Data management, data protection guidelines
WEBSITE WWW.ONLINE-ADOTANACSADAS.HU

Information on data management

ON THE HANDLING OF THE DATA OF NATURAL PERSONS

AND ON THE RIGHTS OF THE PERSON INVOLVED

 

Based on the provisions of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of Regulation 95/46/EC (hereinafter: Regulation) as follows, we provide the data subject with information about the handling of personal data on the above website and the data subject’s rights.

 

CONTENTS:

 

NAME OF DATA PROCESSOR
NAME OF DATA PROVIDERS
III. INFORMATION ON CERTAIN DATA PROCESSES

Cookie management on the website
Data management related to registration on the website
Data management related to the newsletter service
Data management related to online store purchases
Data management related to the invoicing of products and services sold in the online store
Data management related to the Contact menu of the website
INFORMATION ON DATA SECURITY MEASURES
V. INFORMATION ON THE RIGHTS OF THE PERSONS INVOLVED

 

NAME OF DATA PROCESSOR

The operator and data controller of the website www.online-adotanacsadas.hu:

 

COMPANY NAME: Control and FInance Kft.

Company registration number: 03-09-133364

Tax number: 24975610-2-03

Headquarters: 6000 Kecskemét, Nagy László u. 2. M/FSZ/8

Tel.: 06501350743

E-mail: info@online-adotanacsadas.hu

Websites:

Represented by: Péter Lestyán

Data protection officer: none

(hereinafter: Data Controller)

 

NAME OF DATA PROCESSORS

 

Name of IT service provider data processor:

 

Website: www.webonic,hu

Data protection officer: none

 

III. INFORMATION ON CERTAIN DATA PROCESSES

 

Information about the purpose, legal basis and other circumstances of the data management carried out by the Data Controller must be provided to the data subject at the time of data collection or the first contact.

 

 

Cookie management on the website

The following cookies are used on the www.online-adotanacsadas.hu website:

 

 

1. COOKIE NAME: www.online-adotanacsadas.hu
1.1. SERVICE PROVIDER: www.webonic.hu
1.2. ITS FUNCTION: Session ID, records the visitor’s browsing status between page loads.
1.3. WHY IS IT NECESSARY FOR THE WEBSITE TO WORK? Necessary for the basic operation of the site
1.4. WHAT VISITORS’ DATA DOES IT ACCESS? He can’t access it
1.5.
DO YOU COLLECT DATA FOR A THIRD PARTY?

FOR WHAT PURPOSE AND FOR WHOM?

It does not collect data
1.6. STORAGE TIME (Cookie LIFETIME): Until the end of the session
1.7. PURPOSE OF DATA MANAGEMENT: Functional operation of the website
1.8. LEGAL BASIS FOR DATA MANAGEMENT: The legitimate interest of the data controller.

 

 

You can find information about the cookie settings and information of the most popular browsers at the following links:
Google Chrome https://support.google.com/accounts/answer/61416?hl=en
Firefox https://support.mozilla.org/hu/kb/sutik-informacio-amelyet-weboldalak-tarolnak-szami
Microsoft Internet Explorer https://support.microsoft.com/hu-hu/help/17442/windows-
internet-explorer-delete-manage-cookies#ie=ie-11
Microsoft Edge https://support.microsoft.com/hu-u/help/4468242/microsoft-
edge-browsing-data-and-privacy-microsoft-privacy
Opera https://help.opera.com/en/latest/web-preferences/#cookies
Safari https://support.apple.com/hu-hu/guide/safari/sfri11471/mac

Data management related to registration on the website

The www. The purpose of registration on the online-adotanacsadas.hu website and the related data management is to fulfill the services provided on the website, to carry out, simplify and speed up regular purchases, maintain contact, secure access, and identification. Registration alone does not entail a purchase. Registration is optional and not a condition for purchase. The purchase is a different and separate data management from the registration.

Legal basis for data management: consent of the data subject (GDPR Article 6 /1/ a./).
Registration is voluntary. On the website, the registrant natural person can give his consent to the processing of his personal data by checking the relevant box. Pre-checking the box is prohibited. The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal. Before giving consent, the data subject must be informed of this. It should be possible to withdraw consent in the same way as to give it.

 

Consequence of failure to provide data: registration on the website is not possible.

Affected person: who registers at www. online-adotanacsadas.hu website.

The scope of data handled: name, address, phone number, e-mail address, billing and mailing name and address, tax number for a taxable individual, online identifier.

The data controller does not perform automated decision-making or profiling, and does not classify or categorize the data subjects.

Recipients of personal data – who can view the data – and categories of recipients: the Company with customer service, sales activities

employees performing tasks related to , and employees of the Company’s IT service provider performing hosting services as data processors.

Data transfer to a third country: none.

Duration of storage of personal data: until the existence of the registration, or until the consent of the data subject is withdrawn (deletion request). The registration and data of an inactive user must be deleted by December 31 of the 3rd year following the last activation. A user is not active if he does not use his registered user account, does not perform any activities, or does not log in.

Data management related to the newsletter service

The purpose of data management related to the newsletter service is to send news, information, and advertisements by e-mail about the products and services distributed by the Company.

Legal basis for data management: consent of the data subject (GDPR Article 6 /1/ a./).
Registration is voluntary. On the website, the registrant natural person can give his consent to the processing of his personal data by checking the relevant box. Pre-checking the box is prohibited. The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal. Before giving consent, the data subject must be informed of this. It should be possible to withdraw consent in the same way as to give it. The person concerned can unsubscribe from the newsletter at any time by using the “Unsubscribe” application of the newsletter, or by making a statement in writing or by e-mail, which means withdrawal of consent. In such a case, all data of the unsubscriber must be deleted immediately.

 

Consequence of failure to provide data: subscription to the newsletter is not possible, the person concerned will not receive the newsletter.

Affected person: who subscribes to www. online-adotanacsadas.hu. to your newsletter.

The scope of data managed: name, e-mail address.

The data controller does not perform automated decision-making or profiling, and does not classify or categorize the data subjects.

Recipients of personal data – who can view the data – and the categories of recipients: employees of the Company performing tasks related to customer service and sales activities, employees of the Company’s IT service provider providing hosting services as data processors.

Data transfer to a third country: none.

Duration of storage of personal data: until the existence of the registration, or until the consent of the data subject is withdrawn (deletion request). Inactive e-mail addresses and related personal data must be deleted. The e-mail address is not active if the newsletter sent to it is returned with a undeliverable signal.

Data management related to online store purchases

The purpose of data management related to online shopping is www. creation of a contract for the sale of products sold in the online-adotanacsadas.hu online store, provision of services, determination of its content, modification, monitoring of its performance, invoicing of the resulting fees, and enforcement of related claims. Data processing for invoicing purposes is considered a different, independent data processing.

The legal basis for data management: fulfillment of a contract in the case of a natural customer (GDPR Article 6 /1/ b./).

In the case of a representative or contact person of a legal entity, the legal basis for data processing is: the legitimate interest of the data controller ((GDPR Article 6 /1/f./). In this context, the criteria of necessity and proportionality are as follows:

The processing of the data of the natural person representing the legal entity is necessary in order to fulfill the contract and the obligation to cooperate within its framework. This data management limits the representative’s right to the protection of personal data. People are reluctant to give their personal information to others.

 

At the same time, this is absolutely necessary in a contractual relationship: the negotiation of performance conditions, the exercise of rights and obligations require operational measures, for which the management of contact information is essential.

 

Considering these, in the contractual relationship it is not possible to dispense with the processing of the personal data of the contracting partner of the legal entity, which is absolutely necessary for maintaining contact, even if this involves limiting the personal rights of the person concerned. This restriction is proportionate, because it applies to the minimum necessary data, and the person representing the legal entity must take into account the processing of his data for this purpose.

 

The representative of the legal entity must be informed about the management of his personal data and his rights when concluding the contract. The storage period for this data is 5 years after the termination of the contract.

 

Consequences of failure to provide data: the contract is not created, the purchase in the online store is not possible,

A person who makes a purchase in the online store is considered a data subject. In the case of a legal entity buyer, the affected person is the person designated as a contact person during the purchase. Affected eyes

ly is also the person who initiates a purchase if their data is recorded, but the contract is not concluded.

The scope of data handled: in the case of a natural person buyer, natural personal identification data, residential address, e-mail address, telephone number, bank account number (?). In the case of a customer contact person of a legal person: name, telephone number, e-mail address.

The data controller does not perform automated decision-making or profiling, and does not classify or categorize the data subjects.

Recipients of personal data – who can view the data – and the categories of recipients: employees of the Company performing tasks related to customer service and sales activities, employees of the Company’s IT service provider performing hosting services as data processors, courier service employees performing transportation and delivery. The name, address data and telephone number will be transferred to the Post / Courier Service, who act as data processors. In connection with the purchase, data is forwarded to the data controller’s bank, the name of the customer and the amount of the consideration, a notice appears on the bank account statement.

Data transfer to a third country: none.

Duration of storage of personal data: 5 years under the Civil Code. Based on the limitation period specified in § 6:22. /1/.

Data management related to the invoicing of products and services sold in the online store

The purpose of data processing related to the invoicing of products and services sold in the online store is to fulfill the tax and accounting obligations prescribed by law (bookkeeping records, taxation).

Legal basis for data management: fulfillment of a legal obligation (GDPR Article 6 /1/ c./).

The consequence of not providing data: the natural person who buys cannot receive a personal invoice, which – except in cases of exemption from issuing invoices (§ 165 of the VAT Act) – constitutes an obstacle to the purchase.

The person concerned: the customer is an individual.

The scope of data managed: name, address, tax number in the case of a taxable private individual, tax status (for example, sole trader, primary producer designation) and other data required by law to be included in the invoice, place and time of performance, consideration, amount of VAT, amount to be paid. Governing legislation: CXXVII of 2017 on VAT. TV. §§ 169 and 202, § 167 of Act C of 2000 on accounting. CXVII of 1995 on personal income tax. law.

The data controller does not perform automated decision-making or profiling, and does not classify or categorize the data subjects.

Recipients of personal data – who can look into the data – and the categories of recipients: employees of the Company performing tasks related to customer service, sales, financial accounting activities, employees of the Company’s IT service provider providing hosting services as data processors, data processors performing accounting. Based on legal requirements, data must be provided to the tax authority on the invoice issued to the taxable individual. (Appendix X of the VAT Act).

Data transfer to a third country: none.

Duration of storage of personal data: 8 years (§ 169 of the Accounting Act)

Data management related to the Contact menu of the website

The www. The purpose of data management related to the use of the online-adotanacsadas.hu website Contact menu: answering and handling questions, comments, and complaints asked by the user.

Legal basis for data management: consent of the data subject (GDPR Article 6 /1/ a./).
Use of the Contact menu is voluntary.

 

Consequence of failure to provide data: contact is not possible using the Contact menu on the website.

Affected person: who is at www. Send a message using the Contact menu of the online-adotanacsadas.hu website.

Managed data: name, phone number, e-mail address.

The data controller does not perform automated decision-making or profiling, and does not classify or categorize the data subjects.

Recipients of personal data – who can view the data – and the categories of recipients: employees of the Company performing tasks related to customer service and sales activities, employees of the Company’s IT service provider providing hosting services as data processors.

Data transfer to a third country: none.

Duration of storage of personal data: the data must be deleted by December 31 of 3 years after the contact was made.

INFORMATION ON DATA SECURITY MEASURES

The Data Controller has taken the technical and organizational measures and established the procedural rules necessary for the enforcement of the GDPR to ensure the security of personal data for all purposes and rights-based data management.

 

The Data Controller uses appropriate measures to protect the data against accidental or illegal destruction, loss, alteration, damage, unauthorized disclosure or unauthorized access.

 

V. INFORMATION ON THE RIGHTS OF THE PERSONS INVOLVED

 

The following rights are affected 

they can live with

 

The rights of the data subject in brief:

Transparent information, communication and facilitating the exercise of the rights of the person concerned
The data subject’s right of access
Right to rectification
The right to erasure (“the right to be forgotten”)
The right to restrict data processing
Notification obligation related to the correction or deletion of personal data or the limitation of data management
The right to data portability
The right to protest
Automated decision-making in individual cases, including profiling
Informing the data subject about the data protection incident
The right to lodge a complaint with the supervisory authority (right to an official remedy)
The right to an effective judicial remedy against the supervisory authority
The right to an effective judicial remedy against the controller or processor

The rights of the data subject in detail and in full:

 

Below, we provide complete information on data subject rights.

 

Transparent information, communication and facilitating the exercise of the rights of the person concerned

1.1. The data controller must provide the data subject with all information and every piece of information regarding the processing of personal data in a concise, transparent, understandable and easily accessible form, clearly and comprehensibly worded, especially in the case of any information addressed to children. The information must be provided in writing or in another way, including, where applicable, the electronic way. Verbal information can also be provided at the request of the data subject, provided that the identity of the data subject has been verified in another way.

1.2. The data controller must facilitate the exercise of the data subject’s rights.

1.3. The data controller must inform the data subject without undue delay, but in any case within one month of the receipt of the request, of the measures taken as a result of his request to exercise his rights. This deadline can be extended by another two months under the conditions set out in the Regulation. about which the data subject must be informed.

1.4. If the data controller does not take measures following the data subject’s request, it must inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as that the data subject may file a complaint with a supervisory authority and exercise his right to judicial redress .

1.5. The data manager provides the information and information and measures about the rights of the data subject free of charge, however, in the cases described in the GDPR, a fee may be charged.

The detailed rules can be found under Article 12 of the Regulation.

 

The data subject’s right of access

2.1. The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to receive access to the personal data and related information. (Regulation Article 15).

2.2. If personal data is transferred to a third country or to an international organization, the data subject is entitled to receive information about the appropriate guarantees in accordance with Article 46 of the Regulation regarding the transfer.

2.3. The data controller must provide the data subject with a copy of the personal data that is the subject of data management. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.

Detailed rules regarding the data subject’s right of access are contained in Article 15 of the Regulation.

 

Right to rectification

3.1. The data subject is entitled to have the Data Controller correct inaccurate personal data concerning him without undue delay upon request.

3.2. Taking into account the purpose of data management, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.

These rules are contained in Article 16 of the Regulation.

 

The right to erasure (“the right to be forgotten”)

4.1. The data subject has the right to request that the data controller delete the personal data concerning him without undue delay, and the data controller is obliged to delete the personal data concerning the data subject without undue delay if

a) the personal data are no longer needed for the purpose for which they were collected or otherwise processed;
b) the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;
c) the data subject objects to the processing of his data and there is no overriding legal reason for the data processing,
d) personal data were handled unlawfully;
e) personal data must be deleted in order to fulfill the legal obligation prescribed by EU or Member State law applicable to the data controller;
f) the collection of personal data took place in connection with the offering of information society-related services offered directly to children.
4.2. Right to delete

g cannot be enforced if data management is necessary

a) for the purpose of exercising the right to freedom of expression and information;
b) for the purpose of fulfilling an obligation under EU or member state law applicable to the data controller, or for the purpose of performing a task performed in the public interest or in the context of the exercise of a public authority conferred on the data controller;
c) on the basis of public interest in the field of public health;
d) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, if the right to erasure would likely make this data management impossible or seriously endanger it; obsession
e) to present, enforce and defend legal claims.
Detailed rules regarding the right to deletion are contained in Article 17 of the Regulation.

 

The right to restrict data processing

5.1. In the case of data management restrictions, such personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, assert or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.

5.2. The data subject has the right to request that the Data Controller restricts data processing if one of the following is met:

a) the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the Data Controller to check the accuracy of the personal data;
b) the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use;
c) the Data Controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims; obsession
d) the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.
The relevant rules are contained in Article 18 of the Regulation.

 

Notification obligation related to the correction or deletion of personal data or the limitation of data management
The data manager informs all recipients of all corrections, deletions or data management restrictions to whom or to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the data controller informs about these recipients.

These rules can be found under Article 19 of the Regulation.

 

The right to data portability

7.1. Under the conditions set out in the Regulation, the data subject is entitled to receive the personal data relating to him/her provided to a data controller in a segmented, widely used, machine-readable format, and is also entitled to forward this data to another data controller without being hindered by the the data controller to whom you made the personal data available, if

a) data management is based on consent or a contract; and
b) data management is performed in an automated manner.
7.2. The data subject can also request the direct transmission of personal data between data controllers.

The detailed rules are contained in Article 20 of the Regulation.

 

The right to protest

8.1. The data subject has the right to object at any time for reasons related to his own situation against the processing of his personal data based on the public interest, the performance of a public task (Article 6 (1) e)) or legitimate interest (Article 6 f)), including profiling based on the aforementioned provisions too. In this case, the data controller may not process the personal data further, unless the data controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or which are necessary for the presentation, enforcement or defense of legal claims. are connected. In the context of the interest assessment test, the data controller reveals the content of the legitimate interest and examines how the enforcement of the legitimate interest affects the interests or fundamental rights and freedoms of the data subject. It must then be considered whether the latter take precedence over the legitimate interest of the data controller, especially if the person concerned is a child. If, during the consideration, the interests of the data subject require the protection of personal data – data management cannot be continued.

8.2. If personal data is processed for direct business acquisition, the data subject has the right to object at any time to the processing of personal data concerning him for this purpose, including profiling, if it is related to direct business acquisition. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, then the personal data may no longer be processed for this purpose.

8.3. These rights can be exercised no later than the first contact with the data subject

its attention must be specifically drawn during the process, and the relevant information must be displayed clearly and separately from all other information.

8.4. The data subject can also exercise the right to protest using automated means based on technical specifications.

8.5. If personal data is processed for scientific and historical research purposes or for statistical purposes, the data subject has the right to object to the processing of personal data concerning him for reasons related to his own situation, unless the data processing is necessary for the performance of a task carried out for reasons of public interest.

The relevant rules are contained in Article 21 of the Regulation.

 

Automated decision-making in individual cases, including profiling

9.1. The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have a legal effect on him or affect him to a similar extent.

Additional rules are contained in Article 22 of the Regulation.

 

Informing the data subject about the data protection incident

10.1. If the data protection incident likely involves a high risk for the rights and freedoms of natural persons, the data controller must inform the data subject about the data protection incident without undue delay. In this information, the nature of the data protection incident must be described in a clear and understandable manner, and at least the following must be disclosed:

a) the name and contact details of the data protection officer or other contact person providing additional information;
c) the likely consequences of the data protection incident must be described;
d) the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.
10.2. The data subject does not need to be informed if any of the following conditions are met:

a) the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures – such as the use of encryption – that would be unintelligible to persons not authorized to access personal data they make the data;
b) after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;
c) providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.
Additional rules are contained in Article 34 of the Regulation.

 

The right to lodge a complaint with the supervisory authority (right to an official remedy)

The data subject has the right to file a complaint with a supervisory authority – in particular in the Member State of his or her usual place of residence, workplace or the place of the suspected infringement – if, in the opinion of the data subject, the processing of personal data concerning him/her violates the Regulation. The supervisory authority to which the complaint was submitted is obliged to inform the customer about the procedural developments related to the complaint and its outcome, including whether the customer is entitled to legal remedies.

 

These rules are contained in Article 77 of the Regulation.

 

The right to an effective judicial remedy against the supervisory authority

12.1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons are entitled to an effective judicial remedy against the legally binding decision of the supervisory authority.

12.2. Without prejudice to other administrative or non-judicial legal remedies, all data subjects are entitled to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the data subject within three months of the procedural developments related to the submitted complaint or its result.

These rules are contained in Article 78 of the Regulation.

 

The right to an effective judicial remedy against the controller or processor

13.1. Without prejudice to the available administrative or non-judicial remedies, including the right to file a complaint with the supervisory authority, all data subjects are entitled to an effective judicial remedy if, in their judgment, their rights under this Decree have been violated as a result of the handling of their personal data not in accordance with this Decree.

13.2. Proceedings against the data controller or data processor before the court of the Member State where the data controller or data processor operates

must be started. Such a procedure can also be initiated before the court of the Member State of the habitual residence of the person concerned, unless the data controller or the data processor is a public authority of a Member State acting in the capacity of public authority.

 

These rules are contained in Article 79 of the Regulation.

 

Kecskemét, March 3, 2021

 

 

 

Conrol and Finance Kft.

data controller

© 2024 Control and Finance Kft.

About