machine translation from Hungarian
PURPOSE OF THE DATA MANAGEMENT NOTICE
Wirth és Wirth 2021 BT (1134 Budapest, Váci út 47/B Ü-1, hereinafter referred to as service provider, data controller) as a data controller, acknowledges the content of this legal notice as binding on itself. It undertakes to ensure that all data management related to its activities meets the requirements set out in these regulations and in the applicable national legislation, as well as in the legal acts of the European Union. The data protection guidelines arising in connection with the data management of Wirth and Wirth 2021 BT are continuously available at https://door-2.com/?page_id=1036. Wirth és Wirth 2021 BT reserves the right to change this information at any time. Of course, you will notify your audience of any changes in good time. If you have any questions related to this announcement, please write to us and our colleague will answer your question. Wirth és Wirth 2021 BT is committed to protecting the personal data of its customers and partners, and considers it of utmost importance to respect its customers’ right to self-determination of information. Wirth és Wirth 2021 BT treats personal data confidentially and takes all security, technical and organizational measures that guarantee data security. The Wirth és Wirth 2021 BT describes its data management practices below.
THE DATA CONTROLLER
If you would like to contact our Company, you can contact the data controller at the contact details below. The Wirth és Wirth 2021 BT will delete all e-mails received by it, together with other personal data, no later than 5 years after the data was provided.
Company name: Wirth és Wirth 2021 BT
Name of data controller: Zsuzsanna Wirthné Móricz
Headquarters: 1134 Budapest, Váci út 47/B Ü-1
Company registration number: Cg.01-06-796804
Tax number: 29271942-2-41
Phone number: +36 30 387 thirty-four 82
Email: info (@)door-2.com
BASIC PRINCIPLES DURING DATA MANAGEMENT
The Data Controller processes personal data only if the data subject consents to it. The Data Controller pays special attention to the protection of the personal data of incapacitated persons and minors under the age of 16 with limited legal capacity, children. Their declaration requires the consent of their legal representative, except for those parts of the service where the declaration is aimed at data management that occurs en masse in everyday life and does not require special consideration. If the personal data was recorded with the consent of the data subject, the Data Controller shall, unless otherwise provided by law, process the recorded data
a) for the purpose of fulfilling the relevant legal obligation, or
b) for the purpose of asserting the legitimate interest of the data controller or a third party, if the assertion of this interest is proportional to the limitation of the right to the protection of personal data without further separate consent, and may be processed even after the consent of the data subject has been revoked.
The Data Controller processes personal data only for specific purposes, in order to exercise rights and fulfill obligations. The Data Controller declares that it fulfills the purpose in all stages of its data management, and that the data is collected and handled fairly. The Data Controller declares that it only processes personal data that is essential for the realization of the purpose of data management, is suitable for achieving the purpose, and only to the extent and for the time necessary for the realization of the purpose. The Data Controller declares that it only processes personal data with consent based on adequate information. The Data Controller properly informs the data subject before data processing begins that data processing is based on consent or is mandatory. It informs the data subject – clearly, clearly and in detail – about all the facts related to the processing of their data, including, in particular, the purpose and legal basis of data processing, the person entitled to data management and data processing, the duration of data processing, if the data subject’s personal data is processed by the data controller with the consent of the data subject and for the purpose of fulfilling a legal obligation to the data controller or asserting the legitimate interests of a third party, as well as who can access the data. The information also covers the data subject’s rights and legal remedies. During data management, the Data Controller ensures the accuracy, completeness, and up-to-dateness of the data, as well as that the data subject can only be identified for the time necessary for the purpose of data management.
TYPES OF DATA MANAGEMENT, SCOPE OF PERSONAL DATA, PURPOSE, TITLE AND DURATION OF DATA MANAGEMENT
The data management of the Data Controller’s activities is based on voluntary consent. In some cases, however, the management, storage, and transmission of a range of the provided data is made mandatory by law, of which we will notify our audience separately. We draw the attention of informants to the Data Controller that if they do not provide their own personal data, the informant is obliged to obtain the consent of the data subject. The data management principles of the Data Controller are in accordance with the applicable legislation related to data protection, in particular the following: – Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) – the on the protection of natural persons with regard to the management of personal data and that on the free flow of such data and on the repeal of Regulation 95/46/EC (general data protection regulation, GDPR); – CXII of 2011 Act – on the right to self-determination of information and the on freedom of information (Infotv.), – CVIII of 2001 Act – electronic commerce services, as well as on some issues of information society-related services (Eker.tv.), – Act C of 2003 – on electronic communications (Eht.),
DATA PROCESSED DURING WEBSITE USE
You can use the website www.door-2.com without providing your personal data, therefore the use of the website is not covered by the general data protection regulation. The Data Controller does not store or manage the data generated during the browsing of the website in any way that can be linked to the specific data subject.
COOKIE MANAGEMENT OF THE WEBSITE
PRESENCE ON COMMUNITY SITES
The Data Controller is available on the Facebook/Instagram/TikTok social portal. The Data Controller only communicates with the data subjects via the social media site, and thus the purpose of the scope of the processed data becomes relevant when the data subject contacts the Data Controller via the social media site. The type of personal data handled: public name, public photo, public email address of the person concerned, message sent via the social media site of the person concerned, evaluation by the person concerned, or the result of another operation. The purpose of data management: sharing, publishing and marketing the contents of the website on social media. With the help of the social page, the person concerned can also find out about the latest promotions. Scope of stakeholders: Natural persons who voluntarily follow, share, and like the Data Controller’s social media pages or the content appearing on them. Legal basis for data management: consent of the data subject (GDPR Regulation Article 6 (1) point a), Infotv. Paragraph (1) of § 5, and Grt. Section 6 (5)). Based on the terms and conditions of the social media site, the data subject voluntarily consents to follow and like the content of the Data Controller. Using an exemplary definition, the data subject can subscribe to the news feed published on the message wall on Facebook/Instagram/TikTok by clicking on the “like” link on the page and thereby consent to the publication of the Data Controller’s news and offers on his own message wall, and he can unsubscribe by clicking the “dislike” link on the same page, as well as using the message wall settings to delete unwanted news feeds appearing on the message wall . Duration of data management: until deletion at the request of the data subject. Information about the data management of the given social media site has been affected by the social media page you can get.
OTHER DATA MANAGEMENT
We provide information on data management not listed in this information when the data is collected. We inform our customers that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the National Data Protection and Freedom of Information Authority, or other bodies based on the authorization of the law, may contact the data controller in order to provide information, communicate and transfer data, or make documents available. If the authority has specified the exact purpose and scope of the data, the Data Controller will only release personal data to the authorities to the extent and to the extent that is absolutely necessary to achieve the purpose of the request. The Data Controller reserves the right to use an additional data processor, the identity of which will be provided individually at the latest at the start of data processing.
The data controller stores the data subject’s personal data on servers operated by Websupport Magyarország Kft.
Company name: Websupport Magyarország Kft.
Headquarters: 1132 Budapest, Victor Hugo utca 18-22.
Tax number: 25138205-2-41
Company registration number: 01-09-381419
DATA SECURITY MEASURES
The Data Controller and its data processors implement appropriate technical and organizational measures, taking into account the state of technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the varying probability and severity of risk to the rights and freedoms of natural persons, in order to guarantee a level of data security appropriate to the degree of risk. The Data Controller selects and operates the IT tools used to manage personal data in such a way that the managed data: – accessible to those authorized to do so (availability); – its authenticity and authentication are ensured (authenticity of data management); – its immutability can be verified (data integrity); – be protected against unauthorized access (data confidentiality). The Data Manager protects the data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, and inaccessibility resulting from changes in the technology used. In order to protect the data files managed electronically in its various registers, the Data Controller ensures with an appropriate technical solution that the stored data cannot be directly linked and assigned to the data subject, unless permitted by law. In view of the current state of technology, the Data Controller ensures the protection of the security of data management with technical, organizational and organizational measures that provide a level of protection corresponding to the risks associated with data management. The Data Controller keeps it during data management – confidentiality: it protects the information so that only those who are authorized to do so can access it; – integrity: protects the accuracy of the information and the method of processing and completeness; – availability: it ensures that when the authorized user needs it on it, really be able to access the information you want and have it available related tools. The IT system and network of the Data Controller and its partners involved in data management are both protected against computer-supported fraud, espionage, sabotage, vandalism, fire and flood, as well as computer viruses, computer intrusions and denial-of-service attacks. The operator ensures security with server-level and application-level protection procedures. We inform users that electronic messages transmitted on the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that lead to unfair activity, contract disputes, or the disclosure or modification of information. To protect against such threats, the Data Controller takes all the necessary precautions. Monitors systems to capture any security discrepancies and provide evidence for any security incidents. In addition, system monitoring also makes it possible to check the effectiveness of the precautions used. The Data Controller keeps records of any data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it. The Data Controller shall report any data protection incident to the National Data Protection and Freedom of Information Authority without delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is likely to pose no risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached.
THE RIGHTS AND OPTIONS OF RIGHTS ENFORCEMENT OF THE PERSONS INVOLVED
The data subject can request information about the processing of his personal data, and can request the correction of his personal data, or – with the exception of mandatory data processing – deletion or withdrawal, he can exercise his right to data portability and protest as indicated when the data was collected, or at the above contact details of the Data Controller.
RIGHT TO INFORMATION
The Data Controller takes appropriate measures in order to provide the data subjects with all information regarding the processing of personal data referred to in Articles 13 and 14 of the GDPR and Articles 15-22. and provide each piece of information according to Article 34 in a concise, transparent, comprehensible and easily accessible form, clearly and comprehensibly worded.
RIGHT OF ACCESS OF THE DATA SUBJECT
The data subject is entitled to receive feedback from the Data Controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to access the personal data and the following information: – the purposes of data management; – categories of personal data concerned; – the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations; – the planned period of storage of personal data; – the right to rectification, deletion or limitation of data processing and the right to protest; – the right to submit a complaint to the supervisory authority; – information about data sources; – the fact of automated decision-making, including profiling, as well as comprehensible information about the applied logic and the significance of such data management and the expected consequences for the data subject. The Data Controller shall provide the information within a maximum of one month from the date of submission of the request.
RIGHT OF CORRECTION
The data subject may request inaccurate personal data relating to him/her managed by the Data Controller correction and completion of incomplete data.
RIGHT TO CANCELLATION
If one of the following reasons exists, the data subject has the right to request that the Data Controller delete his/her personal data without undue delay: – the personal data are no longer needed for the purpose for which they were collected or otherwise processed; – the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management; – the data subject objects to data processing and there is no overriding legal reason for data processing; – the personal data were handled illegally; – personal data must be deleted to fulfill the legal obligation prescribed by EU or Member State law applicable to the data controller; – the collection of personal data took place in connection with the offering of services related to the information society. Data deletion cannot be initiated if data management is necessary: – for the purpose of exercising the right to freedom of expression and information; – for the purpose of fulfilling the obligation under the EU or Member State law applicable to the data controller requiring the processing of personal data, or for the execution of a task carried out in the public interest or in the context of the exercise of public authority conferred on the data controller; – concerning the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, based on public interest; – or to present, assert or defend legal claims.
RIGHT TO LIMIT DATA PROCESSING
At the request of the data subject, the Data Controller restricts data processing if one of the following conditions is met: – the data subject disputes the accuracy of the personal data, in this case the restriction applies to the period that allows checking the accuracy of the personal data; – the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use; – the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims; obsession – the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject. If data management is subject to restrictions, personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.
RIGHT TO DATA PORTABILITY
The data subject has the right to receive the personal data concerning him/her provided to the Data Controller in a segmented, widely used, machine-readable format, and to forward this data to another data controller.
RIGHT TO OBJECT
The data subject has the right to protest at any time for reasons related to his own situation against the processing of his personal data necessary for the performance of a task carried out in the public interest or within the framework of the exercise of public authority granted to the Data Controller, or for the enforcement of the legitimate interests of the data controller or a third party, including profiling based on the aforementioned provisions. In the event of a protest, the Data Controller may no longer process the personal data, unless it is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are related to the submission, enforcement or defense of legal claims.
AUTOMATED DECISION-MAKING IN INDIVIDUAL CASES, INCLUDING PROFILING
The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have a legal effect on him or affect him to a similar extent.
RIGHT OF WITHDRAWAL
The data subject has the right to withdraw his consent at any time.
RIGHT TO COURT
In the event of a violation of their rights, the data subject may go to court against the Data Controller, i.e. file a lawsuit in the court of competent jurisdiction according to their place of residence (place of stay) (you can view the list of courts by clicking on the following link: https://birosag.hu/torvenyszekek). The court acts out of sequence in the case.
DATA PROTECTION AUTHORITY PROCEDURE
You can file a complaint with the National Data Protection and Freedom of Information Authority:
Name: National Data Protection and Freedom of Information Authority
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Pf.: 5.
NOTIFICATION OF THE DATA PROTECTION INCIDENT
If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the Data Controller shall inform the data subject of the data protection incident without undue delay. In the information provided to the data subject, the nature of the data protection incident must be clearly and comprehensibly described, and the name and contact information of the data protection officer or other contact person providing additional information must be provided; the likely consequences of the data protection incident must be described; the measures taken or planned by the Data Controller to remedy the data protection incident must be described, including, where applicable, measures aimed at mitigating any adverse consequences resulting from the data protection incident. The data subject does not need to be informed if any of the following conditions are met: – the Data Controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures – such as the use of encryption – that make the data unintelligible to persons not authorized to access personal data; – after the data protection incident, the Data Controller took additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future; – providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects. If the Data Controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed.
INDEMNIFICATION AND DAMAGES
Any person who has suffered material or non-material damage as a result of a violation of the data protection regulation is entitled to compensation from the Data Controller or the data processor for the damage suffered. The data processor is only liable for damages caused by data processing if it has not complied with the obligations specified in the law, which are specifically imposed on data processors, or if it has ignored or acted contrary to the lawful instructions of the Data Controller. If several data managers or data processors or both the data manager and the data processor are involved in the same data management and are liable for damages caused by the data management, each data manager or data processor is jointly and severally liable for the total damage. The Data Controller or the data processor is exempted from liability if it proves that it is not in any way responsible for the event causing the damage.
RULES OF PROCEDURE
– The Data Controller informs the data subject without undue delay, but in any case within one month of receipt of the request, in accordance with Articles 15-22 of the GDPR. on measures taken following a request pursuant to Art. – If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months. The Data Controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request. If the data subject submitted the request electronically, the information will be provided electronically, unless the data subject requests otherwise. – If the Data Controller does not take measures following the data subject’s request, it shall inform the data subject without delay, but at the latest within one month of receipt of the request, of the reasons for the failure to take action, as well as of the fact that the data subject may file a complaint with a supervisory authority and exercise his right to judicial redress. – The Data Controller provides the requested information and information free of charge. If the data subject’s request is clearly unfounded or – especially due to its repetitive nature – excessive, the data controller may, taking into account the administrative costs associated with providing the requested information or information or taking the requested measure, charge a reasonable fee or refuse to take action based on the request. – The Data Controller informs all recipients of all corrections, deletions or data management restrictions carried out by them, to whom or to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the Data Controller informs about these recipients. – The Data Controller provides a copy of the personal data that is the subject of data management to the data subject. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the data subject submitted the request electronically, the information will be provided in electronic format, unless the data subject requests otherwise.