- Datacontroller data
Data Controller Name: Információmenedzsment Innovációs Klaszter Kft.
Headquarters of the data controller: 7525 Pécs, Ilona utca 12.
Representative of data controller: Információmenedzsment Innovációs Klaszter Kft.
Contact of data controller: firstname.lastname@example.org
- Data management regulations
The conceptual framework of this Disclosure is identical to the Interpretative Definitions defined in Article 4 of the General Data Protection Regulation (GDPR.) And supplemented, in certain respects, by CXII of 2011 on Information Self-Determination and Freedom of Information. (hereinafter referred to as “Information Act”). Therefore:
Personal data: any information relating to an identified or identifiable natural person (“data subject”); identifiable by a natural person who, directly or indirectly, in particular by reference to an identifier, such as name, number, positioning data, online identification or to one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity of the natural person identified;
Contribution: the voluntary, explicit and unambiguous expression of the will of the data subject, by which the data subject declares his or her consent to the processing of personal data concerning him or her by means of a declaration or act of unambiguous confirmation;
Data controller: any natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of data processing are determined by Union or Member State law, the controller or the specific criteria for designating the controller may be defined by Union or Member State law;
Data treatment: any operation or set of operations, whether automated or not, carried out on personal data or data files, such as collection, recording, filing, organizing, storing, transforming or altering, retrieving, accessing, using, communicating, distributing or otherwise making available , alignment or linking, restriction, deletion or destruction;
Data processor: any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
Recipient: any natural or legal person, public authority, agency or any other body to whom or to whom personal data are disclosed, whether a third party or not.
The processing of personal data must be lawful and fair and transparent to the data subject.
In the course of their work, the employees of the Data Controller shall ensure that unauthorized persons cannot access personal data, and that the storage and placement of personal data shall be designed in such a way that they cannot be accessed, known, altered or destroyed by unauthorized persons:
- Data management through the use of the Data Controller’s Website
By filling in the contact interface provided on the Data Controller’s homepage, it is possible for users visiting the homepage or the Data Controller’s clients to contact the Data Controller.
|Purpose of data management||Contact|
|Scope of data management||Name, e-mail, message of the client|
|Legal basis for data management||The consent of the data subject under Article 6 (1) (a) of the GDPR|
|Data storage deadline||One year after sending this message|
|How to manage your data||Electronically|
|Data source||Data recorded from the subject|
|Possible consequences of failure to provide data||The provision of personal information is optional, but contact is facilitated by providing the information.|
|Automated decision making and profiling||Data Controller does not use automated decision making or profiling.|
|Who can access your personal information?||Persons employed by the Data Controller and any data processor of the Data Controller. Data Processors: Wix.com Inc. (PO Box 40190 San Francisco, CA United States) / Hosting Provider|
|Transfer of data to a third country or international organization||No data will be transferred to a third country or international organization.|
The cookies used on the Website are not suitable for the identification of the persons concerned, they are necessary for the provision of the services of the Website, their use is indispensable for navigating the Website and for the functions of the Website. Most browsers accept cookies by default, but they can also choose to reject or receive cookies. Without the acceptance of cookies, the Site or parts of it may not be displayed or rendered in error. Temporary cookies are stored only until the end of the relevant browsing session and are essential for the proper functioning of certain functions or applications related to the Website, as these cookies ensure the proper functioning of the Website, facilitate its use and collect information about its use without identifying the Website visitors. The cookie information can be accessed by clicking this link .
|Purpose of data management||Operation of the Website|
|Scope of data management||Computer’s Internet Protocol (IP) address, Domain Name (URL), Access Information, Client File Retrieval (File Name and URL), HTTP Response Code, Web Site Information from which the request was made, bytes traded during the visit volume, time of visit, details of pages viewed.|
|Stakeholders||Users visiting the Data Controller Website.|
|Legal basis for data management||Stakeholder contribution pursuant to Article 6 (1) (a) of the GDPR in accordance with Section 155 (4) of Act C of 2003 on Electronic Communications .|
|Data storage limit||The time period until the end of the relevant visitor session (time session).|
|Method of data storage||Electronic|
|Data source||Stakeholder data registration|
|Automated decision making and profiling||Data Controller does not use automated decision making or profiling.|
|Who can access your personal information?||Personal data related to the use of the Website shall be known only to the Data Controller.|
|Transfer of data to a third country or international organization||It doesn’t happen|
- Stakeholders’ rights
As an interested party , you may request information about the handling of your personal data; and request the correction of your personal information; deleting your data at email@example.com ; restrictions on data management; Data portability is entitled to the remedy , and to withdraw consent . If you have a complaint, you can apply to the National Data Protection and Freedom of Information Authority or to the courts of your choice in Hungary. The court has jurisdiction in legal proceedings.
Below is a detailed description of stakeholder rights:
- Right to information and access
As an interested party , you have the right to receive feedback from the Data Controller as to whether your personal data is being processed and to have access to the following information:
- information on whether your personal data are being processed;
- has the right to know the purpose of the data processing;
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be communicated;
- the intended period for which the personal data will be stored or, if this is not possible, the criteria for determining this period.
- information on your rights and remedies .
The Datacontroller shall inform you without undue delay, but in any event within one month of receipt of the request, of the action taken in response to the request. Where necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. The controller shall inform the applicant of the extension of the time limit, indicating the reasons for the delay, within one month of receipt of the application .
The information is, as a rule, free of charge, and the Data Controller will only charge for it in the cases specified in Article 12 (5) and Article 15 (3) of the GDPR.
If the Data Controller fails to take action on the data subject’s request, it shall inform you, as the data subject, of the reasons for not taking action, of lodging a complaint with a supervisory authority and of having recourse to a judicial remedy , without delay .
- Right to rectification
You, as an individual, have the right to rectify any inaccurate personal data relating to you upon your request without undue delay. Given the purpose of the processing, the data subject shall have the right to request that any personal data which are incomplete be corrected, including by means of a supplementary declaration.
For as long as the Data Controller verifies the accuracy of the personal data, the personal data in question may be limited in accordance with Section 4.4.
- Right to protest
You, as an interested party, may object to the processing of your personal data by a statement to the Data Controller if the legal basis for such processing is
- the GDPR Article 6. In the public interest referred to in paragraph 1 (e), or
- the legitimate interests of the GDPR Article 6 (1) f).
When they exercise their right to object to the data controller will no longer manage your personal information, unless he proves that the data processing of coercive force is justified by legitimate reasons that would take precedence over the interests, rights and freedoms of data subject or are related to the presentation, exercise or defense of legal claims .
As regards the finding that the data processing coercive force is justified by legitimate reasons, the data controller manager decides. It shall inform you, as an interested party, of its position on the matter.
- Right to restrict data management
Data management may be restricted if:
- You, as an interested party, dispute the accuracy of the data, the Data Controller restricts the processing of your personal data until such time as the correctness of the data is determined;
- the data processing is unlawful and you, instead of deletion as a party concerned , request a restriction on your use
- the Data controller no longer need the data, but you are as concerned require them as a matter of legal claims;
- You, as an interested party , object to the processing of your personal data pursuant to Article 21 of the GDPR, until such time as the protest is considered.
During the period of consideration of the data subject’s objection to the processing of the personal data of the data subject, the Data Controller shall suspend the data processing , examine the merits of the objection and make a decision, which shall be communicated to the applicant.
If a protest is warranted, the data will be limited by the Data Controller , meaning that only storage as data management may take place for as long as
- the data subject consents to the data management;
- the processing of personal data is necessary for the enforcement of legal claims;
- the processing of personal data becomes necessary to protect the rights of other natural or legal persons; or
- law regulates data processing in the public interest.
If a restriction on data management has been requested by the data subject, the head of the department concerned shall inform the data subject in advance of the lifting of the restriction.
4.5. Right to erasure (“the right to forget”)
As a data subject , you, as a data subject, have the right to delete your personal data without undue delay upon your request, and you are required to delete your personal data without undue delay if any of the following applies:
(a) personal data are no longer necessary for the purpose for which they were collected or otherwise processed;
b) you, as a data subject, withdraw your consent to the data processing and there is no other legal basis for the data processing;
c) you, as a data subject, object to the data processing pursuant to Article 21 (1) of the GDPR and there is no legitimate legitimate reason for the processing or the data subject is objecting to the processing pursuant to Article 21 (2);
(d) the personal data have been unlawfully processed ;
(e) personal data must be deleted in order to comply with a legal obligation under Union or national law applicable to the controller ; or
(f) personal data have been collected in connection with the provision of information society services.
Az érintett törlési jogának korlátozására csak a GDPR-ban írt alábbi kivételek fennállása esetén kerülhet sor.
4.6. The right to data portability
You, as an individual, have the right to receive personal data about you made available to you by the Data Controller in a structured, widely used, machine-readable format (.XML, .CSV) and to pass on such data to another Controller without to prevent this from being compromised by the controller to whom the personal data have been made available, provided that:
- Ön, mint érintett jogosult arra, hogy az Önre vonatkozó, általa az Adatkezelő rendelkezésére bocsátott személyes adatokat tagolt, széles körben használt, géppel olvasható formátumban (.XML, .CSV) megkapja, továbbá jogosult arra, hogy ezeket az adatokat egy másik adatkezelőnek továbbítsa anélkül, hogy ezt akadályozná az az adatkezelő, amelynek a személyes adatokat a rendelkezésére bocsátotta, amennyiben:
- the legal basis for the processing was your consent or the processing was necessary for the performance of a contract in which you, as a party, were required to take action at the request of the data subject prior to the conclusion of the contract [Article 6 (1) GDPR]; ) and Article 9 (2). point a)]
- Data management is automated. .
The controller shall inform any recipient to whom or which personal data have been communicated of any rectification, erasure or restriction, unless this proves impossible or involves a disproportionate effort. At the request of the data subject, the controller shall inform those addressees.
4.7. Right to withdraw consent
If the Data Controller’s legal basis for processing the personal data of the data subject is the data subject’s consent, you as the data subject may withdraw your consent at any time. In this regard, the Data Controller shall inform the data subjects that the Data Controller may, after revoking the data subject’s consent, process the personal data of the data subject for the fulfillment of his or her legal obligation or legitimate interests, provided that the interest is proportionate to the restriction
The Data Controller shall also indemnify for damages caused to others due to unlawful processing of data of the data subject or breach of data security requirements, or damages for personal injury caused by him or her or its data processor. The controller shall be exempt from liability for damages and payment of damages if he proves that he is not in any way responsible for the event giving rise to the damage.
The data subject may lodge a complaint with the supervisory authority regarding the data controller’s data processing procedure – in Hungary, contact the NAIH:
Name: National Privacy and Freedom of Information Authority
Headquarters: 1024 Budapest, Szilágyi Erzsébet fasor 22 / C.
The data subject may, if he or she so chooses, pursue his or her claim through the courts. The court has jurisdiction to hear and determine the lawsuit. At the choice of the data subject, the lawsuit may be instituted before the court in the place where the data subject is domiciled or habitually resident.
6. The way and security of data management
The Data Controller shall ensure the security of the data and shall take the technical and organizational measures and procedures necessary to enforce the GDPR and the Information and other data protection and confidentiality rules required by law. The Data Controller protects your personal data from unauthorized access; alteration; referral to; disclosure; or accidental deletion or destruction; damage; and becoming inaccessible due to changes in the technology used.
The Data Controller pays special attention to the protection of data files electronically maintained in different registers, so that data stored in different registers, unless permitted by law, cannot be directly linked and assigned to the data subject.
During the automated processing of personal data, the Data Controller shall ensure:
- prevent the unauthorized data input;
- use of the systems by unauthorized persons;
- verifying and establishing to which bodies personal data have been or may be transmitted using data communication equipment;
- the verifiability and identifiability of which personal data,
- when and by whom it was introduced into automatic data processing systems;
- he recovery of installed systems in the event of a malfunction.
The Data Controller shall keep a record of the transfer of data, in which the legality of any transfer of data may be verified. The register shall specify the scope of the personal data transmitted, the date and legal basis of the data transfer, the recipient of the data transfer and other data as specified by law.
7. Changing the Declaration
The Data Controller reserves the right to modify this statement. If the change concerns the use of the personal data provided by the data subject, he or she shall inform the user by e-mail of the changes. If the details of the data processing change as a result of the modification of the statement, the Data Controller shall specifically request the data subject’s consent.
8. Issues not specified in these Rules
For matters not covered by these Rules, the GDPR and, where permitted, the Infotv. its rules shall prevail.