privacy policy

  1. INTRODUCTION

This Data Management Information (hereinafter: Information) applies to the handling of personal data arising during the operation of the website of Sándor Petrovics (hereinafter: Data Controller) www.sandorpetrovics.com. The Data Controller pays particular attention to the protection of personal data, compliance with mandatory legal provisions and safe and fair data management.

Data of the Data Controller:

Name: Sándor Petrovics

Tax identification number: 8441730415

Mailing address: 1041 Budapest, Kossuth utca 74.

Email address: sandorpetrovics87@gmail.com

Website: www.sandorpetrovics.com

Phone number: +36707727166

Contact details of the representative of the Data Controller:

Name: Sándor Petrovics

Mailing address: 1041 Budapest, Kossuth utca 74.

Email address: sandorpetrovics87@gmail.com

Phone number: +36707727166

In particular, this Notice was drawn up on the basis of the following legislation in force:

  • a) Act CXII of 2011 on the right to information self-determination and freedom of information (hereinafter: Infotv.);
  • b) CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. Act (hereinafter: Act);
  • c) Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activities. law (hereinafter: Grt.);
  • d) Act C of 2003 on electronic communications (hereinafter: Act);
  • e) 2016 on the protection of natural persons with regard to the processing of personal data and the free flow of such data, as well as the repeal of Directive 95/46/EC. European Parliament and Council Regulation 2016/679 of April 27 (hereinafter: Regulation).

This Information Sheet is available from the following page: https://www.sandorpetrovics.com/test/adatvedelem

The Data Controller reserves the right to change this Notice, in which case the changes to this Notice will come into force upon publication on the following page: https://www.sandorpetrovics.com/test/adatvedelem

  1. INTERPRETATIVE PROVISIONS

The terms used in this Notice have the following meaning:

user: identified or identifiable natural person (Article 4, point 1 of the Regulation). In this case, visitors and users of the website www.sandorpetrovics.com.

personal data: any information relating to an identified or identifiable natural person (“data subject”); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable (Article 4, point 1 of the Regulation);

data handling: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or making accessible in any other way by item, coordination or connection, restriction, deletion or destruction (Article 4, point 2 of the Regulation);

limitation of data management: indication of stored personal data for the purpose of limiting their future processing (Article 4, point 3 of the Regulation);

profiling: any form of automated processing of personal data, during which personal data is used for the evaluation of certain personal characteristics of a natural person, in particular for the analysis of characteristics related to work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement or is used for forecasting (Article 4, point 4 of the Regulation);

aliasing: the processing of personal data in such a way that, without the use of additional information, it is no longer possible to establish which specific natural person the personal data refers to, provided that such additional information is stored separately and technical and organizational measures are taken to ensure that identified or this personal data cannot be linked to identifiable natural persons (Article 4, point 5 of the Regulation);

registration system: the file of personal data in any way – centralized, decentralized or divided according to functional or geographical aspects – which is accessible based on specific criteria (Article 4, point 6 of the Regulation);

data controller: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be defined by EU or member state law (Article 4, point 7 of the Regulation);

data processor:the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller (Article 4, point 8 of the Regulation);

addressee:the natural or legal person, public authority, agency or any other body with whom the personal data is communicated, regardless of whether it is a third party. Public authorities that can access personal data in accordance with EU or member state law in the context of an individual investigation are not considered recipients; the handling of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the data management (Article 4, point 9 of the Regulation);

third party: the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data controller, the data processor or the persons who have been authorized to process personal data under the direct control of the data controller or data processor (Regulation 4 Article 10);

consent of the data subject:the voluntary, specific, and clear declaration of the will of the data subject based on adequate information, by which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he/she consents to the processing of personal data concerning him/her (Article 4, point 11 of the Regulation);

data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled (Article 4, Clause 12 of the Regulation);

health data: personal data relating to the physical or mental health of a natural person, including data relating to the health services provided to the natural person, which carries information about the natural person’s health (Article 4, point 15 of the Regulation);

representative:the natural or legal person with a place of business or residence in the Union and designated in writing by the data controller or data processor pursuant to Article 27, who represents the data controller or data processor in relation to the obligations incumbent on the data controller or data processor pursuant to this Regulation (Regulation 4 Article 17);

undertaking: a natural or legal person engaged in economic activity, regardless of its legal form, including partnerships and associations engaged in regular economic activity (Article 4, point 18 of the Regulation);

business group:the controlling company and the companies controlled by it (Article 4, point 19 of the Regulation);

special data: all data belonging to special categories of personal data, i.e. personal data referring to ethnic origin, political opinion, religious or worldview beliefs or trade union membership, as well as genetic data, biometric data for the unique identification of natural persons, health data and sexual information of natural persons personal data concerning your life or sexual orientation (Article 3. point 3 of Infotv);

data transfer:making the data available to specified third parties (Infotv. § 3. point 11);

disclosure: making the data available to anyone (Infotv. § 3. point 12);

data deletion: rendering the data unrecognizable in such a way that their restoration is no longer possible (Infotv. § 3. point 13);

data destruction: complete physical destruction of the data carrier containing the data (Infotv. § 3. point 16);

data processing:the totality of data processing operations carried out by a data processor acting on behalf of or on the basis of the instructions of the data controller (Infotv. § 3. point 17);

data file: the totality of the data managed in one register (Infotv. § 3. point 21);

EEA State:a member state of the European Union and another state party to the Agreement on the European Economic Area, as well as the state whose citizen is a citizen of the European Union and its member states, and a state party to the Agreement on the European Economic Area based on an international treaty concluded between a state that is not a party to the Agreement on the European Economic Area enjoys the same legal status as the citizens of the state (Infotv. § 3. point 23);

third country: all states that are not EEA states (Infotv. § 3. point 24).

  1. MANAGEMENT OF COOKIES

3.1. Purpose of data management

The Data Controller uses so-called cookies (hereinafter: cookies) when visiting the website www.sandorpetrovics.com. Cookies are packets of information consisting of letters and numbers that the Data Controller’s website sends to users’ browsers with the aim of saving certain settings, facilitating the use of the Data Controller’s website and helping the Data Controller collect some relevant, statistical information about users. Cookies do not contain personal information and are not suitable for identifying an individual user.

The purpose of data management related to cookies is to identify users, distinguish them from one another, identify the users’ current session, store the data provided during that session, prevent data loss, learn about the browser specification and increase the efficiency of the service. In order to provide the service, control the operation of the service, and prevent abuse, the Data Controller records the visitor data that is technically absolutely necessary for the provision of the service.

The Data Manager does not connect the data generated during the analysis of the log files with other information, and does not attempt to identify the visitor. Cookies often contain a unique identifier – a secret, randomly generated string of numbers – stored on the user’s device. Some cookies are deleted after closing the website, and some are stored on the user’s computer for a longer period of time.

3.2. Types and use of cookies

3.2.1. Grouping of cookies according to their lifetime

  • A) session cookies

“Session cookies” are automatically deleted when the user exits the browser program.

  • B) persistent cookies

“Persistent cookies”, on the other hand, remain stored in the user’s device until the specified expiration time (minutes, days, years) is reached, or until the user deletes them manually.

3.2.2. Grouping of cookies according to place of origin

  • A) own cookies (first party cookies)

The term “own cookies” is used as a reference to cookies that are installed by the Data Controller (or any of its data processors) operating the website visited by the user – as defined by the URL address that usually appears in the address bar of the browser.

  • B) third party cookies

“Third-party external cookies” are cookies installed by a data controller other than the operator of the website visited by the user (as defined by the website address (URL) displayed in the address bar of the browser).

3.2.3. Grouping of cookies according to the Data Protection Working Group

  1. A) Cookies that do not require the user’s consent (cookies necessary for technical reasons)
  1. cookies storing data recorded by the user (user input cookies)

The term “user input” cookie can be used as a general term to describe session cookies that are used to consistently track the user’s data input during message exchanges with the service provider. As a rule, they use proprietary cookies that are based on a session ID (a random temporary ID number) and expire at the end of the session at the latest.

“User input” own cookies are generally used to track user input when filling out multi-page online forms, or, for example, in the case of a shopping cart, what goods the user has selected by clicking a button (e.g. “add to cart”). These cookies are clearly necessary to provide the internet service specifically requested by the user. In addition, they are linked to the user’s activity (such as clicking a button or filling out a form).

  1. authentication session cookies

Authentication cookies are used to identify the user when logging in (for example, on the website of an internet bank). These cookies are necessary so that users can identify themselves during their repeated visits to the website and gain access to authorized content, such as checking their account balance, transactions, etc.

Authentication cookies are usually session cookies. When a user logs in, they specifically request access to the content or service they are authorized to use. In the absence of the authentication token stored in the cookie, the user would have to enter his username/password on every retrieved page. Therefore, the authentication service is an essential part of the service related to the information society that it specifically requested. However, it is important to note that the user only requests access to the website and the specific service required to perform the requested task. Authentication cannot enable cookies to be used for other secondary purposes, such as behavior tracking or advertising without consent.

  1. user-centric security cookies

The exemption applicable to authentication cookies (described above) can be extended to other cookies designed for specific tasks related to strengthening the security of the service specifically requested by the user. These include, for example, cookies that are used to detect repeated unsuccessful login attempts to the website, or other similar mechanisms designed to protect against abuse of the login system.

However, this exemption does not cover the use of cookies that are related to the security of websites or services from third parties not specifically requested by the user. Although login cookies are usually set to expire at the end of the session, security cookies are expected to expire longer in order to achieve their security purpose.

  1. multimedia-player session cookies

Multimedia player session cookies are used to store technical data required for playback of video or audio content, such as image quality, network connection speed and buffering parameters. These multimedia session cookies are commonly known as “flash cookies”. They got this name because Adobe Flash is currently the most widely used video technology on the Internet. Since this information is not needed in the long term, these cookies should expire when the session ends. If the user visits a website that includes related text and video content, both content elements are equally part of the service specifically requested by the user. In order to be exempted, the website operator must

  1. load-balancing session cookies

Load balancing is a technique that allows a single machine location to be distributed among many computers to process requests to a web server. One technique used to implement load balancing is based on a “load balancer”: web requests from users are directed to a load balancing gateway, which forwards it to one of the available internal servers in the computer pool. In some cases, this redirection must be maintained throughout the session: all requests from a given user must be forwarded to the same server in the computer pool in each case to maintain processing consistency.

Among many other techniques, cookies can be used to identify a server in a computer pool so that the load balancer can properly route requests. In this case, we are talking about session cookies. The sole purpose of the information included in the cookie is to identify one of the endpoints of the communication (one of the servers in the computer set), so such a cookie is necessary for communication transmission over the network.

  1. user interface customization cookies

Cookies that help customize the user interface are used to store user preferences related to the service through web pages that are not linked to other permanent identifiers, such as a username. They are only activated if the user, for example by clicking a button or checking a box, has specifically requested the service for storing certain information. These can be session cookies or, depending on their purpose, they can be set to expire in weeks or months.

Typical examples of cookies that help with customization are the following:

  • a) cookies related to the desired language, which are used to store the language selected by the user on a multilingual website (e.g. by clicking on a flag);
  • b) cookies related to the desired display of results, which are used to store the user’s preferences related to online search queries (e.g.: selecting the number of results per page).
  1. social plugin consent sharing cookies

Many social networks offer “social content sharing modules” that website operators can integrate into their platform, specifically to allow users of the social network to share content they like with their friends (and offer other related services, such as posting comments). These content sharing modules store and make available cookies on the user’s end device so that social networks can identify their members when contacting these plugins. In order to clarify this question of use, it is important to distinguish users who are “logged in” to a given social network account via their browser from those who are “not logged in”.

  1. B) Cookies requiring user consent (optional cookies)
  1. social plugin tracking cookies

Many social networks offer “social content sharing modules” that website operators can incorporate into their platforms to provide services that their members believe they have “specifically requested”. However, these modules can also be used to track individuals (members and non-members) and may contain cookies from third parties for additional purposes (e.g. behavioral advertising, analysis or market research).

  1. third party advertising cookies

This group includes third-party cookies used for behavioral advertising and all related third-party operational cookies used in advertising activities, including frequency maximization, financial logging, advertising partnerships, click fraud detection, research and market analysis, also cookies used for product repair and error detection.

The Do Not Track (DNT) function is a browser opt-out option. If this function is activated, the browser sends a Do Not Track header to the service providers (web analytics system, ad serving system, other service providers) when each page is retrieved, indicating that these service providers cannot store online behavioral information about this user, i.e. they are not allowed to place cookies with him. In principle, this causes a similar operation as if the user had opted out of the given service provider, only in this case, with a browser setting, he can indicate to all service providers that he does not want them to track what and where he browses on the Internet. Therefore, if a user declares that he does not request tracking (DNT=1), no tracking identifier can be installed,

  1. first party analytics

Visit analytics are statistical tools that measure website visits and often use cookies. In particular, website owners use these tools to estimate the number of unique visitors, to identify the most frequently used keywords on search engines that lead to a given website, and to track certain web navigation queries.

3.2.4. Grouping according to the International Chamber of Commerce of the United Kingdom (ICC UK).

The most common cookie classification system used today – at least on English-language websites – was proposed and developed by the International Chamber of Commerce of the United Kingdom (ICC UK) in a document called the ICC UK Cookie Guide:

  • A) strictly necessary cookies (strictly necessary cookies/necessary)

These cookies are necessary for the use of the website and enable the use of the website’s functions. These include cookies that allow you to log in to secure areas of the website, use a shopping cart, or use e-invoicing services.

  • B) performance cookies (performance cookies/statistics)

These cookies collect information about how visitors use the website, such as which pages they visit most often or whether they receive error messages from the website. These cookies do not collect information that identifies the visitor. These cookies collect aggregated information and are therefore anonymous, they are only used to improve the functioning of the website.

  • C) functional cookies (functionality cookies/preferences)

These cookies make it possible to record the user’s choices (for example, entered name, language or region) and to use extended, personalized functions. In addition, these cookies can also enable certain functions embedded in the website (for example, displaying YouTube videos) in order to function properly. The information collected by these cookies may be anonymous and not suitable for tracking the user’s activities on other websites visited by the user.

  • D) targeting cookies or advertising cookies/marketing

The purpose of using these cookies is to display advertisements on the website that are even more interesting to the user and relevant to the user. These cookies can be used to determine, for example, the number of times an advertisement is displayed, as well as to assess the effectiveness of advertising campaigns. These cookies are usually placed by advertising networks on a given website, with the permission of the website operator. These cookies record your visit to that website and share this information with other organizations, such as the publisher of the advertisement. In general, targeting or advertising cookies are related to functions provided by the organization operating the website.

  • E) unclassified cookies

Cookies that have not yet been classified, including providers of individual cookies, are not classified.

3.3. Cookies used in particular on the website www.sandorpetrovics.com

3.3.1. Strictly necessary cookies (strictly necessary cookies/necessary)

Name

Service provider

Target

Type

Expiration date

wordpress_session, wordpress_test

sandorpetrovics.com

Ensuring the proper functioning of the website

Session cookies

End of session

3.3.2. performance cookies (performance cookies/statistics)

Name

Service provider

Target

Type

Expiration date

_ga, _gid, _gat

Google Analytics

Collecting information about how our visitors use our website.

Cookies for statistical purposes

2 years, 1 day, 1 minute

fr, _fbp

Facebook

Collecting information about how our visitors use our website.

Cookies for statistical purposes

3 months

3.4. Legal basis for data management

With regard to cookies that require consent, the legal basis for data management is Article 6 (1) point a) of the Regulation, Ehtv. Paragraph (4) of § 155 and Ektv. 13/A. On the basis of § (4), the voluntary consent of the person concerned, as well as Ektv. 13/A. (3) of §

In the case of cookies (strictly necessary cookies), server logs (e.g. logging of IP addresses), or other personal data that are necessary for the basic operation of the given website and the security of the IT system, the legal basis for data management is Article 6 (1) of the Regulation f) the enforcement of the legitimate interests of the Data Controller or a third party.

3.5. The range of stakeholders:

Those who visit the website www.sandorpetrovics.com are among the persons who consented to the use of cookies by pressing the “I accept” button on the website.

3.6. Scope of processed personal data

The data processing necessary for the basic operation of the website www.sandorpetrovics.com and the security of the IT system is carried out by providing the following personal data, which personal data are the following activities:

  • a) No personal data is provided or processed

3.7. Duration of data management

During the data management necessary for the basic operation of the www.sandorpetrovics.com website and the security of the IT system, cookies are used in accordance with 3.3. are deleted after the period specified in point No personal data is provided or processed.

3.8. Recipients of personal data, categories of recipients

Competent employees of the data controller and data processor

3.9. The Data Controller(s)

Individual/business as defined in point 1 of this Data Management Information.

3.10. The Data Processor(s)

  • a) Sándor Petrovics (mailing address: 1041 Budapest, Kossuth utca 74. e-mail address: sandorpetrovics87@gmail.com , website: https://www.sandorpetrovics.com/test), as the individual/business company responsible for the operation of the website.
  • b) Websupport Magyarország Kft. (headquarters: 1132 Budapest, Victor Hugo utca 18-22, e-mail address: info@ezit.hu ; website: https://www.ezit.hu), as the hosting provider.
  • c) Levente Galgóczi Olivér (address: 1041 Budapest, Deák Ferenc utca 55. e-mail address: oliver.galgoczi@gmail.com , website: https://www.inkamedia.hu), as the economic manager responsible for the development of the website company.

3.11. Data management of external service providers

The html code of the portal may contain links from and to external servers. The servers of external service providers can be connected directly to the visitor’s computer. We draw our visitors’ attention to the fact that the providers of these links are able to collect visitor data due to the direct connection to their server and direct communication with the visitor’s browser. Content that may be personalized for the visitor is served by the servers of external service providers. The cookies used by third-party providers are in particular the Google Adwords cookie, the Google Analytics cookie or the cookies used by Facebook.

You can read more about the cookies used by Google here:

https://policies.google.com/technologies/types?hl=en

You can read more about the cookies used by Facebook here:

https://www.facebook.com/policies/cookies

3.12. Settings, deletion or blocking of cookies

The user can delete cookies that require consent from their own computer or block the use of cookies that require consent in their browser. The use of cookies that require consent is not mandatory. If the visitor to the website www.sandorpetrovics.com does not consent to the use of cookies that require consent, certain functions may not be available to him. If the visitor to the www.sandorpetrovics.com website wants to disable cookies that require consent in whole or in part, he must do so separately on all devices and programs suitable for browsing.

The settings for cookies that require consent used on the www.sandorpetrovics.com website can be set by the visitor:

  • a) on the website www.sandorpetrovics.com, you can view it in the pop-up window by clicking on the “cookie settings” button on the bottom bar of the main page, or
  • b) In the case of the Chrome browser, click on the “View page information” graphic element in front of the address bar of the browser (lock in the case of a secure connection – https, in other cases by clicking on a circled letter “i” in a pop-up window, or
  • c) In the case of the Chrome browser, you can view and change it in the following menu: Settings/Advanced/Privacy and security/Content settings/Cookies

More information about cookies can be found at the following links:

  • a) Microsoft Internet Explorer:

https://support.microsoft.com/en-gb/help/17479/windows-internet-explorer-11-change-security-privacy-settings

  • b) Firefox:

https://support.mozilla.org/hu/products/firefox/protect-your-privacy/cookies

  • c) Google Chrome:

https://support.google.com/accounts/answer/61416?hl=en

  • d) Microsoft Edge

https://privacy.microsoft.com/hu-HU/windows-10-microsoft-edge-and-privacy

  • e) Opera

https://help.opera.com/en/latest/web-preferences/#cookies

  • f) Safari

https://www.apple.com/legal/privacy/en-ww/

  1. QUESTION, INTEREST

Visitors to the website www.sandorpetrovics.com have the opportunity to send their questions and interests by sending an electronic message – by filling out the thematic form on the website – to the contact details of the Data Controller at https://www.sandorpetrovics.com/test/#contact.

4.1. Purpose of data management

The purpose of data management is to inform visitors of the website www.sandorpetrovics.com electronically, to answer their questions, to take their suggestions into account, to facilitate more effective consultation, to facilitate administration, to serve their needs to the maximum, and to increase their satisfaction.

4.2. Legal basis for data management

Voluntary consent of the person concerned based on point a) of Article 6 (1) of the Regulation.

Visitors to the website www.sandorpetrovics.com can submit their questions and interests to the Data Controller by accepting the Data Management Information by checking the box and pressing the “Book” button.

If the message is successfully sent, the visitor will receive a confirmation of this fact by e-mail and directly under the “Sign up” button.

The data subject may withdraw his voluntary consent to the processing of the data at any time, however, in this case the Data Controller cannot inform the data subjects or answer the questions they ask regarding questions that have not been answered until the consent is withdrawn.

4.3. The range of stakeholders

Those affected include visitors who fill out forms and send electronic messages.

4.4. Scope of processed personal data

Visitors who fill out the form provide their personal data voluntarily. The person providing the data is responsible for the veracity of the personal data provided. Visitors filling out the form usually provide the following personal data, which personal data are the following activities:

Name: contacting, answering and handling user questions

E-mail address: contact, answering and handling user questions

Phone number: contact, answering and handling user questions

are necessary.

4.5. Duration of data management

Data management takes place until the date of withdrawal of consent, but at the latest until the goal is fulfilled. The Data Controller keeps a record of the persons who consented to data management by filling out the form. If the data subject withdraws his consent, the Data Controller will delete the personal data of the data subject from its register and any existing database.

4.6. Recipients of personal data, categories of recipients

Competent employees of the data controller and data processor.

4.7. The Data Controller(s)

Economic company defined in point 1 of this Data Management Information.

4.8. The Data Processor(s)

  • a) Sándor Petrovics (mailing address: 1041 Budapest, Kossuth utca 74. e-mail address: sandorpetrovics87@gmail.com , website: https://www.sandorpetrovics.com/test), as the individual/business company responsible for the operation of the website.
  • b) Websupport Magyarország Kft. (headquarters: 1132 Budapest, Victor Hugo utca 18-22, e-mail address: info@ezit.hu ; website: https://www.ezit.hu), as the hosting provider.
  • c) Levente Galgóczi Olivér (address: 1041 Budapest, Deák Ferenc utca 55. e-mail address: oliver.galgoczi@gmail.com , website: https://www.inkamedia.hu), as the economic manager responsible for the development of the website company.
  1. SECURITY OF DATA MANAGEMENT

The Data Controller stores personal data in an electronic system.

The Data Controller and the Data Processor(s) take into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons, taking into account technical and organizational measures finally, with which it guarantees a level of data security appropriate to the degree of risk for those concerned.

When determining the appropriate level of security, the Data Controller specifically takes into account the risks arising from data management, which in particular arise from the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise managed.

The Data Controller and the Data Processor(s) shall take measures to ensure that the natural persons acting under the control of the Data Controller or the Data Processor(s) and having access to personal data can only handle said data in accordance with the Data Controller’s instructions, unless otherwise they are bound by EU or Member State law.

  1. LEGAL PRACTICE, ENFORCEMENT AND REMEDIES

The data subject may exercise his rights under the following Regulation with regard to the above-mentioned nature of the individual legal bases for data processing.

6.1. The rights of the data subject

6.1.1. Transparent information

The Data Controller provides all the information required by the Regulation in a concise, transparent, understandable and easily accessible form, clearly and comprehensibly worded, especially in the case of any information addressed to children. The Data Controller provides the information in writing or in another way – electronically, but can also provide verbal information at the request of the data subject, provided that the identity of the data subject has been verified in another way.

6.1.2. The right to access your personal data

At the request of the data subject, the Data Controller provides feedback on whether the personal data of the data subject is being processed. If it is determined that the data subject’s personal data is being processed, the data subject may request access to their personal data and the following information:

  • a) the purpose of data management;
  • b) the category of personal data concerned;
  • c) the recipients or categories of recipients to whom the Data Controller has disclosed or will disclose the personal data, with particular regard to recipients located in non-EU member states;
  • d) the period of storage of personal data, or if this is not possible, the criteria for determining this period;
  • e) the right of the data subject to ask the Data Controller to correct, delete or limit the processing of his personal data, to object to the processing of his personal data;
  • f) the right of the data subject to submit a complaint to the Supervisory Authority;
  • g) if the Data Controller did not collect the personal data directly from the data subject, the source of this personal data;
  • h) whether automated decision-making and profiling took place on the basis of personal data, and if so, the logic used, and understandable information about the significance of such data management and the expected consequences for the data subject;
  • i) if the Data Controller transfers the data subject’s personal data to a country outside the EU or to an international organization, the data subject has the right to receive information about the information regarding the transfer.

6.1.3. Correction of inaccurate personal data

If the Data Controller manages inaccurate or incomplete personal data about the data subject, it will correct them without undue delay after receiving the data subject’s request. The data subject can also request the addition of incomplete personal data.

6.1.4. The right to erasure (to be forgotten).

The data subject has the right to delete his personal data and to ask the Data Controller to fulfill his request without undue delay, if one of the following reasons exists:

  • a) the data subject’s personal data is no longer needed in connection with the original purpose of data management;
  • b) the data subject withdraws his consent to the data management and there is no other legal basis for the data management;
  • c) the basis for the legality of the data management is the legitimate interest of the Data Controller, against which data management the data subject objects, and there is no overriding legitimate reason for the data management;
  • d) the purpose of data management is direct business acquisition, against which the data subject objects;
  • e) the Data Controller handled the data subject’s personal data unlawfully;
  • f) the data subject’s personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law for the Data Controller;
  • g) the legality of the processing of personal data by the Data Controller is based on the consent given by the guardian of a child, and or
  • g/a) the person concerned is the guardian of the child and the child concerned has not yet reached the age of 16 required for consent;
  • g/b) the affected person is the child who has already reached the age of 16 required for consent.

The Data Controller may not delete personal data if data management is necessary for the following reasons:

  • a) for the purpose of exercising the right to freedom of expression and information;
  • b) for the purpose of fulfilling a legal obligation requiring the processing of personal data, or for the execution of a task carried out in the public interest or in the context of the exercise of public authority;
  • c) necessary for preventive health or occupational health purposes, to assess the employee’s ability to work, establish a medical diagnosis, provide health or social care or treatment, or manage health or social systems and services, based on EU or Member State law or in accordance with a contract concluded with a health professional;
  • d) data processing is necessary for the public interest in the field of public health, such as protection against serious health threats that spread across borders or ensuring the high quality and safety of healthcare, medicines and medical devices, and is carried out on the basis of EU or Member State law which provides for appropriate and specific measures for guarantees protecting the rights and freedoms of the data subject, and in particular regarding professional confidentiality;
  • e) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, if the data subject’s right to deletion would likely make this data management impossible or seriously jeopardize it;
  • f) to present, enforce and defend legal claims.

6.1.5. The right to restrict data processing

At the request of the data subject, the Data Controller restricts the processing of personal data if one of the following is met:

  • a) the data subject disputes the accuracy of the personal data;
  • b) the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use;
  • c) the Data Controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims;
  • d) the data subject objects to the processing of data by the Data Controller on the basis that he named the legitimate interests of the Data Controller as a legal basis, but the data subject claims that his interests take priority over the interests of the Data Controller.

If data processing is restricted at the request of the data subject, such personal data will only be stored for a few years

  • a) with the consent of the data subject, or
  • b) to submit, enforce or defend legal claims, or
  • c) to protect the rights of other natural or legal persons, or
  • d) in the important public interest of the Union or a member state

can be handled.

The Data Controller informs the data subject in advance about the lifting of restrictions on data management.

6.1.6. The right to data portability

The data subject has the right to receive the personal data concerning him/her provided to the Data Controller in a segmented, widely used, machine-readable format, and is also entitled to forward this data to another data controller if:

  • a) data management is based on consent or a contract; and
  • b) data management takes place in an automated manner.

The data subject is also entitled to request the direct transfer of personal data between data controllers.

6.1.7. The right to protest

The data subject has the right to object to the processing of his personal data if

  • a) data management is in the public interest or is necessary for the execution of a task performed in the framework of the exercise of public authority conferred on the Data Controller;
  • b) data management is necessary to assert the legitimate interests of the Data Controller or a third party, including profiling;
  • c) data management is carried out for the purpose of direct business acquisition, including profiling, if it is related to direct business acquisition.

In the case of data processing based on legitimate interest according to point b) above, the data subject may not object to data processing if the Data Controller proves that

  • a) data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or
  • b) are related to the submission, enforcement or defense of legal claims.

If the data subject objects to the processing of personal data for the purpose of direct business acquisition, the personal data will no longer be processed by the Data Controller for this purpose.

6.1.8. Automated decision-making in individual cases, including profiling

The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on him or affect him to a similar extent.

The data subject cannot use the above right if the decision

  • a) necessary for the conclusion or fulfillment of the contract between the data subject and the Data Controller;
  • b) it is made possible by EU or member state law applicable to the Data Controller, which also establishes appropriate measures to protect the rights and freedoms and legitimate interests of the data subject;
  • c) is based on the express consent of the data subject.

In the cases mentioned in points a) and c) above, the person concerned can request human intervention, explain his position and submit an objection to the decision.

6.1.9. Withdraw consent

The data subject has the right to withdraw his consent at any time only in data management cases based on his consent. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.

The Data Controller informs the data subject of this before giving consent.

The statement of the data subject withdrawing his consent is valid with a clear indication of the given data management.

6.2. Legal enforcement, complaint, legal remedy

6.2.1. Legal enforcement

The data subject may exercise the data management rights listed above in an e-mail sent to the e-mail address or registered address of the Data Controller, sent from the identifiable e-mail address of the data subject, or by post in a letter signed by the data subject. The statement of the data subject regarding the exercise of rights is valid with a clear indication of the given data management.

The Data Controller responds to the request submitted electronically in electronic form or in the manner requested by the data subject.

6.2.2. Complaint

If, in the opinion of the data subject, the handling of personal data relating to him/her violates the provisions of the Regulation, the data subject is entitled to file a complaint with the relevant Supervisory Authority, especially in the Member State of his/her usual place of residence, workplace or the place of the suspected infringement.

Complaints can be lodged with the National Data Protection and Freedom of Information Authority (hereinafter: NAIH) as the Supervisory Authority in Hungary. NAIH contact details:

E-mail: ugyfelszolgalat@naih.hu

Mailing address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Phone: +3613911400

Website: www.naih.hu

The names and contact details of the data protection authorities in the EU can be found at the following link:

http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

6.2.3. Legal remedy

  • a) Judicial remedy against the Supervisory Authority

Everyone concerned has the right to an effective judicial remedy:

a/a) against the legally binding decision of the supervisory authority, or

a/b) if the competent Supervisory Authority does not deal with the complaint or does not inform the data subject within three months about the procedural developments related to the submitted complaint or its result.

Proceedings against the Supervisory Authority must be initiated before the court of the Member State where the Supervisory Authority has its seat.

  • b) Judicial remedy against the Data Controller or Data Processor

The data subject may apply to court against the Data Controller or the Data Processor if, in his opinion, the Data Controller or the Data Processor acting on the basis of his mandate or order handles his personal data in violation of the regulations on the handling of personal data, as defined in the law or in the mandatory legal act of the European Union.

The procedure must be initiated before the court of the Member State where the Data Controller or Data Processor operates. Such a procedure can also be initiated before the court of the Member State of the habitual residence of the person concerned, unless the Data Controller or the Data Processor is a public authority of a Member State acting in its public authority.

In Hungary, the person concerned can also initiate the lawsuit before the competent court according to his place of residence or place of stay, according to his choice.

Budapest, 24.05.2022.