- Legislation applicable to data processing
The following legislation in particular applies to data processing:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 Regulation), the General Data Protection Regulation, (hereinafter referred to as ‘GDPR’, and Act CXII of 2011 on the right to information self-determination and freedom of information. Act (hereinafter referred to as “Privacy Act”).
- Principles of data management:
Automata Bejáratok Specialistája Nagykereskedelmi Kft. Handles personal data provided to it exclusively fairly and complying with the relevant legislation, stores data only for specific purposes, for a limited period of time, and shall not use it in any other way. The Data Controller determines the way data is stored in such a way that data can be identified only for the time necessary for the purpose of data management. In order to protect personal data, the Data Controller shall implement appropriate security measures to prevent the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to the data.
- Basic concepts:
Data Controller (hereinafter referred to as “Data Controller”):
Automatic Entrances Specialist Wholesale Ltd.
registered office / mailing address: 1211 Budapest, II. Rákóczi Ferenc út 335 / a.
legal representative: Lajos Deák and Árpád Balázs Szalay, managing directors
Data Protection Officer: Lajos Deák
e-mail address: email@example.com
Personal data: any information about an identified or identifiable person (Data Subject); a natural person may be identified if, directly or indirectly, in particular by an identifier such as name, number, location, online identifier or one or more factors relating to the physical,
physiological, genetic, mental, economic, cultural or social identity of the natural person identified.
Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- Data Protection Officer:Given that Article 37 of the GDPR does not require the appointment of a Data Protection Officer on the basis of either the activities of the Data Controller or the amount of data processed, the Data Controller does not employ a designated a Data Protection Officer.
5. The scope of personal data collected and stored by the Data Controller, the purpose, legal basis and duration of the data processing:Personal data is inquired on the “Request for quotation” subpage of www.ditec.hu website
The Data Controller inquires personal data in order to make offers and quotes to Data Subjects. Personal data is stored in the so-called „It is recorded in Apollo’s” software system/application, and the quote itself is generated by the application.
|Personal data||Purpose of data management||Legal basis for data management||Duration of data management|
|Name||Identification of the sender, distinguishing it from other users.||consent of the data subject (Article 6 (1) (a) GDPR)||6 month|
|Name of the contact person||The contact person
identification, differentiation from other users.
|consent of the data subject (Article 6 (1) (a) GDPR)||6 month|
|E-mail address||The e-mail address is required in order for the Data Controller to be able to respond to the request and to contact the requester of the quotation.||consent of the data subject (Article 6 (1) (a) GDPR)||6 month|
|Phone number||The telephone number is also required for the Data Controller to contact the requester of the quotation.||consent of the data subject (Article 6 (1) (a) GDPR)||6 month|
|Place of implementation, installation||It is necessary to determine to which area the contracting authority belongs to which the contracting authority operates.||consent of the data subject (Article 6 (1) (a) GDPR)||6 month|
Names, e-mail address and places of implementation or installation are mandatory items, failing to provide, the Data Controller will not send any offer or quote. Providing phone number is optional.
If a contract is concluded on the basis of the request for quotation, the Data Controller shall not delete the personal data after the expiry of the period specified in the table above, but shall store them onwards.
As of today/the date this document issued /, data management is governed by the provisions of the Partner Data Management Information provided when confirming the order or concluding the contract.
- Data processed in connection with sending out newsletters:
The Data Controller maintains a newsletter database, which stores the data of the persons subscribing the newsletter. In summary, the purpose of data management on personal data related to the newsletter is to promote the Data Controller and its service as well as, to provide information about new products, professional events, educational events organized by the Data Controller and other marketing messages.
The Data Controller also sends/shares business information (eg. product specifications, price lists) to its reseller partners in newsletters.
|Personal data||Purpose of data management||Legal basis for data management||Duration of data management|
|E-mail address||Sending the newsletter, keeping in touch.||consent of the data subject (Article 6 (1) (a) GDPR)||until you unsubscribe from the newsletter|
E-mail address is mandatory, but the address does not necessarily require personal information, e.g. therefore, it must contain the name of the Data Subject, so that Data Subjects are free to decide whether they wish to communicate/share any information about themselves to the Data Controller.
- Data transmission:
- The operator of the Data Controller’s computer system is responsible for the operation, maintenance, development, etc. of the system. You may become aware of personal data listed in Chapter 5 in connection with the performance of IT tasks. The cooperating partner on the IT field of the Data Controller is therefore considered a data processor.
Name: Klassic Kreatív Stúdió Kft
Headquarters: 1097 Budapest, Illatos út 9.
- To send out newsletters, the Data Controller uses the MailChimp newsletter sending service, therefore the personal data related to the sending of the newsletter according to point 5.2 will be known to the MailChimp operator, The Rocket Science Group, LLC. The company is headquartered in the United States, which is a third country for data processing purposes. However, MailChimp / The Rocket Science Group, LLC has joined the EU-US Privacy Shield Framework, which provides an adequate level
of protection under a Commission decision. In view of this, no special authorization is required for the transfer of data under Article 45 (1) of the GDPR.
More information about MailChimp’s privacy practices can be found at:
- The Data Controller uploads and stores personal data described in point 5 on its own servers.
- Google Analytics performs the independent measurement of ditec.hu’s web analytics data as an external service provider. Google Analytics logs open documents and usage of features. Google Analytics provides detailed information on how to manage your measurement data at https://policies.google.com/?hl=en_US.
- Access to personal data:
- On the part of the Data Controller, personal data referred to in Point 5 shall be accessible to the Data Controller’s manager and only to those employees whose job responsibilities arise in connection with the personal data (primarily salespeople, as well as employees in the financial field). Access is limited only to the time and extent required to perform the specific job task. Data controllers may have access to personal data within the scope and for the purpose described in Point 6.
- Data security measures
- The Data Controller stores personal data on secure, adequately protected servers. The Data Controller takes all organizational and technical measures to protect personal data.
- Rights of the data subject
- Exercise of rights
The exercise of the rights of the data subjects listed below can be initiated by sending a letter or e-mail to one of the contacts of the Data Controller described in Point 3. The Data Controller shall inform the Data Subject of the action taken based on the request within one month from the receipt of the request. If necessary, considering the complexity of the application and the number of applications, this time limit may be extended by a further two months. The Data Controller shall inform the Data Subject of the extension of the time limit, indicating the reasons for the delay, by electronic means within one month from the receipt of the request, if possible and unless otherwise requested by the Data Subject. If the Data Controller does not act on the Data Subject’s request, the Data Subject shall be informed within the above time limit of the reasons for the non-action and that the Data Subject may lodge a complaint with the supervisory authority and exercise his / her right of judicial appeal.
In the event of a clearly unfounded or excessive request, the Data Controller may charge a reasonable fee or refuse to act on the request.
The Data Subject may request access to the data concerning him / her from the Data Controller by sending a letter or e-mail to the contact detailed at Point 3, and in this context the Data Controller shall inform the Data Subject about the following:
- what personal information
- on what legal basis,
- for what data management purposes,
- from what source
- how long the data handling lasts
- to whom, when, on what basis and to which personal data of the Data Subject was granted to have access, and to whom the Data Controller transferred the Data Subject’s personal data.
Upon the request of the Data Subject with such content, the Data Controller shall provide the Data Subject with a copy of the personal data subject to data processing in a machine-readable, widely used electronic format, free of charge. For additional copies, the Data Controller may charge a reasonable fee based on administrative costs.
The Data Subject has the right to have the incorrect data corrected by the Data Controller without undue delay, and may request that the incomplete personal data be supplemented.
The Data Subject has the right to have his / her personal data deleted without undue delay at his / her request, and the Data Controller is obliged to delete the personal data concerning the Data Subject without undue delay, except in the cases provided for in Article 17 (3) GDPR. delete if one of the following reasons exists:
1(a) personal data are no longer required for the purpose for which they were collected or otherwise processed.
1(b) the Data Subject withdraws his or her consent to the processing unless there are other legal bases for the processing. Withdrawal of consent shall not affect the lawfulness of the data processing prior to the withdrawal. Withdrawal of consent can be expressed by sending a letter or e-mail, or in case of a newsletter, by clicking on the “unsubscribe” button.
1(c) personal data have been processed unlawfully
1(d) personal data must be deleted in order to fulfill a legal obligation.
If the above conditions are met, the Data Controller will delete the data permanently and irrevocably.
The Data Subject has the right to receive the personal data concerning him / her made available to the Data Controller in a structured, widely used, machine – readable format and to transfer the data to another data controller or, if technically feasible, to request direct transmission between data controllers.
- Restrictions on data management
The Data Subject shall have the right, at the request of the Data Controller, to restrict the processing if one of the following is met: a) the data subject disputes the accuracy of the personal data, in which case the restriction shall apply to the data subject. ; (b) the processing is unlawful and the Data Subject opposes the erasure of the data and instead requests that their use be restricted; c) the Data Controller no longer needs the personal data for the purpose of data processing, but the Data Subject requests them in order to submit, enforce or protect legal claims.
Where data processing is restricted, personal data subject to the restriction may be processed, except for storage, only with the consent of the Data Subject or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of other natural or legal persons or in the important public interest of the European Union or a Member State.
- Legal remedy
In connection with the data management by the Automata Bejáratok Specialistája Nagykereskedelmi Kft., the person concerned may file a complaint with the supervisory authority.
Name and contact details of the supervisory authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság
Address: Budapest, Falk Miksa u. 9-11, 1055
Telephone: +36 1 391 1400
e-mail address: firstname.lastname@example.org
In addition, in the event of a violation of the data subject’s rights, the data subject may file a lawsuit against the Data Controller, a lawsuit may be instituted before a court competent according to the data subject’s place of residence or stay. The court is acting out of turn in the case.