Tech-Con Privacy Notice
I. GENERAL PROVISIONS
1.1. Purpose of the Information
The purpose of this information on data processing (hereinafter: Information) is to provide information on the data processing practices adopted and applied by TECH-CON HUNGÁRIA Termelő és Kereskedő Korlátolt Felelősségű Társaság(registered seat: 1133 Budapest, Véső utca 9-11., company register number: Cg. 01-09-687815, hereinafter: Company or Controller) .
1.2. Scope of the Information
1.2.1. The Information applies to the personal data of private individuals (hereinafter: Subjects) concerned by the data processing activities of the Company described in Clause 1.2.2. hereof.
1.2.2. Data processing activities of the Company:
(1) data processing through the webshop operated under the domain shop.tech-con.hu (hereinafter: Webshop),
(2) data processing exercises through the website under the domain www.tech-con.hu (hereinafter: Website) and under the following links:
2.1. menu link “NEWSLETTER”,
2.2. menu link “CONTACT”,
2.3. menu link “CAREER”,
(3) data processing exercises through the website under the domain szallitorendszerek.hu (hereinafter: Szállítórendszerek Website) under the link „REQUEST OFFER”,
(4) data processing through the storage of data of customers and their contact persons in an electronic database,
1.3. Availability of the Information
The currently valid version of the Information is available at all times at the registered seat of the Company defined in Clause 1.1 in hard copy format, and on the Website in electronic format under the link „Information on Data Processing”.
1.4. Amendment of the Information
The Company is entitled to amend the Information whenever necessary, unilaterally, without prior notice, with an effect as of such amendment. The Company shall inform the Subject on such amendment at the contacts defined in Clause 1.3.
1.5. Applicable law
The Company represents, that its data processing is in compliance with the Information and the provisions of the laws in force [including in particular, yet not exclusively the Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR), the act No. CXII of 2011 on the right of informational self-determination and on freedom of information (hereinafter: AI) and the act No. CVIII of 2001 on electronic commerce and on information society services (hereinafter: ECA)]
1.6. Definitions
Capitalized terms used in the Information, not defined separately shall have a meaning as provided for in the laws indicated in Clause 1.5.
1.7. Authenticity, accuracy of personal data
Personal data shall be supplied to the Company by the Subject. Only the Subject shall bear liability for the authenticity, accuracy of personal data supplied in any manner to the Company. The Company shall not be liable for deficiencies of data supply or any consequence arising from erroneously supplied data, it shall expressly exclude its liability in this regard.
1.8. Data security
The Company is dedicated to the protection of personal data of the Subjects, it considers respecting the right of the Subjects of informational self-determination as an utmost priority. Personal data shall be processed by the Company confidentially and the Company shall undertake all measures as to security, technology and organization, that serve the security of personal data.
II. INDIVIDUAL DATA PROCESSING EXERCISES
The individual data processing exercises conducted by the Company shall be presented in separate charts.
1. Data processing through the Webshop (Chart No. 1)
1. Description of data processing:
The Webshop is the product catalogue of the Company available on the Website, which offers for sale the products or a part thereof distributed by the Company (hereinafter: Product).By submitting the order in electronic form in the Webshop and the acceptance of the order by the Company (official confirmation) a sale and purchase agreement shall come into existence between the person submitting the order as buyer (hereinafter: Customer or Subject ) and the Company as seller. For the purpose of this agreement coming into existence, for the fulfillment thereof the processing of personal data of the Customer defined in this clause is indispensable. The Company records, that in the event the Customer is not a natural person, the data processing subject to this Information shall be performed in a manner that in cases described in Clauses 1.1. to 1.4. the name, e-mail address, phone number, position of the contact person of the Orderer and/or Customer as non-natural person and the password provided by the Company to such person after registration for the purpose of access will be registered.
On the website of the Webshop Subjects may supply data in the following events:
1.1. under the link „Request for offer”
1.2. under the link „Registration”
1.3. under the link “Sign in”
1.4. under the link “Send order”
2. Personal data subject to processing:
2.1. Personal data recorded under the link „Request for offer”
1. name
2. address (ZIP code, city, street name, house number) [only in case of natural person customers]
3. e-mail
4. phone number
2.2. Personal data recorded under the link „Registration”
1. name
2. position
3. address (ZIP code, city, street name, house number) [only in case of natural person customers]
4. tax code [only in case of natural person customers]
5. e-mail
6. phone number
2.3. Personal data recorded under the link „Sign in”
1. e-mail
2. password
2.4. Personal data recorded under the link „Send order”
1. details of the products ordered
3. Purpose of data processing:
Rendering of offers to natural person Orderers for the purpose of later product sales, furthermore establishing/maintaining of contact for the purpose of communication of offers. In case of non-natural person Orderers the purpose of processing of the data of the contact person of the Orderer is to secure the maintaining of contact with the Orderer for the purpose of rendering of offers to the Orderer, for the purpose of later product sales, furthermore establishing/maintaining of contact for the purpose of communication of offers. [rendering of offers, communication/discussion of terms and conditions of the offer]
Sale of products to natural person Customers through the Webshop and the delivery thereof to the Customer, furthermore the performance of accounting duties of the Company related to these. In case of non-natural person Customers the purpose of processing of the data of the contact person of the Customer is to secure the maintaining of contact with the Customer for the purpose of sale of products to Customers through the Webshop and the delivery thereof to the Customer. [product sales/sale and purchase, handling of related shipment, furthermore the performance of legal duties of the Company]
4. Legal basis of data processing:
Data processing is performed as per Article 6(1) b) of GDPR, i.e. data processing is required for the establishing and performance of the sale and purchase agreement. Data processing related to requests for offer, registration, signing-in by Customers is performed also as per Article 6(1) b) of GDPR, as this data processing is necessary prior to the conclusion of the sale and purchase agreement, for taking the steps upon request by the Customer.
Data processing is performed as per Article 6(1) c) of GDPR, i.e. data processing represents the performance of legal obligations (tax and accounting obligations under the law) the Company is subject to. Performance of tax and accounting obligations the Company is subject to.
5. Duration of data processing:
Personal data of the Subjects shall be processed by the Company during the existence of contractual relationship, until the performance of contract, respectively for a definite period thereafter pursuant to Section 169 of the act No. C of 2000 on accounting for 8 years, until 31 December 2017 pursuant to Section 47 subsection 3 and Section 164 of the act No. XCII of 2003 on the order of taxation (old TA), whereas from 1 January 2018 until the limitation period as per Section 78 subsection 3 and Section 202 of the act No. CV of 2017 on the order of taxation (new TA).
6. Rights of the Subject:
The rights as per Chapter III of the Information.
7. Exercising of rights of the Subject:
As per Chapter IV of the Information.
8. Processor:
SigmaNet Szolgáltató és Kereskedelmi Korlátolt Felelősségű Társaság (registered seat: 1132 Budapest, Victor Hugo u. 18-22., tax code: 13919252-2-41, company register number: Cg. 01-09-879863, represented by: Ádám Maruzs managing director, e-mail: info@sigmanet.hu, website: http://www.sigmanet.hu) host service provider providing the IT environment of the Webshop
2. Data processing through the Website
2.1. Direct marketing and marketing purpose solicitation with advertisement content (e-DM, newsletter, Chart No. 2)
1. Description of data processing:
On the basis of Section 6 subsection 1 of the act No. XLVIII of 2008 on the basic requirements and certain restrictions of commercial advertising activities (hereinafter: CAA) the Company shall communicate advertisement to the Subject as addressee of the advertisement by way of direct solicitation, in particular by way of electronic correspondence or other individual communication tool of equal value (hereinafter: Newsletter), if demanded by the Subject and he/she consented thereto in advance, expressly and self-evidently. Newsletters will be sent by the Company via e-mail only.
2. Personal data subject to processing:
1. name
2. e-mail
3. Purpose of data processing:
Sending of solicitations for the purpose of direct marketing and marketing with advertisement content promoting the Company, its products, services, informing on current offers of the Company via electronic mail.
4. Legal basis of data processing:
Data processing is performed as per Article 6(1) a) of GDPR, i.e. on the basis of Subject’s consent.
The Subject is entitled to withdraw his/her consent at any time. The withdrawal of consent shall however not affect the legality of the consent-based data processing prior to such withdrawal. The withdrawal of consent may be performed by the Subject by clicking the “unsubscribe” link in the Newsletter or in writing with no compulsory wording which shall be sent to any contact of the Company defined in Chapter IV of this Information. The withdrawal of consent shall become effective with the acknowledgement thereof by the Company.
5. Duration of data processing:
Until withdrawal of consent. The fact and the date of unsubscribing shall be recorded for the purpose of evidencing in a way that past data may not be retrieved therefrom, yet unsubscribing may be evidenced when indicating specific data. Withdrawal of consent shall take effect at the latest after 24 hours from the time the Company shall become aware of such.
6. Rights of the Subject:
Rights as per Chapter III of the Information
7. Exercising of rights of the Subject:
As per Chapter IV of the Information.
8. Processor:
MEDIACENTER HUNGARY Informatikai, Szolgáltató és Üzemeltető Korlátolt Felelősségű Társaság (registered seat: 6000 Kecskemét, Sosztakovics u. 3. II/6., tax code: 13922546-2-03, company register number: Cg. 03-09-114492, represented by: Csaba Ronkó managing director, e-mail: mediacenter@mediacenter.hu) host service provider providing the IT environment
2.2. Under the link „CONTACT”, processing of requests (Chart No. 3)
1. Description of data processing:
Subject have the possibility under the link „CONTACT”, to send e-mail messages to the Company for the purpose of establishing/maintaining contact. The Subject is the sender of the request.
2. Personal data subject to processing:
1. name
2. e-mail
3. message
3. Purpose of data processing:
Handling, answering of requests, administration in connection with the services of the Company.
4. Legal basis of data processing:
Data processing is performed as per Article 6(1) b) of GDPR, i.e. data processing is necessary for establishing contract with the Company, the arrangement of steps prior to entering into such contract, for the performance of the contract, for the settlement of potential claims in connection with the performance of contract.
5. Duration of data processing:
Requests are stored by the Company for 12 months from receipt, and are deleted, save for ongoing requests, which shall be deleted after 12 months from the completion of the case.
6. Rights of the Subject:
Rights as per Chapter III of the Information
7. Exercising of rights of the Subject:
As per Chapter IV of the Information.
8. Processor:
MEDIACENTER HUNGARY Informatikai, Szolgáltató és Üzemeltető Korlátolt Felelősségű Társaság (registered seat: 6000 Kecskemét, Sosztakovics u. 3. II/6., tax code: 13922546-2-03, company register number: Cg. 03-09-114492, represented by: Csaba Ronkó managing director, e-mail: mediacenter@mediacenter.hu) host service provider providing the IT environment
2.3. Data processing under the link „CAREER”, safekeeping of job applications (Chart No. 4)
1. Data processing exercises:
The Company collects CVs, motivation letters, job applications through two channels (hereinafter collectively: Application): (I.) by way of forwarding by recruitment firms and/or (II.) by way of the link CAREER on the Website. Under the link „CAREER” the Company enables any natural person (hereinafter: Applicant) to upload their Applications to the Website, to make those available to the Company (1) concerning a particular position, or (2) without the indication of a particular position. The Applications received are recorded, stored by the Company in a systemized manner. The Company sends automatic confirmation to the Applicant’s e-mail address on the receipt of Applications received through the link CAREER.
2. Personal data subject to processing:
Name, e-mail, as well as any and all personal data contained in the Application enclosed, in particular, yet not exclusively the highest school degree, language skills, professional experience, residence. In the event the Company identifies sensitive data in the Application, it shall delete such immediately, unless data processing is necessary for the performance of obligations of the Company or the Applicant arising from legal provisions regulating employment, as well as social security and social protection and for the exercising of their specific rights.
3. Purpose of data processing:
Filling in of vacant positions and/or positions to become vacant at the Company.
4. Legal basis of data processing:
[GDPR Article 6(1) a)] consent by the Subject
Withdrawal of consent:
The Applicant may withdraw his/her consent at any time, whereby the Company shall delete his/her Application without delay. The withdrawal of consent shall however not affect the legality of the consent-based data processing prior to such withdrawal. The withdrawal of consent may be performed by the Applicant in writing with no compulsory wording which shall be sent to any contact of the Company defined in Chapter IV of this Information. The withdrawal of consent shall become effective with the acknowledgement thereof by the Company.
5. Duration of data processing:
(I.) In the event Applicants are being forwarded to the Company by recruitment firms, the duration of data processing complies with the duration of tendering, i.e. the duration between the date of rendering of consent by the Applicant until the date of completion of tendering. The Company shall delete the personal data (Applications) of Applicants not selected, without delay after the filling in of the position, yet at the latest after two months from the submission of the Application also in the event the Applicant shall withdraw his/her Application during the tendering. Should the Company intend to keep the Application of an Applicant not selected after the completion of tendering, it shall inform the Applicant in advance, in particular concerning the purpose, duration thereof and shall collect the consent by the Applicant thereto afterwards, in which case it shall process the Application for a definite period of two months from the granting of such consent, and shall delete such upon expiry of this deadline and also in the event the Applicant shall withdraw his/her consent during this period.
(II.) In the event the Applications are stored through the link CAREER on the Website:
(1) In the event of indication of a particular position: The Company shall in any event set a deadline for submission of the Application. The Company shall decide within two months from the expiry of such deadline on the result of tendering, the selection of the Applicant adequate for the given position, and on the completion of tendering. The Company shall inform the Applicants on the result of the Tendering. The duration of the data processing shall be the duration of tendering, i.e. i.e. the duration between the date of rendering of consent by the Applicant until the date of completion of tendering. The Company shall delete the personal data (Applications) of Applicants not selected, without delay after the filling in of the position, yet at the latest after two months from the submission of the Application also in the event the Applicant shall withdraw his/her Application during the tendering. Should the Company intend to keep the Application of an Applicant not selected after the completion of tendering, it shall inform the Applicant in advance, in particular concerning the purpose, duration thereof and shall collect the consent by the Applicant thereto afterwards, in which case it shall process the Application for a definite period of two months from the granting of such consent, and shall delete such upon expiry of this deadline and also in the event the Applicant shall withdraw his/her consent during this period.
(2) In lack of indication of a particular position: The Company shall delete the Application upon expiry of a deadline of two months from the rendering of consent and also in the event the Applicant shall withdraw his/her consent during this period.
7. Addressees
Persons entitled to access the Applications: András Kövesi company manager, Andrea Hurja, Nóra Gyenes – Kovács, Máté Mészáros persons responsible for HR matters, Sándor Szilágyi IT
3. Data processing through the website operated under the domain http://szallitorendszerek.hu
1. Description of data processing:
On the Szállítórendszerek Website, the Company offers for sale the products it distributes or a part of those (hereinafter: Product) Under the menu link “REQUEST OFFER”, the Subject (hereinafter: Orderer or Subject) may request an offer concerning the product for the purpose of concluding a sale and purchase agreement. It is indispensable on the part of the Company to process the personal data of the Orderer set out in this clause in order to render an offer.
2. Personal data subject to processing:
1. name
2. e-mail
3. phone number
3. Purpose of data processing:
Rendering of offers to natural person Orderers for the purpose of future product sales, as well as for the purpose of establishing/maintaining of contact for communication of offers. In case of non-natural person Orderers the purpose of processing of the data of the contact person of the Orderer is to secure the maintaining of contact with the Orderer for the purpose of rendering of offers to the Orderer for the purpose of future product sales, as well as to establish/maintain of contact for communication of offers. [rendering of offers, communication, discussion of terms and conditions of the offer]
4. Legal basis of data processing:
Data processing in connection with the request for offer by the Orderer is performed as per Article 6(1) b) of GDPR, as this data processing is necessary prior to concluding the sale and purchase agreement, for taking the steps upon request by the Orderer.
5. Duration of data processing:
In the event no agreement is established between the Orderer and the Company, the Company shall store personal data of the Orderer for 12 months from the receipt of request for offer, and shall delete those. In the event an agreement is established, data will be stored for the duration as defined in Chapter II Clause 1 hereof.
6. Rights of the Subject:
Rights as per Chapter III of the Information.
7. Exercising of rights of the Subject:
As per Chapter IV of the Information.
4. Processing of data of customers and their contact persons in a customer database (Chart No. 5)
1. Description of data processing:
The Company records the data of customers in an electronic database. In the database, customers’ data are stored by the Company separated, systemized until termination of data processing, it shall not make hard copies thereof.
2. Personal data subject to processing:
In case of natural person customers:
1. name
2. residence (ZIP code, city, street, house number)
3. phone number
4. e-mail
5. invoice details (name, address; in case of deviation from data in Chart No. 1 Clause 2.2., only in case of data of natural persons)
6. delivery details (name, address; in case of deviation from data in Chart No. 1 Clause 2.2., only in case of data of natural persons)
7. tax code/tax ID
In case of non-natural person customers, the data of the contact person of the customer:
1. . name
2. phone number
3. e-mail
3. Purpose of data processing:
Establishing and performance of contract for natural person Customers, i.e. sale of products and delivery thereof to the Customer, performance of related tax and accounting obligations of the Company. In case of non-natural person Customers the purpose of processing of the data of the contact person of the Customer is to secure the maintaining of contact with the Customer for the purpose of establishing and performance of contract with the Customer, i.e. sale of products and delivery thereof to the Customer. [product sales/sale and purchase, handling of related shipment, furthermore the performance of legal duties of the Company]
4. Legal basis of data processing:
Data processing is performed as per Article 6(1) b) of GDPR, i.e. data processing is required for the establishing and performance of the sale and purchase agreement.
Data processing is performed as per Article 6(1) c) of GDPR, i.e. data processing represents the performance of legal obligations (tax and accounting obligations under the law) the Company is subject to.
5. Duration of data processing:
Personal data of the Subjects shall be processed by the Company during the existence of contractual relationship, until the performance of contract, respectively for a definite period thereafter pursuant to Section 169 of the act No. C of 2000 on accounting for 8 years, until 31 December 2017 pursuant to Section 47 subsection 3 and Section 164 of the act No. XCII of 2003 on the order of taxation (old TA), whereas from 1 January 2018 until the limitation period as per Section 78 subsection 3 and Section 202 of the act No. CV of 2017 on the order of taxation (new TA).
6. Rights of the Subject:
The rights as per Chapter III of the Information.
7. Exercising of rights of the Subject:
As per Chapter IV of the Information.
III. RIGHTS OF THE SUBJECTS
The following rights shall be vested in Subjects in connection with the data processing described above.
3.1. Right of information
Subjects are entitled to information on the facts in connection with data processing concerning their personal data processed by the Company prior to the commencement of data processing. Taking into account that the Subjects provide the Company with their personal data themselves, the Company shall perform its obligation to inform as per Article 13 of GDPR by way of the present Information.
3.2. Right of access (Article 15 GDPR)
Subjects shall have the right to obtain information at any time as to which of their personal data exactly are being processed by the Company. Upon their request, the Company shall furthermore provide information as to the purposes, legal basis, duration of the data processing concerning the Subject, as well as who and for what purpose have received their data (including in particular addressees in third countries, as well as international organisations if applicable). Subject shall have the right to have access to request any time the rectification, erasure or restriction of processing of personal data concerning them and may object to the processing of such personal data. Subjects shall have the right of being informed that they may lodge a complaint with the supervisory authority. In the event data emerges that were not collected by the Company from the Subject, the Subject may at any time request information as to the source of the data. In the event personal data are transferred by the Company to third countries or international organisations, the Company shall inform the Subject also with regard to the appropriate safeguards concerning the transfer.
The first copy of personal data subject to data processing will be provided by the Company to the Subject free of charge. For any further copies the Company may charge a reasonable fee based on administrative costs and adjusted to the volume of data, the amount thereof shall be notified by the Company with the Subject in advance. Where the Subject makes the request by electronic means, the information shall be provided by the Company to the Subject in a commonly used electronic form, unless the Subject requests otherwise. The right to obtain a copy shall not adversely affect the rights and freedoms of others.
3.3. Right to rectification, amendment (Article 16 GDPR)
Subjects shall have the right to obtain from the Company the rectification of inaccurate personal data or those recorded erroneously. Where data are incomplete – considering the purpose of data processing – Subjects may obtain the completion thereof. Where the data subject to rectification or completion request concerns data indicated in an official identity card or residence card or other register of public authenticity, the rectification or completion shall require such document to be presented.
3.4. Right to erasure of personal data („right to be forgotten”) (Article 17GDPR)
Subjects shall have the right to obtain from the Company the erasure of their personal data, which request the Company shall satisfy in the event one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by the Company;
b) the Subject withdraws consent on which the processing is based and there is no other legal ground for the processing;
c) the Subject objects to the processing pursuant to Article 21(1) of GDPR and there are no overriding legitimate grounds for the processing, or he/she objects to the processing pursuant to Article 21(2) of GDPR for the purpose of direct marketing;
d) the personal data have been unlawfully processed by the Company;
e) the personal data have to be erased for compliance by the Company with a legal obligation in EU or member state law to which it is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of GDPR.
Where the Company has made the personal data public and is obliged to erase the personal data, the Company shall take reasonable steps, to inform other controllers which are processing the personal data on the obligation to erase.
Data shall not be erased, when data processing is necessary:
a) for exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by law to which the Company is subject (e.g. performance of tax and accounting obligations) or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company;
c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of GDPR;
d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of GDPR in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
e) for the establishment, exercise or defense of legal claims.
3.5. Right to restriction of processing (Article 18 GDPR)
Subjects shall have the right to obtain from the Company the restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the Subject, for a period enabling the Company to verify the accuracy of the personal data;
b) the processing is unlawful and the Subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the Company no longer needs the personal data for the purposes of the processing, but they are required by the Subject for the establishment, exercise or defense of legal claims;;
d) the Subject has objected to processing pursuant to Article 21(1) of GDPR pending the verification whether the legitimate grounds of the Company override those of the Subject. In such event the restriction applies for the duration until it is established, whether there are overriding legitimate grounds for data processing, i.e. whether the legitimate gorunds of the Company for keeping and processing the date override the legitimate grounds of the Subject for erasure of the data.
During the restriction data are only stored by the Company without any further processing, unless i) the Subject has consented to further processing measures or ii) the processing of data is necessary for the establishment, exercise or defence of legal claims furthermore iii) for the protection of the rights of another natural or legal person, or iv) for reasons of important public interest of the EU or of a member state.
A Subject who has obtained restriction of processing shall be informed by the Company before the restriction of processing is lifted in a way and form as the restriction of data processing was requested by the Subject.
The Company shall communicate any rectification or erasure of personal data or restriction of processing requested by a Subject and carried out by the Company to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Company shall inform the Subject upon request about those recipients who have been notified in accordance with the above.
3.6. Right to object (Article 21 GDPR)
Subjects shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on public interest or enforcement of legitimate interests of the Company or third parties (point (e) and (f) of Article 6(1) of GDPR), including profiling based on those provisions. The Company shall no longer process the personal data unless the Company demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Subjects or for the establishment, exercise or defence of legal claims.
Subjects shall have the right to object at any time to processing of personal data concerning him or her for direct marketing, which includes profiling (if Company applies such, it shall provide adequate information) to the extent that it is related to such direct marketing. In the event of objection, personal data shall no longer be processed by the Company for direct marketing purposes.
Where personal data are processed for statistical purposes, Subjects shall have the right to object on grounds relating to his or her particular situation, to processing of personal data for such purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
3.7. Right to data portability (Article 20 GDPR)
Considering that data of the Subjects are stored by the Company also in electronic database, Subjects shall have the right to receive the personal data concerning him or her, which he or she has provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Company. The right to data portability shall be vested in the Subjects regarding those data, the processing of which in based on the Subject’s consent (point a) of Article 6(1) or point a) of Article 9(2) of GDPR) or on performance of contract (point b) of Article 6(1) of GDPR). In the event the Subject requests direct transmission of personal data between controllers, the Company shall indicate whether such is technically feasible.
3.8. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
Without prejudice to any other administrative or judicial remedy, Subjects shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence, place of work or place of the alleged infringement if the Subject considers that the processing of personal data relating to him or her infringes the GDPR.
In Hungary, the supervisory authority is the National Data Protection and Freedom of Information Authority (1024 Budapest, Szilágyi Erzsébet fasor 22/C., e-mail: ugyfelszolgalat@naih.hu, +36-1-3911400, president: dr. Attila Péterfalvi, www.naih.hu).
The supervisory authority with which the complaint has been lodged by the Subject shall inform the Subject on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 of GDPR.
3.9. Right to an effective judicial remedy against a supervisory authority (Article 78 GDPR)
Without prejudice to any other administrative or non-judicial remedy, Subjects shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority (in Hungary, the National Data Protection and Freedom of Information Authority) concerning them. Without prejudice to any other administrative or non-judicial remedy, Subjects shall have the right to an effective judicial remedy where the supervisory authority which is competent pursuant to Articles 55 and 56 of GDPR does not handle a complaint or does not inform the Subject within three months on the progress or outcome of the complaint lodged pursuant to Article 77 of GDPR. Proceedings against a supervisory authority shall be brought before the courts of the member state where the supervisory authority is established (in Hungary, the Metropolitan Administration and Labour Court shall have jurisdiction and competence for judicial proceedings against the National Data Protection and Freedom of Information Authority).
3.10. Right to an effective judicial remedy against the Company or data processor (Article 79 GDPR)
Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Clause 4.8, Subjects shall have the right to an effective judicial remedy where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data by the Company in non-compliance with the GDPR.
Proceedings shall be brought before the courts of the member state where the Company has an establishment, i.e. before the courts of Hungary. Proceedings may be brought before the courts of the member state where the Subject has his or her habitual residence (in the event this is not Hungary).
3.11. Communication of a personal data breach to the Subjects (Article 34 GDPR)
When the personal data breach is likely to result in a high risk to the rights and freedoms of the Subjects, the Company shall communicate the personal data breach to the Subject without undue delay. Such communication shall describe in clear and plain language the nature of the personal data breach and contain at least the following information and measures:
a) the name and contact details of the data protection officer or other contact point where more information can be obtained;
b) the likely consequences of the personal data breach;
c) the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
The communication to the Subjects regarding the personal data breach shall not be required if any of the following conditions are met:
a) the Company has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
b) the Company has taken subsequent measures which ensure that the high risk to the rights and freedoms of Subjects is no longer likely to materialise;
c) the communication would require disproportionate effort
In the events described above, Subjects shall be notified by way of publicly disclosed information or such similar measures shall be taken as to ensure notification of the Subject of similar effectiveness.
IV. ENFORCEMENT OF SUBJECT’S RIGHTS, LODGING OF REQUESTS, CONTACTING THE COMPANY
When exercising their rights, Subjects shall forward requests possibly i) in writing, via mail ii) personally to the Company’s registered seat or iii) via e-mail to the e-mail address of the Company.
Data, contact details of the Company/Controller:
company name: TECH-CON Hungária Termelő és Kereskedő Korlátolt Felelősségű Társaság
registered seat: 1133 Budapest, Véső utca 9-11.
company register number: Cg. 01-09-687815
represented by: András Kövesi company manager,
tax code: 10721566-2-41
e-mail address: Kovesi.Andras@tech-congroup.com
website: www.tech-con.hu
In the event doubts arise as to the identity of the Subject or data provided are not sufficient for identification, the Company shall have the right to request from the Subject further identification data necessary and suitable for confirmation of identity.
When the person lodging the request shall fail to confirm his or her identity beyond doubt, and thus the Company may not identify him or her, it may refuse the processing of such request.
The Company shall without undue delay, yet by all means within one month from the receipt of the request inform the Subject on measures taken on the basis thereof. If needed, considering the complexity and the number of requests, this deadline may be extended by further two months. The Company shall inform the Subject on the extension of the deadline along with the indication of the reasons for such delay within one month from the receipt of such request.
In case the Subject has lodged the request electronically, notification shall be possibly rendered electronically, unless requested otherwise by the Subject.
In the event the Company shall not take measures based on the request by the Subject, it shall without delay, yet no later than within one month from the receipt of the request notify the Subject regarding the reasons of absence of such measures and on the possibility of the Subject to lodge a complaint at a supervisory authority and to exercise his or her right to legal remedy before court.
Information as per Articles 13 and 14 of GDPR and notifications and measures as per Articles 15–22 and 34 of GDPR shall be provided by the Company free of charge. When a request is obviously inadmissible or – due to the fact that it is reoccurring – exaggerated, considering the administrative costs in connection with rendering the information or notification requested, or the performance of measure requested, the Company:
a) may charge a reasonable fee or
b) may refuse to take actions on the basis of the request.
Budapest, 25 May 2018