According to 6. § (1) of Information Act, the data subject shall also be informed that his personal data may be processed if it is impossible to obtain his consent or it would incur disproportionate costs and the data processing
- is necessary because of laws to be observed by the data processor, that is,
- it is necessary in order to enforce the legitimate rights of the data processor or a third party, and the enforcement of this right is in proportion with the limitation of the rights concerning personal data protection rights.
If the data subject is not able to give his consent because of his legal incapacity or for any other unavertable reasons, the data subject’s data may be processed to the extent it is necessary to protect his own or other persons’ vital interests or to avert or prevent the direct danger threatening the persons’ life, physical safety or possessions during the period during which his legal incapacity or other reasons preventing him to give his consent exist.
The legal statement containing the consent of a data subject above the age of 16 is valid without the consent or subsequent permission of his legal guardian.
According to Information Act the notification above shall include the data subject’s rights concerning data processing and his legal remedies. If it is impossible to inform the data subjects personally or it would incur disproportionate costs, the notification may happen by publicising the following information:
a) the fact of data collection,
b) scope of data subjects,
c) purpose of data collection,
d) term of data processing,
e) possible data processors authorized to access the data,
f) information about the rights and legal remedies of data subjects, and
g) if it is applicable to register the data processing in Data Protection Registry, the Register Number.
The Data Processor shall be responsible for the personal data protection of the persons visiting the website, which is vital for us. Nevertheless, we ask you to take into consideration that it is not possible to ensure full data privacy for data transmitted via the internet.
The definitions of the terms used in this Policy and their meanings as in 3. § of Information Act:
|data||subject any natural person directly or indirectly identifiable by reference to specific personal data;|
|personal data||data relating to the data subject, in particular by reference to the name and identification number of the data subject or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity as well as conclusions drawn from the data in regard to the data subject;|
|personal data revealing racial origin or nationality, political opinions and any affiliation with political parties, religious or philosophical beliefs or trade-union membership, and personal data concerning sex life, or personal data concerning health, pathological addictions, or criminal record;|
|consent||any freely and expressly given specific and informed indication of the will of the data subject by which he signifies his agreement to personal data relating to him being processed fully or to the extent of specific operations;|
|objection||a declaration made by the data subject objecting to the processing of their personal data and requesting the termination of data processing, as well as the deletion of the data processed|
|controller||shall mean natural or legal person, or organisation without legal personality which alone or jointly with others determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or have it executed by a data processor;|
|data processing||any operation or the totality of operations performed on the data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints or palm prints, DNA samples, iris scans);|
|data transfer||ensuring access to the data for a third party;|
|data deletion||making data unrecognisable in a way that it can never again be restored;|
|data process||performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, as well as the place of execution, provided that the technical task is performed on the data;|
|data processor||any natural or legal person or organisation without legal personality processing the data on the grounds of a contract, including contracts concluded pursuant to legislative provisions;|
|third party||any natural or legal person, or organisation without legal personality other than the data subject, the data controller or the data processor;|
|data protection||incident unauthorised or illegal data management or processing of personal data, specifically unauthorised access, modification, transfer, disclosure, deletion or destruction or incidental loss or damage.|
- Act V of 2013. on the Civil Code;
- Act CXII of 2011 on the Right of Informational Self Determination and on Freedom of Information;
- Act CVIII of 2001 on certain issues of electronic commerce activities and information society services;
- Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities;
- Act C of 2003 on electronic communications.
LEGAL BASIS AND PURPOSE OF DATA PROCESSING
Personal Data can be processed for defined purposes, in order to apply laws and to fulfil obligations. The data processing shall be in accordance with the purpose of data processing in every stage of data processing, the collection and processing of the data shall be honest and legal. Only such personal data may be processed that are necessary in order for the purpose of data processing to be fulfilled and suitable to fulfil this purpose. Personal Data may be processed only to the extent and for the term it is necessary to fulfil the purpose thereof.
The Legal Basis for Data Processing:
The Data Processing shall happen on the basis of the statement made voluntarily by data subjects on the Data Processor’s Website and made on the basis of adequate information of the data subjects, by the data subject giving his personal data specified in this Policy for the purpose of contact, by which he gives his consent to the processing of his personal data.
The Purpose of Data Processing:
We inform you that the data given by you shall be processed by the Data Processor in accordance with the stipulations of Information Act, and the Data Processor shall have the right only to keep contact, the data shall not be used for any other purposes (e.g.: for the purpose of sending marketing letters, direct business offers, offering services or sending letters containing advertisements).
We inform you that the data processing may occur only for the above-mentioned purposes and only in a way specified in the law, to the extent and for a term it is necessary for the purpose to be fulfilled, and only those personal data shall be used that are absolutely necessary and suitable to fulfil the above-mentioned purposes.
THE SCOPE OF PROCESSED PERSONAL DATA AND THE WAY OFPROCESSING
The processing of personal data in accordance with this Policy may commence only after the Data Processor made the Policy serving as a basis for data processing available for the data subject, which is expressly acknowledged by the data subject. In all cases, the data collection shall occur through a special form filled in directly by the data subject and made for the purpose of sending messages on the website operated by the Data Processor.
The process of data collection is controlled by the data subject himself, in failure of which the data processing shall not occur, therefore if the data subject interrupts the data collection process explicitly or in a way expressed by conduct, the Data Processor shall interrupt the data collection and delete the personal data given so far without exception.
In course of operating the system, the data that are technically collected: the data collector tool’s data that are generated in the course of data collection and are stored by the system of the Data Processor as the automatic result of technical processes. The data stored automatically are logged at the time of data collection without a relevant statement or action by the data subject.
These data shall not be connected to other personal data – except in cases that are made obligatory by the law. The data shall be accessed only by the data processor.
We inform you that the data subject by giving his e-mail address takes responsibility of the fact that it is only he that uses the service from that given e-mail address. The Data Processor is not obliged to check whether the given e-mail address is really in the possession of the data subject who has given this e-mail address, so, this way the Data Processor shall have the right to believe that the data processing of the given data is legal
TERM OF DATA PROCESSING, MODIFICATION AND DELETION OF DATA
Postal Address: GRP Plasticorr Kft. 1097 Budapest, Illatos út 7.
E-mail Address: firstname.lastname@example.org
Phone Number: +36-1-280-6845
We inform you that the Website operated by the Data Processor uses so called cookies in order to collect profile data and status data for the identification of the data subjects, and for the tracking of visitors. Cookies are data that are stored temporarily on the hard disk drive of your computer from your browser by visiting the website and which data are necessary to visit the website. They in themselves cannot be used to identify that visitor. Cookies ensure further functions for the Website, and with their help we may gain more accurate information about the usage of the Website.
The cookies used by third parties is summarized in the table below. These cookies are put in the browser not by the operator of this website, but third parties.
|Cookie||Name and Type||Function|
|Google Analytics||_utma: persistent cookie _utmb: temporarycookie _utmc: temporary cookie _utmz: persistent cookie||These cookies used by third parties store how the users use this website. On the basis of the information gained this way, it is possible to create reports which can help to further develop this website. The cookies store among other things the following information in a strictly anonymously: (i) the number of visitors, (ii) from which website the visitors came to this website, furthermore (iii) which pages of this website the users has visited. You can read about Google’s relevant policies here.|
Modification of Browser Settings
Most browsers have the feature to regulate cookie usage. You can read further information about cookies in general or their usages and deletion at these websites: www.aboutcookies.org or www.allaboutcookies.org.
You can get further information about cookies used by Google Analytics and about their deletion at this website: http://tools.google.com/dlpage/gaoptout.
Cookies and Personal Data
Cookies do not contain or store data of personal nature, but we would like to draw your attention to the fact that the personal data collected on this website can be connected to the information stored in Session cookies.
Through adequate measures, the data shall be protected against unauthorised access, modification, transfer, disclosure, deletion or loss, and against accidental destruction or damage, furthermore against becoming inaccessible because of the modification of the technology applied.
In order to protect electronically managed data files stored in various registries, it shall be ensured through adequate technical solutions that the data stored in registries – except when it is made possible by law – shall not be directly connected or assigned to the data subject.
In course of processing personal data automatically, the data controller and data processor ensures with further measures the prevention of unauthorised data entry; the prevention of the use of automatic data processing systems by unauthorised persons through data transfer equipment; that it is possible to check and track down to which organisations the personal data have been or may be transferred by using data transfer equipment; that it is possible to check and track down which personal data are entered by whom and when into the automatic data processing systems; that the installed systems shall be restored when there is an incident, and that reports are made of the errors arising in course of automatic data processing.
When the data controller and the data processor lay down the measures for data protection and when they apply these measures, they need to take into consideration the state of technology. Of many data processing solutions, they shall choose the one that can ensure a higher level personal data protection, except when it would mean a disproportionate difficulty for the data processor.
RIGHGTS OF DATA SUBJECTS
In accordance with the Information Act, the data subject may request the data controller:
- to inform him about the processing of his personal data,
- the modification of his personal data, and
- the limitation of the data processing to a specified scope,
- omission or deletion of profiling and automatic data processing,
- the deletion or closure of his personal data,
- exercise his right to data portability.
At the request of the data subject, the data controller shall give information about the data subject’s data processed by him or by the data controller commissioned by him, about the sources of those data, the purpose of data processing, the legal base for data processing, its term, the name and address of the data processor, his activities in connection with data processing and – in the case where the personal data of the data subject are transferred – about the legal base and addressee of the data transfer.
The data controller shall fulfil the request for information in the shortest possible notice, but not later than 30 days after the submission of the request in an easily understandable written form. The information is free of charge if the requestor for information has not submitted a request for information of the same scope to the data processor. In other cases, a fee may be charged.
If the personal data is false, but the data processor is in possession of the correct personal data, the data processor shall correct the false data.
On the basis of the right to data portability, the data subject shall have the right to receive in a machine-readable form his personal data that he has made available to the data processor and to transfer these data to another data processor without the previous data processor obstructing this.
The personal data shall be deleted if:
- it is illegal to process it;
- it is requested by the data subject on the basis of 14. §
- of the Information Act;
- the data is incorrect or incomplete – and this cannot be legally remedied – provided that the deletion is not against the law;
- the purpose of the data processing is no longer valid or the term for the data storage specified in the law is over;
- it is ordered by a court or Authority.
The data processor shall block the personal data instead of deleting them if the data subject requests this or if on the basis of the available information it can be assumed that the deletion would infringe the data subject’s legitimate interests. The personal data blocked this way may be processed until the purpose of the data processing exists, which purpose prevented the deletion of the personal data.
The data subject and the persons to whom the personal data were previously transferred shall be notified of the data correction, data blocking, tagging and deletion. The notification can be dispensed with if, considering the purpose of data processing, it does not infringe the legitimate interests of the data subject. If the data processor does not fulfil the data subject’s request for correction, blocking or deletion, the data processor shall notify the data subject of legal and factual reasons for the rejection of correction, blocking or deletion in writing, within 30 days on receipt of the request.
If the request for correction, blocking or deletion is rejected, the data processor shall notify the data subject of legal remedies and of further possibilities to appeal to Authorities.
We inform you as a data subject that on the basis of the Information Act you may object to your personal data being processed if
- the processing or transfer of the personal data is only necessary to fulfil legal obligations that apply only to the data processor or to enforce the legitimate interests of the data processor, data recipient or third persons, except when the data processing is made obligatory by law.
- the processing of the personal data occurs only in order to make direct offers, conducting polls, or do scientific research;
- in other cases defined by law.
The data subject shall be obliged to prove that the data processing is in accordance with the law.
The data recipient shall be obliged to prove the legality of the data transfer. The data processor shall examine the objection in the shortest possible term on receipt of the objection or not later than 15 days and shall make a decision concerning the validity of the objection and notify the objector in writing. If the data processor accepts the basis of the data subject’s objection, the data processor shall terminate the data processing, including any further data collection and data transfer, and block the data and shall notify all the persons to whom the data processor previously transferred those personal data affected by the objection and those persons that are obliged to make measures to fulfil the right to objection of the objection and the measures the data processor has made. If the data subject does not agree with the decision of the data processor or the data processor does not meet the deadline above, the data subject may seek legal remedies in court within 30 days after the decision was made available for him.
The data processor shall be held responsible for the damage caused by the data processor to the data subject. The data processor may be exempt from the responsibility for the damage if the data processor can prove that the damage or the infringement of the data subject’s personal data was caused by unavoidable events out of the scope of data processing. The data processor shall not be obliged to pay damages if the damage arouses from deliberate actions or gross negligence by the party to whom the damage was caused or the encroachment caused by personal data infringement arouse from deliberate actions or gross negligence on part of the data subject.
The data controller shall make a registry of the data protection incidents in order to be ready to inform the data subjects or be prepared for possible audits. The registry shall include the scope of the personal data affected, the scope and number of the data subjects affected by the data protection incident, the time and date, circumstances, effects and the remedial steps to avert the incidents of the data protection incident, and other data specified by the law that requires the data processing. The data controller shall inform the data subject of these at the request of the data subject.
In the event of a data protection incident, the data controller shall without any delay but not later than 72 hours report it to the relevant authority except when the data protection incident probably does not pose a risk to the rights and freedom of natural persons.