Name and contact details of the controller
CSC JÄKLEKÉMIA Hungaria Kft.
Headquarter: 8111 Seregélyes, János major 025/58/A hrsz.
Company registration number: 07-09-031123
Tax number: 12929210-2-07
Telephone number: +36 1 77 70856
Fax: +36 1 20 43 048
E-mail address: firstname.lastname@example.org
Your personal data protection and security
We consider the protection and security of your personal data as our primary responsibility in order to preserve the confidentiality of the personal data you provide and to protect it from unauthorized attacks. Therefore, we exercise the utmost care and apply the highest and most up-to-date security standards to ensure maximum protection of your personal data.
Our company complies with the requirements of both EU and Hungarian legislation in the processing of your data. We have put in place appropriate technical and organisational measures to ensure that both we and our partners comply with data protection requirements.
In accordance with the legal requirements, personal data may only be processed for legitimate purposes, on the basis of an appropriate legal basis and in accordance with the principles of lawfulness, fairness and transparency. In order to comply with these principles, we provide you with basic definitions of data processing, which are also used in this notice:
personal data: 'any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'
processing: 'any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction'
restriction of processing: 'the marking of stored personal data for the purpose of restricting their future processing'
profiling: 'any form of automated processing of personal data by which personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with the performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person'
pseudonymisation: 'the processing of personal data in such a way that it is no longer possible to identify the natural person to whom the personal data relate, without further information being necessary, provided that such further information is kept separately and technical and organisational measures are taken to ensure that no association with an identified or identifiable natural person is possible'
'filing system' means 'a set of personal data structured in any way, whether centralised, decentralised or structured according to functional or geographical criteria, which is accessible on the basis of specified criteria'
controller: 'the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law'
'processor' means 'a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller'.
recipient: 'the natural or legal person, public authority, agency or any other body to whom or with which the personal data are disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual inquiry in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing."
third party: 'a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data'
data subject's consent: 'the freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act unambiguously expressing his or her consent, that he or she signifies his or her agreement to the processing of personal data relating to him or her'
Legal grounds for processing
Processing will only be lawful where there is an appropriate legal basis, which is defined in Article 6 of the GDPR as follows:
(a) the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject prior to entering into that contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) processing is necessary for the protection of the vital interests of the data subject or of another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
Data processing operations that occur when you visit our website
If you contact us via the dedicated interface on our website or by e-mail, we will contact you and answer your questions, and the purpose of the processing is to contact you, the legal basis for which is your consent.
In order to contact you, the following personal data may be processed: your first and last name, e-mail address, telephone number.
The duration of the processing is limited to the duration of the contact, so your data will not be kept after the contact, except in cases where it may be necessary to keep your data for legal obligations.
Logging activities related to visits to websites
When you visit the websites, even if you do not provide any personal data, we collect certain data that your browser shares with our server. Thus, when you visit our websites, we collect the following data for technical reasons and in order to ensure the functionality and security of the websites (our processing is based on the legitimate interest of the controller - Article 6(1)(f) GDPR):
- IP address
- time and date of visit
- time difference from Greenwich Mean Time (GMT)
- Date and time of the visit
- access status/HTTPS status code
- time spent on the web pages
- the website from which you visited our website
- browser type
- language settings of the browser
There are two main types of cookies, one of which does not require the user's consent. These include "user input" cookies, authentication cookies, user-centred security cookies, multimedia player session cookies, load balancing session cookies, user interface customisation cookies.
The other group includes cookies that require the user's consent, which, if the processing starts when the user visits the site, are communicated to the user and the user's consent is requested at the beginning of the first visit, such as social content sharing tracking cookies, cookies related to external advertising, cookies for self-analysis of visits.
Accepting cookies is not mandatory, but we inform users that not accepting cookies may affect the functioning of the website, and we cannot be held responsible if our website does not function as expected without accepting cookies.
For more information about third-party cookies (thirdpartycookie), please see the links below:
Google Analytics Terms and Conditions - marketingplatform.google.com/about/analytics/terms/hu/
Additional offers and features of our websites
1) In addition to the above, there are other services available on our websites that may be of interest to you. In order to use these services, you may be required to provide additional personal data, which will always be used for the purpose of using the current service, for predefined purposes and on a legal basis.
2) For some processing operations, your personal data will be sent to a data processor. Processors are carefully selected and entrusted with the tasks of data processors who comply with our policies, compliance with which is periodically monitored.
(3) In addition, your personal data may be transferred to third parties in connection with certain processing activities, such as participation in promotions or games of chance, certain contracts or other services that we organise with our partners. In each case, we will provide you with specific information about these processing operations in the information notices relating to the processing operations or if you contact us.
4.) If the service provider or our partner who has a contractual relationship with us is established outside the European Economic Area (EEA), we will inform you of this fact in the information notice relating to the processing.
Our offers are intended for adults only. A person under 18 years of age may not send us your data without the consent of the person exercising parental authority.
Rights of data subjects
The data subject may exercise the rights set out below by contacting us at the contact details provided in this notice. All requests for the exercise of rights will be dealt with within 25 days of receipt.
1. Right to information
The principle of fair and transparent processing requires that data subjects are informed, before processing starts, of the fact and purpose of the processing, the identity of the controllers, the data protection officers, the scope of the data processed, the legal basis, the time and method of processing and the data processors used for processing. Under the right to information, data subjects have the possibility to request information about the processing of their data, in which case they will receive personalised information.
2. Withdrawal of consent
The data subject has the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of the processing based on consent prior to its withdrawal.
3. Right to rectification
The data subject shall have the right to obtain the rectification or integration of data relating to him/her which we process.
4. Right to erasure/overwriting
Data subjects have the right to request the erasure of their data processed by us. Please note that a request for erasure will be refused if there is an obligation to store the data.
5. Right to blocking/restriction
The data subject has the right to request the restriction/ blocking of the data processed (by clearly indicating the limited nature of the processing and ensuring that it is kept separate from other data).
6. Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of his or her personal data in the public interest or in the exercise of official authority vested in the controller, or in relation to the legitimate interests of the controller or of a third party.
7. Right to data portability
The data subject shall have the right to receive personal data relating to him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format and the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent or on a contract and the processing is carried out by automated means.
8. Right to lodge a complaint or to initiate proceedings
The data subject shall have the right to lodge a complaint with a supervisory authority or to initiate proceedings before a supervisory authority and to an effective judicial remedy if he or she considers that there has been a breach of a right concerning the processing of his or her data or the exercise of his or her rights in relation to the processing. In the event of judicial remedy, the data subject may bring a civil action, which shall be subject to the jurisdiction of a court of law. The action may also be brought, at the data subject's choice, before the courts of his or her place of residence (for a list of courts and their contact details, please consult the following link: birosag.hu/ugyp.com/ugyp.com/birosag-kereso).
Contact details of the competent supervisory authority:
National Authority for Data Protection and Freedom of Information Address: 1055 Budapest, Falk Miksa utca 9-11. postal address: 1363 Budapest, Pf. 9. e-mail: email@example.com telephone: +36 (1) 391-1400
We kindly ask the persons concerned to contact our Company before lodging a complaint with the supervisory authority or the court in order to reconcile and solve the problem as soon as possible.
Online presence on social media
For certain services, we use data processors, with whom we will in all cases enter into a data processing agreement and about whom we will provide information.