriction of processing
– processing is unlawful,
– the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
– the processed data is incomplete or inaccurate – and this situation cannot be lawfully remedied – provided that erasure is not excluded by law,
– the purpose of the processing has ceased to exist or the time limit for the storage of the data laid down by law has expired,
– ordered by a court or the National Authority for Data Protection and Freedom of Information.
UniCredit Bank Hungary Zrt.
Tax number: 10325737-4-44
Registered office: 1054 Budapest, Szabadság tér 5-6.
Postal address: H-1242 Budapest, Pf.386
Phone: +36303253200
E-mail: info@unicreditgroup.hu
Website: www.unicreditbank.hu
Business company as the provider of the online payment service available on the website of the Data Controller.
Legal basis for the transfer of data: the User’s consent pursuant to Article 6 Section (1) (a) of the GDPR. By selecting the online payment method and submitting the order, the User, after having read the Privacy Policy, voluntarily consents to the processing of his/her data necessary for the secure processing of the online payment.
– username
– line name
– first name
– country
– telephone number
– e-mail address.
XVI. Use of a data processor
The Data Controller uses the following entities as data processors.
Company name: | UniCredit Bank Hungary Zrt. |
Registered office: | 1054 Budapest, Szabadság tér 5-6. |
Telephone: | +36303253200 |
E-mail: | info@unicreditgroup.hu |
The payment transactions made by the data subject are processed by the payment systems provided by the payment service providers referred to in this point for the payment accounts of the Company. The data may only be accessed by the employees of the Data Controller and, in accordance with their respective data management information, by the employees of the payment service providers, who are all responsible for the secure processing of the data.
Purpose
| To ensure the cash flow of the Data Controller |
Legal basis
| To comply with a legal obligation under Article 6 section (1) (c) of the GDPR |
Data subjects | Data subjects in a contractual relationship |
Scope of data | Name of the data subject, the bank of the account holder, the bank account number and the amount of the payment |
Data controller
| The Company |
Persons entitled to access the data | The Company and its employees under an employment or agency relationship with the Company and the payment service provider and its employees |
Time limit for processing and deletion of data | As specified in the payment service provider’s information notice. |
Method of storage of data | Electronic |
Data transmission | None |
Company name: | Paylike Inc. |
Registered office: | Klostergade 56B, 1, 8000 Aarhus, Denmark |
Telephone: | – |
E-mail: | hello@paylike.io |
Company name: | WordPress / Automatic Inc. |
Registered office: | 60 29th Street #343, San Francisco, CA 94110 |
Telephone: | (877) 273 3049 |
Data processing operations consisting of the technical operations necessary for the operation of the website and the provision of the services provided through it, in order to ensure the operation of the website in the information technology sense for the User concerned.
Purpose
| Processing of data relating to the use of the services provided by the Site by Users visiting the Site |
Legal basis
| To comply with a legal obligation under Article 6 Section (1)(c) of the GDPR |
Data subjects | Data subjects in a contractual relationship |
Scope of data | The processing concerns all the data indicated in this notice. |
Data controller
| The Company |
Persons entitled to access the data | The Company and its employees who have an employment or agency relationship with it and the processor and its employees |
Time limit for processing and deletion of data | According to the rules of the data processor |
Method of storage of data | Electronic |
Data transmission
| None |
3.1.The data subjects concerned by the processing: users who subscribe to the newsletter on the website, irrespective of the use of other services provided by the website.
3.2. The Data Controller uses as a data processor
SalesAutopilot Kft.
Company registration number: 01-09-286773
Tax number: 25743500-2-41
Registered office: 1024 Budapest, Margit körút 31-33., mezzanine 4.
Phone: +1 3614900172
Website: salesautopilot.hu
as the developer and maintainer of the newsletter sending software used by the Data Controller (hereinafter referred to as the “Data Processor”).
3.3.Legal basis for data processing: on the basis of the User’s consent pursuant to Article 6(1)(a) of the GDPR, the Data Controller may use a data processor, subject to the User’s prior information. The User, by giving his/her consent to the sending of the newsletter to the Data Controller, as described in the section on sending newsletters above, after having read the Data Processing Notice, voluntarily consents to the use of a data processor for the processing of his/her data necessary for the sending of the newsletter.
3.4. Definition of the data subject of the processing: The processing of data concerns all the data indicated in the section on sending the newsletter in this notice.
3.5.Purpose of data processing: to ensure the operation of the software used by the Data Controller for sending newsletters in the information technology sense, by means of data processing in the technical operations necessary for the secure operation of the software.
3.6 Duration of the processing: the same as the processing periods indicated in the chapter on the sending of the newsletter in this information note.
3.7. The processing of the data consists exclusively of the technical operations necessary for the operation of the newsletter sending software in the IT sense.
4.1.Data subjects concerned by the processing of data: users who choose to receive their order by delivery on the website, regardless of whether they use other services provided by the website.
4.2. The Data Controller primarily uses as data processors
GLS General Logistics System Hungary Logistics Limited Liability Company
Registration number: 1309111755
Tax number: 12369410244
Registered office: 2351 Alsónémedi, GLS Európa u. 2.
Postal address: 2351 Alsónémedi, GLS Európa u. 2
Phone: +36 29886670
E-mail: info@gls-hungary.com
Website: gls-group.eu/HU
as the carrier delivering the products ordered (hereinafter referred to as the “Data Processor”).
4.3. Legal basis for processing: Article 6 Section (1)(b) GDPR, which states that processing is necessary for the performance of a contract to which the User is a party. The Data Controller may use a data processor for the performance of the contract, subject to prior information of the User. The User shall be informed of the content of the contract concluded with him/her and of the use of a data processor for the processing of his/her data necessary for the delivery of the ordered product when he/she receives the data processing information, when choosing the delivery method and when placing the order.
4.4.Definition of the scope of the data processing: the processing of the data concerns the following data of the User in order to fulfil the contract (delivery) resulting from the User’s order:
– line name
– first name
– telephone number
– delivery address.
4.5. The purpose of the processing of the data is to carry out the delivery of the ordered product within the framework of the performance of the contract resulting from the User’s order, by delivering it to the address indicated by the User, if necessary by telephone agreement on the place and time of delivery.
4.6. Duration of data processing: for the time necessary to carry out the delivery and delivery.
4.7. The processing of the data is limited to the technical operations necessary to carry out the delivery and delivery.
XVIII. User’s rights in relation to data management
The information shall be provided free of charge once per calendar year, and a fee may be charged for additional occasions when information is requested. However, the fee already paid shall be refunded if an unlawfulness is established with regard to the processing of the data or if the data have to be rectified for reasons attributable to the Data Controller.
In the context of the right of access, the Data Controller shall provide the User with a copy of the personal data subject to processing, at the latest within one month of receipt of the request. For any additional copies requested by the User, the Controller may charge a reasonable fee based on administrative costs (as set out in Chapter 19).
(a) the processing is based on the consent of the User or on a contract; and
(b) the processing is carried out by automated means.
In exercising the right to data portability as set out above, the User has the right to request, where technically feasible, the direct transfer of personal data between controllers.
(a) the User contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the Controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the User opposes the erasure of the data and requests instead the restriction of their use;
(c) the Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
(d) the User has objected to the processing based on the legitimate interests of the Controller; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the data subject.
Each User has the right to object to or prohibit the inclusion of his/her name and address data, contact details on a commercial list, the use of his/her data for direct commercial purposes or for a specific purpose within a specific list, the use of such data for sending newsletters, the transfer of such data to third parties, and to request other restrictions of his/her personal data, the termination of the processing of all or specific lists held by the Data Controller, including data transferred to third parties. The Controller shall carry out the erasure without undue delay after receipt of the request, but within a maximum of 10 working days, and shall inform the User concerned in writing within a further 15 days of the execution of the request.
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
(f) the personal data have been collected in connection with the provision of information society services;
(g) where the controller has disclosed the personal data and the personal data are no longer necessary for the purposes for which they were processed, the controller must erase them and take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that the data subject has requested the deletion of the links to or copies or replicas of the personal data in question.
If the Data Controller has disclosed the personal data and is obliged to delete it as set out above, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the data controllers that have processed the data that the User has requested them to delete the links to or copies or duplicates of the personal data in question.
The controller shall notify the rectification, restriction and erasure to the User concerned and to all controllers to whom the data were previously transmitted. Notification may be omitted if it proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the User of these recipients.
The data subject may request the blocking of his/her data by the Company using the contact details provided. The blocking shall last for as long as the reason indicated by the data subject makes it necessary to store the data. At the request of the data subject, the Company will do so without delay, but within a maximum of 30 days, and will send information to the e-mail address provided by the data subject.
XVIII. Compliance with your requests
(a) charge a reasonable fee; or
(b) refuse to act on the request.
User’s requests may be sent by post to the address of the Data Controller indicated in point 1.1 or by e-mail to help@ssolerawap.com. Requests sent by e-mail shall be considered as authentic by the Data Controller only if they are sent from the e-mail address provided by the User to the Data Controller and registered there, however, the use of another e-mail address shall not imply that the request is ignored. In the case of e-mail, the date of receipt shall be deemed to be the first working day following the sending of the request.
XIX. Data protection, data security
1.The Data Controller shall ensure the security of data in its data processing and data handling activities, and shall ensure the enforcement of legal provisions and other data protection and confidentiality rules by technical and organizational measures and internal rules of procedure. In particular, it shall take appropriate measures to protect the processed data against unauthorized access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction or accidental damage and against inaccessibility resulting from changes in the technology used.
1.Data subjects may exercise their rights of enforcement before the courts under Act V of 2013 on the Civil Code, the GDPR and the Infotv., and may also apply to the National Authority for Data Protection and Freedom of Information:
National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Postal address: 1530 Budapest, PO Box 5.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu/
In the event that the User concerned chooses to take legal action, the action may also be brought before the court of the place of residence or domicile of the User concerned, as the court has jurisdiction to hear the case.
XXI. Miscellaneous provisions
With regard to the data transferred within the scope of this Privacy Notice, the data processors, who are individually responsible for the personal data processing carried out by them on behalf of the Company, are.
This Privacy Notice is published in the Official Journal of the European Union 2020.
The Data Controller reserves the right to amend this Privacy Notice unilaterally at any time, with prior notice to the data subjects. Data subjects will be informed by means of a notice on http://felhomatrac.hu/ at least eight calendar days prior to the modification.
PRIVACY NOTICE AND INFORMATION ON THE PROCESSING OF PERSONAL DATA
KlassDSign Limited Liability Company (seat: 2800 Tatabánya, Banyi János u. 18.; registration number: 11 09 021505), as a data controller (hereinafter referred to as the Company or the Data Controller), processes the data concerned in the course of the activities it provides in accordance with the provisions of this information.
The Company aims to fully comply with the legal requirements for the processing of personal data, in particular with the provisions of Act CXII of 2011 on Informational Self-Determination and Freedom of Information (the “Privacy Act”) and Regulation (EU) 2016/679 of the European Parliament and of the Council (the “Regulation” or “GDPR”), and therefore, through this notice, the Company aims to ensure the enforcement of the right to transparent information as provided for in Article 12 of the GDPR.
This Privacy Notice has been prepared in accordance with the GDPR and the Privacy Act.
The Data Controller declares that it will process personal data in accordance with the provisions of this Privacy Notice and will comply with the provisions of the GDPR, the Privacy Act and any other applicable legislation, in particular with regard to the content of this section:
The processing of personal data shall be lawful, fair and transparent for the data subject.
The processing of personal data must be carried out lawfully, fairly and fairly, and in accordance with the law and fairness of the data subject.
The purposes for which the personal data are processed must be adequate, relevant and the processing must be limited to what is necessary.
Personal data must be accurate and up to date. Inaccurate personal data must be deleted without delay.
Personal data must be stored in such a way that the identification of the data subjects is limited to the shortest period of time necessary for the purposes for which the data are processed.
Further processing of personal data other than as provided for in this notice shall be considered lawful where the processing is necessary to comply with a legal obligation, for reasons of public interest, for scientific research purposes, for statistical purposes or to present and pursue legal claims.
Personal data should be processed in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organizational measures.
The principles of data protection apply to any information relating to an identified or identifiable natural person.
Company registration number: 11-09-021505
Tax number: 24286549211
Registered office: 2800 Tatabánya, Banyi János utca 18.
Postal address: 2800 Tatabánya, Banyi János utca 18.
Branch office: 1075 Budapest, Madách Imre út 18.
Website: www.plantebudpest.com
E-mail: help@ssolerawap.com
ssolerawap.com
The website accessible at the Internet address, the webpages and subpages accessible from that address.
In view of the above, the Data Controller shall primarily:
– REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation); (The EU General Data Protection Regulation), (hereinafter referred to as GDPR),
– Act CXII of 2011 on Informational Self-Determination and Freedom of Information (Privacy Act.),
– Act CVIII of 2001 on certain issues of electronic commerce activities and information society services,
– Act CXIX of 1995 on the processing of name and address data for the purposes of research and direct marketing (DMtv.), and
– the provisions of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising Activities (Act XLVIII of 2008).
III. Legal basis for processing
– processing is necessary for compliance with a legal obligation to which the controller is subject;
– processing is necessary for the protection of the vital interests of the data subject or of another natural person;
– processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
– processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
2.Pursuant to Article 6 Section (1) (d) and (f) of the GDPR, we further inform you that the Controller may process the User’s personal data without the consent of the User, even if the processing is necessary for the protection of the vital interests of the User or of another natural person or if the processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the User concerned which require the protection of personal data, in particular where the User is a child.
In any case, before starting the processing on the basis of the above legitimate interests, the Data Controller will carry out – as a mandatory requirement – the so-called interest balancing test as described in points 4.3 to 4.5 of this Notice.
The service provided by the Data Controller is an information society – electronic commerce – service within the meaning of the Act.
The Data Controller may process the natural person identification data and the address of the user (User) for the purpose of creating the contract for the provision of its service, determining the content, amending it, monitoring its performance, invoicing the fees arising from it and enforcing claims relating to it.
The Data Controller may process the natural person’s identification data, the address of the User who has used its services, as well as data relating to the time, duration and place of use of the services, for the purpose of invoicing the fees resulting from the contract for the provision of its services.
The controller may process personal data that are technically necessary for the provision of the service. The Controller shall, other things being equal, choose and in any case operate the means used for the provision of the service in such a way that personal data are processed only to the extent strictly necessary for the provision of the service and for the fulfilment of the other purposes laid down in this Act, but even then only to the extent and for the duration necessary.
The data controller may process data relating to the use of the service for any purposes other than those set out above, in particular to improve the effectiveness of its service, to deliver electronic advertising or other targeted content to the recipient, to conduct market research, only with the prior specification of the purpose of the processing and with the consent of the recipient.
Data processed to enable user-friendly browsing:
– the web pages visited during your visit to the website and the order in which they were opened
– IP address of the device used by the user.
The scope of the data processed to measure the number of visits to the site:
– the web pages visited during the visit to the website and their opening order
– the frequency with which each web page of the site is viewed
– which other website the User came to this website from (only for websites with a link to this website)
– the geographical location of the User visiting the site (based on the ISP’s data, only approximate data on the location of the browsing device)
– the time you started browsing the site
– the time you leave the website (end your browsing)
– the duration of your browsing of the website.
Data processed to verify access to the website:
– User name and password (may be stored at the User’s discretion)
– User’s e-mail address
– IP address of the device used by the User.
4.Purpose of processing: The use of “cookies” and log files is necessary for the user-friendly and secure operation of the website. The purpose of the processing of data through the use of cookies and “cookies” is to ensure the user-friendly operation of the website for the User concerned and to collect anonymous data about the use of the website.
In particular:
– Identification of the User’s device used for browsing, storage of identification data – until the time of browsing: based on the IP address. This makes browsing smoother, without which the User would have to identify himself or repeat processes for each page visited.
The data required for the following purposes are recorded anonymously and cannot be linked to an individual:
– To measure the number of visits to the website, to measure the frequency of visits to each page of the website and to measure the browsing time of each page of the website in order to enable the Data Controller to tailor the website to the maximum extent possible to the needs of the Users.
– Determining the location of the User (browsing device), mapping the level of interest in the Data Controller’s service by territory.
– Identification of the website from which the User came to this website, in order to learn about other topics of interest to Users interested in the Controller’s service and to measure the effectiveness of the activity promoting the Controller’s service.
To measure this data, the Controller’s IT system uses the tools of Google Analytics (Google Inc.). When viewing pages that use Google Analytics, Google cookies remember the preferences and information indicated by the user, which also means that anonymous data is collected to measure the number of visits to the website and to map browsing habits.
The above anonymous data is also accessed by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), the owner and operator of the Google Analytics tools. Google Inc. will also use this data for the purpose of delivering targeted advertising to the browser user, in addition to the aforementioned analysis. Google Inc. will do this by combining the anonymous data with the IP address of the browsing device used to determine the discoverable interests based on the browsing habits of the device and then deliver targeted advertising to the device. Google Inc. will not have access to any data other than the anonymous data described in this section.
The cookies (Facebook button, Facebook share button, Facebook like button) that facilitate your visit to the Facebook social networking site and the sharing and liking of this website on the social networking site are provided by Facebook Inc. and the anonymous data processed by these cookies is also accessed by Facebook Inc. (1601 Willow Road, Menlo Park, CA 94025, USA).
The cookies that facilitate the visit of the social networking site of the data controller Instagram (Instagram button) are provided by Instagram LLC., so that the anonymous data processed by these cookies is also accessed by Instagram LLC. Instagram LLC. is owned by Facebook Inc. and the Instagram service is operated by Facebook Inc., so the processing of data through the use of the service is carried out jointly by Facebook Inc. and Instagram LLC.
Through these services, Facebook Inc. and Instagram LLC. therefore have access to the anonymous data described above, which are processed to measure website traffic and to map browsing habits. Facebook Inc. and Instagram LLC. also use the above data to deliver targeted advertising to the browsing user, in addition to the aforementioned analyses. Facebook Inc. and Instagram LLC. do this by combining the anonymous data with the IP address of the browsing device used to determine the discoverable interests based on the browsing habits of the device and then deliver targeted advertising to that device. Facebook Inc. and Instagram LLC. do not have access to any data other than the anonymous data described in this section.
The following data are collected in a way that can be linked to the User’s person, but can only be accessed by the Data Controller:
– the possible storage of the user name and password to facilitate access (at the User’s choice)
– (user name, e-mail address, password), for the User’s convenience (for the User’s personal use only).
5.Duration of data processing.
Data necessary to ensure the user-friendliness of the website (IP address, order of the pages visited on the website during browsing) are recorded for the duration of the browsing session (i.e. the duration of the browsing session) and are deleted once the browsing session is completed. The processing of such data is carried out by the Data Controller’s own IT system and is not accessible to third parties, except in the case of IT processing (see below under “Use of a data processor”).
The data required to verify access and grant usage rights are stored for the duration of the browsing session (i.e. the duration of your browsing session) and are deleted once the session is over. The processing of such data is carried out by the Data Controller’s own IT system and is not accessible to third parties, except in the case of IT processing (see below under “Use of a data processor”).
The user name and password may be stored permanently at the User’s choice, by cookies on the User’s device, and the User may delete them in his/her browser settings, thus controlling the time of data storage.
The data on which the measurement of the number of visits and the mapping of habits regarding the use of the website are based are recorded anonymously by the Data Controller’s IT system from the outset and cannot be linked to any individual. The Controller’s IT system uses Google Analytics to measure this data. Only the cookie that the User has used to authorize the collection of data by Google Analytics is stored on the User’s device. You can delete this in your browser settings, which will stop the data collection.
Anonymous data processed to measure the number of visits to the website and to map browsing habits, which is also accessible by Facebook Inc., which provides cookies to facilitate visits to the social networking sites of the Data Controller and the sharing and liking of this website on social networking sites, are permanently stored by Facebook Inc.’s tools, but for a maximum of 2 years, using cookies that are stored on the User’s browsing device. The User can delete these cookies or prevent them from working at any time by changing the settings of his browser.
VII. Processing of data related to the receipt and response to a message
Users sending messages to the Data Controller by e-mail using the e-mail address(es) indicated on the website.
3.Definition of the scope of the data processed: for users who send messages, the data processing concerns the personal data and contact details to be filled in on the above-mentioned messaging interface, as well as any additional data that the User may provide in the message (including the e-mail message).
Scope of the data:
– Surname
– first name
– e-mail address
With regard to the additional data that the User may provide in the message (including e-mail), the Data Controller will only process the data when receiving the message, if necessary in relation to the content of the message sent, but the Data Controller will not ask the User to provide any personal data that may be provided there. When such unexpected personal data is provided, the Data Controller shall not store the unexpected personal data and shall delete it from its IT system without delay.
The related services are:
– Messaging via the messaging interface (“Contact us / Have a question?” page),
– Receiving messages sent by e-mail (using the e-mail address(es) indicated on the site),
– replying to messages sent to the Data Controller by the above means, which the Data Controller will complete within 3 working days.
VIII. Data processing related to the sending of newsletters
Legal basis for data processing. Article 6 Section (1) and (2) of the GDPR. Voluntary consent is given by the User by reading this Privacy Policy and by filling in the fields for subscribing to the newsletter, by ticking the consent form provided therein or by ticking the consent form for sending the newsletter included in the written contract and signing the contract, or by filling in and signing a separate paper declaration. By doing so, the User declares that he or she consents to the processing of his or her data as set out in the privacy policy or the contract/declaration and to the sending of newsletters.
In addition to sending useful information, the newsletter service also aims at direct marketing by the Data Controller. The User may subscribe to this service independently of the use of other services. The use of this service is voluntary and based on the User’s decision, after having been duly informed. The User’s non-use of the newsletter service does not imply any disadvantage for him/her in using the website and its other services. The Data Controller does not make the use of its direct marketing service a condition for the use of any of its other services.
– surname
– first name
– e-mail address.
4.Purpose of processing: sending of newsletters by the Data Controller to the User by e-mail. Sending newsletters means sending information about the Controller’s services, news and updates, attention-grabbing offers, promotional content.
5.Duration of data management: the Data Controller manages the data processed for the purpose of sending the newsletter until the User’s consent is withdrawn (unsubscribe) or until the data is deleted at the User’s request.
Scope of data:
– lead name
– first name
– phone number
– e-mail address
– username
– password
– shipping address
– billing address.
Related services:
– browse the site
– product information
– browsing the site, browsing the website
– sending messages to the Data Controller.
5.Duration of data processing. The data processing may also cease upon the User’s cancellation of the registration or upon the deletion of the User’s registration by the Data Controller. The User may delete his/her registration or request its deletion from the Data Controller at any time, which request shall be executed by the Data Controller without delay, but no later than 10 working days after receipt of the request.
3.Definition of the scope of the data processed: the data processing concerns the personal data and contact details to be filled in on the registration form displayed prior to placing the order referred to above – or in case of previous registration, on the registration form filled in at that time.
Scope of the data:
– lead name
– first name
– telephone number
– e-mail address
– password
– delivery address
– billing address
– purchase price of the order
– receipt/delivery method
– payment method
– date of payment.
The related services are:
– information on the availability and characteristics of the product
– ordering a product
– the availability of the ordered product, the availability of the product information, the availability of the product, the availability of the product
– arranging delivery
– arranging the delivery of the product
– notifying the delivery
– invoicing
As long as the possibility of enforcing the order exists, the data necessary for issuing the invoice (name, address) and the above data processed for the fulfilment of the order are processed for the period of the possible enforcement of the order (5 years from the conclusion of the contract – receipt of the confirmation of acceptance of the order), and the data necessary for issuing the invoice (name, address) for the period necessary to fulfil the obligation to keep records under the Accounting Act (8 years from the issue of the invoice).
6.Data transfer register: The Data Controller shall keep a data transfer register for the purpose of monitoring the lawfulness of the data transfer and informing the data subject, which shall contain the date of the transfer of personal data processed by the Data Controller, the legal basis and the recipient of the transfer, the scope of the personal data transferred and other data specified in the legislation providing for the processing.
XII. Duration of data processing
2.This means that the data processing lasts until the withdrawal of the consent, the execution of the cancellation request, the cancellation of the registration, the unsubscription from the newsletter, and in the relevant cases until the fulfilment of the legal obligation. The User may at any time object to the processing, request the cessation of the processing, the cessation of certain processing methods or the deletion of the data, both for specific purposes and in full. In such cases, the processing shall continue until the receipt and processing of such a request, which shall be carried out by the Controller without undue delay, but not later than 10 working days. The User may unsubscribe from the newsletter at any time by using the unsubscribe link included in the newsletters, by sending a written request to hello@ssolerawap.com e-mail or by sending the objections or requests outlined above by e-mail. Requests sent by e-mail will be considered valid by the Data Controller only if they are sent from the e-mail address provided by the User to the Data Controller in connection with the use of the website, or provided when subscribing to the newsletter or in the written contract/statement and registered with the Data Controller, but the use of another e-mail address does not imply that the request is ignored.
XIII. How data is stored
XIV. Deletion of data, restriction of processing
– processing is unlawful,
– the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
– the processed data is incomplete or inaccurate – and this situation cannot be lawfully remedied – provided that erasure is not excluded by law,
– the purpose of the processing has ceased to exist or the time limit for the storage of the data laid down by law has expired,
– ordered by a court or the National Authority for Data Protection and Freedom of Information.
UniCredit Bank Hungary Zrt.
UniCredit Bank Zrt.
Tax number: 10325737444
Registered office: 1054 Budapest, Szabadság tér 5-6..
Postal address: 1242 Budapest Pf. 386
Phone: +36303253200
E-mail: info@unicreditgroup.hu
Website: www.unicreditbank.hu
Business company as the provider of the online payment service available on the website of the Data Controller.
Legal basis for the transfer of data: the User’s consent pursuant to Article 6 Section (1) (a) of the GDPR. By selecting the online payment method and submitting the order, the User, after having read the Privacy Policy, voluntarily consents to the processing of his/her data necessary for the secure processing of the online payment.
– username
– line name
– first name
– country
– telephone number
– e-mail address.
XVI. Use of a data processor
The Data Controller uses the following entities as data processors.
Company name: | UniCredit Bank Zrt. |
Registered office: | 1054 Budapest, Szabadság tér 5-6.. |
Telephone: | +36303253200 |
E-mail: | info@unicreditgroup.hu |
The payment transactions made by the data subject are processed by the payment systems provided by the payment service providers referred to in this point for the payment accounts of the Company. The data may only be accessed by the employees of the Data Controller and, in accordance with their respective data management information, by the employees of the payment service providers, who are all responsible for the secure processing of the data.
Purpose | To ensure the cash flow of the Data Controller |
Legal basis | To comply with a legal obligation under Article 6 section (1) (c) of the GDPR |
Data subjects | Data subjects in a contractual relationship |
Scope of data | Name of the data subject, the bank of the account holder, the bank account number and the amount of the payment |
Data controller | The Company |
Persons entitled to access the data | The Company and its employees under an employment or agency relationship with the Company and the payment service provider and its employees |
Time limit for processing and deletion of data | As specified in the payment service provider’s information notice. |
Method of storage of data | Electronic |
Data transmission | None |
Company name: | GoDaddy Inc. |
Registered office: | 14455 N. Hayden Rd., Ste 226, Scottsdale, AZ 85260 USA |
Telephone: | 016535976 |
E-mail: | ihq@godaddy.com |
Company name: | WordPress / Automatic Inc. |
Registered office: | 60 29th Street #343, San Francisco, CA 94110 |
Telephone: | (877) 273 3049 |
Data processing operations consisting of the technical operations necessary for the operation of the website and the provision of the services provided through it, in order to ensure the operation of the website in the information technology sense for the User concerned.
Purpose | Processing of data relating to the use of the services provided by the Site by Users visiting the Site |
Legal basis | To comply with a legal obligation under Article 6 Section (1)(c) of the GDPR |
Data subjects | Data subjects in a contractual relationship |
Scope of data | The processing concerns all the data indicated in this notice. |
Data controller | The Company |
Persons entitled to access the data | The Company and its employees who have an employment or agency relationship with it and the processor and its employees |
Time limit for processing and deletion of data | According to the rules of the data processor |
Method of storage of data | Electronic |
Data transmission | None |
3.1.The data subjects concerned by the processing: users who subscribe to the newsletter on the website, irrespective of the use of other services provided by the website.
3.2. The Data Controller uses as a data processor
MailChimp / Rocket Science Group LLC
Company registration number: US26370239.
Tax number: 582554149
Registered office: 675 Ponce De Leon Ave Ne Ste 5000 Atlanta Georgia 30308.
Phone: (404) 806-5843
Website: mailchimp.com
as the developer and maintainer of the newsletter sending software used by the Data Controller (hereinafter referred to as the “Data Processor”).
3.3.Legal basis for data processing: on the basis of the User’s consent pursuant to Article 6(1)(a) of the GDPR, the Data Controller may use a data processor, subject to the User’s prior information. The User, by giving his/her consent to the sending of the newsletter to the Data Controller, as described in the section on sending newsletters above, after having read the Data Processing Notice, voluntarily consents to the use of a data processor for the processing of his/her data necessary for the sending of the newsletter.
3.4. Definition of the data subject of the processing: The processing of data concerns all the data indicated in the section on sending the newsletter in this notice.
3.5.Purpose of data processing: to ensure the operation of the software used by the Data Controller for sending newsletters in the information technology sense, by means of data processing in the technical operations necessary for the secure operation of the software.
3.6 Duration of the processing: the same as the processing periods indicated in the chapter on the sending of the newsletter in this information note.
3.7. The processing of the data consists exclusively of the technical operations necessary for the operation of the newsletter sending software in the IT sense.
4.1.Data subjects concerned by the processing of data: users who choose to receive their order by delivery on the website, regardless of whether they use other services provided by the website.
4.2. The Data Controller primarily uses as data processors
GLS General Logistics System Hungary Logistics Limited Liability Company
Registration number: 1309111755
Tax number: 12369410244
Registered office: 2351 Alsónémedi, GLS Európa u. 2.
Postal address: 2351 Alsónémedi, GLS Európa u. 2
Phone: +36 29886670
E-mail: info@gls-hungary.com
Website: gls-group.eu/HU
as the carrier delivering the products ordered (hereinafter referred to as the “Data Processor”).
4.3. Legal basis for processing: Article 6 Section (1)(b) GDPR, which states that processing is necessary for the performance of a contract to which the User is a party. The Data Controller may use a data processor for the performance of the contract, subject to prior information of the User. The User shall be informed of the content of the contract concluded with him/her and of the use of a data processor for the processing of his/her data necessary for the delivery of the ordered product when he/she receives the data processing information, when choosing the delivery method and when placing the order.
4.4.Definition of the scope of the data processing: the processing of the data concerns the following data of the User in order to fulfil the contract (delivery) resulting from the User’s order:
– line name
– first name
– telephone number
– delivery address.
4.5. The purpose of the processing of the data is to carry out the delivery of the ordered product within the framework of the performance of the contract resulting from the User’s order, by delivering it to the address indicated by the User, if necessary by telephone agreement on the place and time of delivery.
4.6. Duration of data processing: for the time necessary to carry out the delivery and delivery.
4.7. The processing of the data is limited to the technical operations necessary to carry out the delivery and delivery.
XVIII. User’s rights in relation to data management
The information shall be provided free of charge once per calendar year, and a fee may be charged for additional occasions when information is requested. However, the fee already paid shall be refunded if an unlawfulness is established with regard to the processing of the data or if the data have to be rectified for reasons attributable to the Data Controller.
In the context of the right of access, the Data Controller shall provide the User with a copy of the personal data subject to processing, at the latest within one month of receipt of the request. For any additional copies requested by the User, the Controller may charge a reasonable fee based on administrative costs (as set out in Chapter 19).
(a) the processing is based on the consent of the User or on a contract; and
(b) the processing is carried out by automated means.
In exercising the right to data portability as set out above, the User has the right to request, where technically feasible, the direct transfer of personal data between controllers.
(a) the User contests the accuracy of the personal data, in which case the restriction shall apply for the period of time necessary to allow the Controller to verify the accuracy of the personal data;
(b) the processing is unlawful and the User opposes the erasure of the data and requests instead the restriction of their use;
(c) the Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
(d) the User has objected to the processing based on the legitimate interests of the Controller; in this case, the restriction shall apply for a period of time until it is established whether the legitimate grounds of the Controller prevail over the legitimate grounds of the data subject.
Each User has the right to object to or prohibit the inclusion of his/her name and address data, contact details on a commercial list, the use of his/her data for direct commercial purposes or for a specific purpose within a specific list, the use of such data for sending newsletters, the transfer of such data to third parties, and to request other restrictions of his/her personal data, the termination of the processing of all or specific lists held by the Data Controller, including data transferred to third parties. The Controller shall carry out the erasure without undue delay after receipt of the request, but within a maximum of 10 working days, and shall inform the User concerned in writing within a further 15 days of the execution of the request.
(e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
(f) the personal data have been collected in connection with the provision of information society services;
(g) where the controller has disclosed the personal data and the personal data are no longer necessary for the purposes for which they were processed, the controller must erase them and take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that the data subject has requested the deletion of the links to or copies or replicas of the personal data in question.
If the Data Controller has disclosed the personal data and is obliged to delete it as set out above, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the data controllers that have processed the data that the User has requested them to delete the links to or copies or duplicates of the personal data in question.
The controller shall notify the rectification, restriction and erasure to the User concerned and to all controllers to whom the data were previously transmitted. Notification may be omitted if it proves impossible or involves a disproportionate effort. Upon request, the Controller shall inform the User of these recipients.
The data subject may request the blocking of his/her data by the Company using the contact details provided. The blocking shall last for as long as the reason indicated by the data subject makes it necessary to store the data. At the request of the data subject, the Company will do so without delay, but within a maximum of 30 days, and will send information to the e-mail address provided by the data subject.
XVIII. Compliance with your requests
(a) charge a reasonable fee; or
(b) refuse to act on the request.
User’s requests may be sent by post to the address of the Data Controller indicated in point 1.1 or by e-mail to help@ssolerawap.com. Requests sent by e-mail shall be considered as authentic by the Data Controller only if they are sent from the e-mail address provided by the User to the Data Controller and registered there, however, the use of another e-mail address shall not imply that the request is ignored. In the case of e-mail, the date of receipt shall be deemed to be the first working day following the sending of the request.
XIX. Data protection, data security
1.The Data Controller shall ensure the security of data in its data processing and data handling activities, and shall ensure the enforcement of legal provisions and other data protection and confidentiality rules by technical and organizational measures and internal rules of procedure. In particular, it shall take appropriate measures to protect the processed data against unauthorized access, alteration, disclosure, disclosure, deletion or destruction, accidental destruction or accidental damage and against inaccessibility resulting from changes in the technology used.
1.Data subjects may exercise their rights of enforcement before the courts under Act V of 2013 on the Civil Code, the GDPR and the Infotv., and may also apply to the National Authority for Data Protection and Freedom of Information:
National Authority for Data Protection and Freedom of Information
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Postal address: 1530 Budapest, PO Box 5.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu/
In the event that the User concerned chooses to take legal action, the action may also be brought before the court of the place of residence or domicile of the User concerned, as the court has jurisdiction to hear the case.
XXI. Miscellaneous provisions
With regard to the data transferred within the scope of this Privacy Notice, the data processors, who are individually responsible for the personal data processing carried out by them on behalf of the Company, are.
This Privacy Notice is published in the Official Journal of the European Union 2020.
The Data Controller reserves the right to amend this Privacy Notice unilaterally at any time, with prior notice to the data subjects. Data subjects will be informed by means of a notice on http://felhomatrac.hu/ at least eight calendar days prior to the modification.
Copyright © 2020 All rights reserved | Photo: Jágity Fanni