1. Introduction
INFOtec Kft. is committed to the protection of the personal data of its users, customers and partners, and considers it of utmost importance to respect the users’ right to informational self-determination. INFOtec Kft. with regard to the management of personal data, it takes all security, technical and organizational measures that guarantee the security of the data. LXIII of 1992 Act on the protection of personal data and the disclosure of data of public interest CVIII of 2001 Act on certain issues of electronic commercial services and services related to the information society XLVIII of 2008 Act on the basic conditions and certain limitations of economic advertising activity CXII of 2011 Act on the right to self-determination of information and freedom of information Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (general data protection regulation, GDPR)
2. Basic concepts of data management
“personal data”: any information relating to an identified or identifiable natural person (“data subject”); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable; “data management”: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying; “restriction of data management”: designation of stored personal data for the purpose of limiting their future management; “pseudonymisation”: the processing of personal data in such a way that, without the use of additional information, it is no longer possible to determine which specific natural person the personal data refers to, provided that such additional information is stored separately and ensured by technical and organizational measures that this personal data cannot be linked to identified or identifiable natural persons; “registration system”: the file of personal data in any way – centralized, decentralized or divided according to functional or geographical aspects – which is accessible based on specific criteria; “data controller”: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law; “recipient”: the natural or legal person, public authority, agency or any other body to whom or to which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management; “third party”: the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data controller, the data processor or the persons who, under the direct control of the data controller or data processor, are authorized to process personal data they received; “consent of the data subject”: the voluntary, specific and clear declaration of the will of the data subject based on adequate information, by which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him; “data protection incident”: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled; “enterprise”: a natural or legal person engaged in economic activity, regardless of its legal form, including partnerships and associations engaged in regular economic activity.
3. Data management principles
Only personal data that is essential for the realization of the purpose of data management and suitable for achieving the purpose can be processed. Personal data can only be processed to the extent and for the time necessary to achieve the purpose. During data management, the accuracy, completeness and, if necessary, the up-to-dateness of the data must be ensured, as well as that the data subject can only be identified for the time necessary for the purpose of the data management. Personal data can be processed if a) the data subject consents to it, or b) it is ordered by law or – based on the authority of the law, within the scope defined therein – by a local government decree for a purpose based on the public interest The data subject must be informed in a clear, comprehensible and detailed manner about all the facts related to the processing of his data, including, in particular, the purpose and legal basis of data processing, the person entitled to data processing and data processing, the duration of data processing, and who can access the data. The information must also cover the data subject’s rights and legal remedies. The processed personal data must meet the following requirements: a) their admission and treatment are fair and legal; b) they are accurate, complete and, if necessary, timely; c) the method of their storage is suitable so that the person concerned can only be identified for the time necessary for the purpose of storage. Personal data can be transmitted, and different data processing can be linked, if the data subject has consented to it, or if the law allows it, and if the conditions for data processing are met for each individual piece of personal data.
4. The data subject’s rights related to the management of their data
4.1 Overview In addition to the right to withdraw the consents given to us, you are entitled to the following additional rights if the appropriate legal conditions exist: the right to information about stored personal data based on Article 15 of the GDPR the right to correct inaccurate data or supplement incomplete data based on Article 16 of the GDPR to delete the data stored by us based on Article 17 of the GDPR the right to limit data processing based on Article 18 of the GDPR the right to data portability based on Article 20 of the GDPR the right to object under Article 21 of the GDPR.
4.2 Right to information based on Article 15 of the GDPR On the basis of Article 15 (1) of the GDPR, you are entitled to receive free of charge information about the personal data we store about you. This primarily means the following: the purposes of data management related to personal data categories of personal data concerned recipients or groups of recipients to whom the personal data has been or will be communicated the planned period of storage of your personal data or, if this is not possible, the criteria for determining this period the right to correct or delete your personal data, the right to restrict data processing and the right to object to data processing the right to file a complaint with a supervisory authority all available information about the source of the data, if the data was not collected from the data subject automated decision-making, including profiling in accordance with Article 22 (1) and (4) of the GDPR, and at least in these cases, reliable information about the applied logic and the significance and targeted effect of such data processing for the data subject. If personal data is transferred to a third country or to an international organization, you are entitled to receive information about the appropriate guarantees in accordance with Article 46 of the GDPR regarding the transfer.
4.3. Right to rectification based on Article 16 of the GDPR You have the right to request the immediate correction of inaccurate personal data concerning you. Taking into account the purpose of data management, you are entitled to request the completion of incomplete personal data, including by means of a supplementary statement
4.4. Right to erasure pursuant to Article 17 of the GDPR You have the right to request the immediate deletion of your personal data from us if one of the following reasons exists: the personal data are no longer needed for the purpose for which they were collected or otherwise processed You withdraw your consent that is the basis for data processing pursuant to point a) of Article 6 (1) of the GDPR or point a) of Article 9 (2) of the GDPR, and there is no other legal basis for data processing You object to data processing on the basis of Article 21 (1) or (2) of the GDPR, and there are no legitimate reasons for data processing that take priority over your interests if Article 21 (1) of the GDPR applies personal data were handled illegally the deletion of personal data is justified by the fulfillment of a legal obligation the collection of personal data took place in connection with the offer of services related to the information society in accordance with Article 8 (1) of the GDPR. If we have made your personal data public and we are obliged to delete it, taking into account the available technology and the costs of implementation, we will take appropriate steps to inform the third parties handling your data of links to your personal data in question or copies of these personal data, or of your request to delete your copy (right to be forgotten).
4.5. The right to restrict data processing based on Article 18 of the GDPR You have the right to request the restriction of data processing from us if one of the following conditions is met: You dispute the accuracy of your personal data the data management is illegal and you request the restriction of the use of the data instead of its deletion the data controller no longer needs the personal data due to the stated purpose of the data management, but requires them to present, enforce or defend the legal claims concerned; or You have objected to data processing in accordance with Article 21 (1) of the GDPR, but it has not yet been established whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.
4.6. Right to data portability based on Article 20 GDPR You have the right to receive the personal data about you that you have provided to us in a segmented, widely used, machine-readable format, and you have the right to transfer this data to another data controller without hindrance if: the data processing is based on consent according to point a) of Article 6 (1) or point a) of Article 9 (2) of the GDPR, or on a contract according to point b) of Article 6 (1) of the GDPR and data management is automated. When exercising the right to data portability, you are entitled to – if this is technically feasible – request the direct transfer of personal data between data controllers.
4.7. Right to object under Article 21 of the GDPR On the basis of Article 21 (1) of the GDPR, you can object to data processing at any time. The above general right of objection applies to all data management purposes described in this data protection information, in accordance with GDPR Article 6 (1) point f). In contrast to the special right to object to data processing for business purposes, under the GDPR we are only obliged to accept such a general objection if you name reasons that take precedence over data processing, such as potential danger to life or health. In addition, you may contact your data protection officer or the relevant supervisory authority.
4.8. The scope of personal data managed by the service provider, the purpose, title and duration of data management INFOtec Kft. currently does not manage personal data in connection with its users. The e-mail address entered in the contact form is not stored, collected, or forwarded to third parties on the websites it operates.
5. Data of visitors to websites operated by INFOtec Kft INFOtec Kft. does not collect any unique personal data in connection with website visitors. INFOtec Kft. uses the Google Analytics program to measure the effectiveness of its campaigns. Using the program, you obtain information on how many visitors visited your website and how long the visitors spent on the website. We use the services of Google Adwords in many of our advertising campaigns. The purpose of Google AdWords conversion tracking is to measure the effectiveness of AdWords ads. It does this with the help of cookies placed on the User’s computer, which exist for 30 days and do not collect personal data. Users who do not want Google Analytics to create a report on their visit can install the Google Analytics blocking browser extension. This add-on instructs the Google Analytics JavaScript scripts (ga.js, analytics.js, and dc.js) not to send visit information to Google. In addition, visitors who have installed the blocking browser extension will not participate in the content experiments. If you wish to opt-out of Analytics web activity, visit the Google Analytics opt-out page and install the add-on for your browser. For more information on installing and removing the extension, see the help for your browser.
6. Remedies The person concerned can request information about the management of his personal data, as well as request the correction of his personal data, or ? with the exception of data management mandated by law? deletion in the manner indicated at the time of data collection, or at the indicated contact details of the data controller. The data controller blocks personal data if the data subject requests this, or if it can be assumed that deletion would harm the legitimate interests of the data subject. Locked personal data can only be processed as long as the data management purpose that precluded the deletion of personal data exists. The data controller deletes the personal data if the data subject requests it, or the purpose of the data management has ceased, or if the statutory period for storing the data has expired, a court or the National Data Protection and Freedom of Information Authority has ordered the deletion. The data controller has 30 days to delete, block, or correct personal data. Legal remedies and complaints can be made at the
National Data Protection and Freedom of Information Authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság
Székhely: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
Postacím: 1534 Budapest, Pf.: 834
Telefon: +36 (1) 391-1400
Telefax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu