|
Menu
|
This Privacy Notice (hereinafter: ‘Privacy Notice’) presents the characteristics of the processing of the Mateco-Hungary Korlátolt Felelősségű Társaság (hereinafter: ‘Controller’, ‘Company’, ‘We’) through its website mateco-hungary.hu (hereinafter: ‘Website’), whether related to visiting the Website or using the services provided by the website, and in particular the collection, storage and use of the data.
Name of Controller: Mateco-Hungary Korlátolt Felelősségű Társaság
Company reg. no. of the Controller: 03-09-108514
Registered office of the Controller: 6000 Kecskemét, Izsáki út 8, Building B
E-mail of the Controller: privacy@mateco-hungary.hu
Representative of the Controller: Csaba Farkas, Managing Director
Data protection officer of the Controller: Bovard Kft.
Contact information of the data protection officer: info@bovard.hu
The Company processes the personal data in accordance with all applicable laws, but primarily in accordance with the provisions of the following legislation:
The Company treats personal data confidentially and takes all necessary technical and organisational measures to promote IT, information security and other secure data processing in order to preserve the confidentiality of the data.
The term base of this Privacy Notice corresponds to the interpretative term definitions in Article 4 of the Regulation, and in certain points supplemented with the interpretative provisions of Section 3 of the Infotv.
When this notice refers to data or processing, it is to be understood as personal data and their processing.
Through the Website, the Company provides an opportunity for the users and customers of the Website to get to know the Company’s activities, services and request an quotation for various services provided by the Company, as well as to send their CVs directly to the Company for job applications announced by the Company.
On the Website, users can also contact the Company in connection with a request for information or a complaint, at one of the contact details provided on the https://mateco-hungary.hu/en/about-us/locations subpage.
Description of the processing: The Company provides an opportunity for its customers and users visiting the website to contact the Company or the Company’s employees at one of the contact details provided on the https://mateco-hungary.hu/en/contact-us
Purpose of the processing: Contact and communication with customers
Processed data: The name, address and e-mail address of the data subject, other data related to the request.
Data subjects: The persons contacting the Company.
Legal grounds of processing: Legitimate interest pursuant to Article 6 (1) f) of the GDPR and performance of a contract pursuant to Article 6 (1) b) of the GDPR.
Data preservation deadline: If any kind of contract or agreement is concluded between our Company and the data subject, we will process the personal data processed during the related communication in connection with the given contract, up to the expiry of the limitation period, which is generally 5 years from the performance of the contract.
If, as a result of the communication, no contract or other agreement is concluded between our Company and the data subject, the message(s) will be erased after the final termination of the communication.
Data source: Data collected from the Data Subject.
Processors, recipients: Microsoft Corporation – Our Company’s e-mail provider.
Consequence of failure to provide personal data: The legal ground of the processing is the legitimate interest of the Company, and is therefore irrelevant.
Legitimate interest of the Controller, if applicable: It is in the legitimate interest of our Company, if it is contacted by e-mail, to process the personal data necessary to respond and resolve the matter.
Description of the processing: The purpose of processing the personal data of job applicants is to select suitable prospective employees to fill the vacancies at the Company during the recruitment procedure. As a general rule, the Company does not process CVs for later use, they are erased immediately after the end of the recruitment procedure.
Purpose of the processing: During the conducting of the selection process and the selection, it is necessary to get to know the professional and human qualities, education and previous work experience of the candidates in order to find the most suitable person to fill the vacancy.
Processed data: The data indicated in the CV and possibly in the motivation letter are typically the identification data, such as, in particular, name, place and date of birth, mother’s name, address, education data (education, qualification, professional experience, level of language proficiency, diploma, graduating average, etc.), request relating to the position to be filled, previous jobs, photo, other data provided in the CV by the data subject, telephone number, e-mail address.
Data subjects: The persons submitting a job application (CV) to the Controller.
Legal grounds of processing: The processing of personal data is necessary to take steps at the request of the data subject before the conclusion of the contract, therefore the legal ground for the processing is Article 6 (1) b) of the Regulation. By sending us their application for the advertised position, the data subject expresses their clear will and intention to fill the position and to take part in the selection process. It is a necessary part of the selection process for the employer to assess the applicant’s professional and personal qualities in advance, in order to judge whether the candidate is suitable to fill the position.
Data preservation deadline: The personal data of the data subject is processed by the Company until the appropriate candidate is selected.
Data source: Data collected from the Data Subject.
Processors, recipients: Microsoft Corporation (One Microsoft Way Redmond, WA 98052-6399 USA) – Our Company’s e-mail provider (Office 365).
Consequence of failure to provide personal data: The provision of personal data is not mandatory, but is an essential condition for assessing the application and participating in the selection process.
Legitimate interest of the Controller, if applicable: Not applicable.
Description of the processing: Users and customers have the opportunity to submit a request for quotation for the services provided by the Company or to apply for them via the Company’s website.
Purpose of the processing: Submitting a quotation request for the services and products provided by the Company, making an offer, registering for various services.
Processed data: In case of a request for a quote for a lease or servicing:
Data subjects: The persons requesting a quotation from the Company.
Legal grounds of processing: Legitimate interest pursuant to Article 6 (1) f) of the GDPR in the case of a person requesting a quotation on behalf of a legal person and the performance of a contract pursuant to Article 6 (1) b) of the GDPR in the case of a natural person.
Data preservation deadline: Until the quote is issued, if any contract or agreement is concluded between our Company and the data subject, we will process the personal data in connection with the given contract, at most until the expiry of the limitation period, which is generally 5 years from the performance of the contract.
Data source: Data collected from the Data Subject.
Processors, recipients: Not used.
Consequence of failure to provide personal data: The provision of personal data is mandatory, if the data subject does not make the data available to the Controller, the Controller will not be able to provide a quote or register the application for the service.
Legitimate interest of the Controller, if applicable: Not applicable.
Description of the processing: The Company has an obligation to issue invoices in connection with the sale, lease and provision of services, therefore it issues an invoice with the content specified in Act CXXVII of 2007 on Value Added Tax (hereinafter: ‘VAT Act’) and preserves it with the content specified in the VAT Act, as well as handles complaints related to the invoices.
Purpose of the processing: The purpose of the Controller’s processing is to issue and preserve invoices in accordance with Section 159 (1) and Section 169 of the VAT Act and Section 169 (2) of Act C of 2000 on Accounting (hereinafter: ‘Accounting Act’), and to handle and settle complaints related to issued invoices.
Processed data: The data specified in Section 169 of the VAT Act, in particular:
Data subjects: The persons establishing a contractual relationship with the Controller.
Legal grounds of processing: Pursuant to Section 169 (1) of the VAT Act, the legal ground for the processing of data during the issuance of invoices is Section 6 (1) c) of the Regulation, i.e. the fulfilment of a legal obligation.
Data preservation deadline: The Company preserves the invoices for at least 8 years in accordance with Section 169 of the Accounting Act.
Data source: The source of the data is the data subject.
Processors, recipients: Microsoft Ireland Operations Limited One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) Our Company’s e-mail and cloud service provider (Office 365), and it transfers the data to the processors and other recipients via the Microsoft SharePoint system.
In accordance with Recital 48 of the Regulation, the data of the data subjects may also be transferred to the Company’s parent company, Mateco Sàrl (7 Rue Laïteschbaach, 5324 Contern, Luxembourg) on the basis of the legitimate interest of the group.
Consequence of failure to provide personal data: The provision of personal data is mandatory, if the data subject does not provide the data to the Controller, the Controller is not in a position to provide the service intended to be used by the data subject.
Legitimate interest of the Controller, if applicable: Not applicable.
Description of the processing: In order to keep in touch with its customers and partners, as well as with those interested in its products and services, the Data Controller operates a newsletter service and allows visitors to its website to subscribe to this newsletter service. Subscription to the newsletter service is not a condition of any other service provided by the Data Controller.
Purpose of the processing: The purpose of the Controller’s data processing is to inform current and prospective customers/customers/partners about its products, exclusive offers and discount campaigns, as well as news about its operations and services.
Processed data: Name, e-mail address. Controller also processes data relating to the time of subscription and the consent given. The sending of newsletters is carried out through the MailChimp system, which allows the Controller to know the following data of the sent mailings:
Data subjects: Subscribers to the newsletter service of the Controller.
Legal grounds of processing: The legal ground of processing through the sending of newsletters is Article 6(1)(a) of the Regulation, i.e. the processing of personal data is based on the consent of the data subject.
Data preservation deadline: the data are processed until the data subject’s consent is withdrawn. The data subject can unsubscribe from the newsletter at any time by clicking on the unsubscribe link in the newsletters automatically or by sending a request for unsubscription to privacy@mateco-hungary.hu.
Data source: The source of the data is the data subject.
Processors, recipients:
Consequence of failure to provide personal data: The provision of personal data is mandatory, if the data subject does not provide the data to the Controller, the Controller is not in a position to provide the service intended to be used by the data subject.
Legitimate interest of the Controller, if applicable: Not applicable.
3.6.1. Presentation of the Controller
Mateco-Hungary Korlátolt Felelősségű Társaság (hereinafter: ‘Company’, ‘Controller’, ‘We’) has prepared the following Cookie Notice to ensure the lawfulness of its personal data processing related to the use of cookies on the Company’s website (hereafter: “Website”): https://www.mateco-hungary.hu/ , to fulfill its obligation to provide information on the data processing, to describe the characteristics of the processing, in particular the reasons for collecting personal data and the use of those personal data, and to safeguard the rights of data subjects accordingly.
| Name of Controller: | Mateco-Hungary Korlátolt Felelősségű Társaság |
| Company reg. no. of the Controller: | 03-09-108514 |
| Registered office of the Controller: | 6000 Kecskemét, Izsáki út 8, Building B |
| E-mail of the Controller: | privacy@mateco-hungary.hu |
| Representative of the Controller: | Csaba Farkas, Managing Director |
| Data protection officer of the Controller: | Bovard Kft. |
| Contact information of the data protection officer: | info@bovard.hu |
The Company processes personal data in accordance with all applicable laws, but primarily in accordance with the provisions of the following legislations:
Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: ‘Infotv.’);
Regulation of the European Parliament and of the Council (EU) 2016/679 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: ‘Regulation’ or ‘GDPR’),
The Company processes personal data confidentially and takes all necessary technical and organisational measures to promote IT, information security and other secure data processing in order to preserve the confidentiality of the data.
As Controller, we are responsible for the collection of visitors’ requests made to our site and the transmission thereof to third party service providers mentioned in point 6 below and to their partners. We are also responsible for data processing carried out for the purposes we pursue in connection with cookies essential for the operation of our site, statistics cookies and comfort cookies (see point 3.6.4 below).
3.6.2. Definitions
The terms in this Cookie Notice correspond to the interpretative term definitions in Article 4 of the Regulation, and in certain points supplemented with the interpretative provisions of Section 3 of the Infotv.
When this Cookie Notice refers to data or processing, it is to be understood as personal data and their processing.
3.6.3. What is a cookie?
Cookies are small text authentication and information collection files placed by the browser onto the user’s device when visiting a website. A cookie consists of a unique code and is primarily used to distinguish computers and other devices that download the web page. Cookies have multiple functions, including collecting information, remembering user preferences, and allowing the website owner to learn about user habits to enhance the user experience.
Over the years, new technologies (also called “trackers”) have appeared to supplement or replace cookies, mainly for the purpose of tracking, profiling and targeting. These are for example “fingerprinting” technologies (digital imprint of the terminal), invisible pixels (“web beacons”), “shared objects” (sometimes called “flash cookies”) or even all the identifiers generated by operating systems to identify the user. Insofar as the user of these similar technologies requires the filing or reading of information on the user’s terminal, the same regime as for “classic” cookies is applicable to them.
Cookies can be sent either directly by the server that hosts the visited website or by a third-party server to which the website may have transmitted the visitor’s request. Cookies can only be read by the server that placed it.
3.6.4. For what purposes do we use cookies?
The website uses cookies for the following purposes:
Cookies necessary for the operation of the Website;
Cookies processed for statistical purposes;
Marketing cookies.
Cookies on our Website can be placed either directly by us or by the service providers with whom we cooperate or by the partners of these services providers. We may cooperate from time to time with third-party service providers who may place cookies via integrated solutions on our Website.
Some of these service providers may process personal data on their own behalf. Please consult their respective data protection policies.
The information collected by cookies is not sold, leased or otherwise disclosed to third parties by the Website.
3.6.4.1 Essential cookies- necessary for the operation of the Website
Those cookies are required to enable the visitor to navigate our Website and to use certain parts of them. They allow to:
Keep the choice expressed by the visitor on the placing of cookies;
Securely access to visitor’s personal account;
Maintain connection to visitor’s personal account during his/her visit;
Establish statistics of visits and/or performance;
Interact with our site (fill-in forms) or navigate between different pages of our website.
Detailed information about the essential cookies currently used by the Website is provided through the Website’s cookie manager.
3.6.4.2 Statistical cookies – processed for statistical purposes
Statistical cookies enable us to measure the use of our website and to evaluate it in order to optimise our offer for our visitors. When we receive from our service providers statistics that have been compiled using cookies on our website, we only receive such data in aggregated form. We do not have access to any information about a specific visitor’s interaction with our website.
Statistics cookies will not be installed on visitor’s browser unless they have explicitly consented to this cookies. Such cookies will collect information on number of visitors on our Website, number of sessions, duration of sessions, pages view per minute, top active pages, active visitors, average session duration, bounce rate, new users count, number of sessions per user, page views, pages per session, new or returning visitors, demographics such as language preferences, user’s country and user’s city, browser, operating system, mobile device operating system, mobile device screen resolution, source of traffic (direct, paid search, organic search, referral or other), user retention, users by time of the day, ClientID (a unique ID that Google Analytics assigns to each device from which users engage with content), date last seen, device category, device platforms, acquisition date, channels, related campaign to the user, age , gender, interests (affinity category/reach, in-market segment, other categories) and social network referrals.
Detailed information about the statistics cookies currently used by the Website is provided through the Website’s cookie manager.
Specific information in relation to Google Analytics
In order to design our pages to meet visitors’ needs and constantly optimise them, we use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland – hereinafter “Google”.
In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about visitor use of our site, such as:
Browser type/version;
Operating system used;
Referrer URL (the page previously visited);
Host name of the accessing computer (IP address),
Time of server request
are transmitted to a Google server in the United States and stored there. The information is used to evaluate the use of our site, to compile reports on our site activities and to provide other services related to the use of our site. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf.
Visitors’ IP address will under no circumstances be merged with other Google data. IP addresses are processed in such a way that an allocation is no longer possible (IP masking).
Personal data protection laws in the US may differ from the protection granted in the EU and can therefore only guarantee a lower level of protection. If personal data is processed by Google Analytics in the USA, this will be done on the basis of appropriate privacy and security measures to ensure the protection of visitors’ data. Google will enter into the EU standard clauses for this purpose.
Visitors prevent the collection of the data generated by the cookie relating to visitors use of the site (including visitors IP address) and the processing of this data by Google by downloading and installing an add-on for your browser (https://tools.google.com/dlpage/gaoptout?hl=en).
Further information on data protection in Google Analytics can be found on Google’s website, Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).
3.6.4.3 Comfort cookies
Comfort cookies aim to personalise the visitor’s experience when navigating our Website, in particular by recommending content based on visitor’s interest.
Such cookies are used to deliver the most relevant and targeted content to specific audiences. They are specifically designed to gather information from visitors on their device to display advertisement based on topics that interest the visitors. Additionaly, another purpose of these cookies is to build visitor profiles following their visit on the Website in order to gather statistics on the Website performance as well.
Detailed information about the comfort cookies currently used by the Website is provided through the Website’s cookie manager.
3.6.5. On what legal ground do we use cookies?
We process cookies necessary for the operation of the website pursuant to Article 6 (1) f) of the GDPR on the basis of our legitimate interest. These cookies are essential for the proper functioning of the site. If the visitor opposes the use of these cookies, the proper functioning of our website will no longer be guaranteed.
The legal basis for the processing of other cookies (statistical, marketing cookies) is the consent of the visitor acting as a data subject. This consent can be withdrawn at any time through the cookie manager.
3.6.6. International transfer of personal data through cookies
Information collected via the Statistics and Comfort cookies may be shared with third parties established outside the European Union or the European Economic Area and therefore such processing may potentially not provide the same level of protection to the personal data subject to such transfer. Visitor’s consent is therefore required for the Statistics and Comfort cookies as detailed in the Cookies Settings when login into the Website.
For more information relating to the safeguards mechanisms provided by Google when transferring visitors’ personal data outside the European Union or the European Economic Area, please visit the following link : https://business.safety.google/compliance/?hl=en.
3.6.7. Exercising of data subject rights
The data subject’s rights in relation to the data processing are set out in point 7 below.
3.6.8. How can you manage and turn off cookies?
We use a cookie manager on our website, which allows you to quickly and easily allow the use of cookies. Where cookies are not strictly necessary for the Website to function, we will seek your consent when you first visit the Website.
In addition, all modern browsers allow visitors to change their cookie settings. Most browsers automatically accept cookies by default, but these settings can usually be changed to prevent automatic acceptance and each time you are offered the choice of whether or not to allow cookies.
As cookies are intended to facilitate or enable the usability and processes of the website, by preventing the use of cookies or their deletion, users may not be able to fully use the website functions or the website may not function as intended in their browser.
For information on cookies used by other websites, which may be hyperlinked to the Website, please refer to the relevant privacy or cookies notices herein.
You can see more information on the cookie settings of the most popular browsers on the following links:
Generic information about the management of cookies can be found here: https://www.aboutcookies.org/.
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform=Desktop
Microsoft Edge: https://support.microsoft.com/en-us/windows/microsoft-edge-browsing-data-and-privacy-bb8174ba-9d73-dcf2-9b4a-c582b4e640dd
Opera: https://help.opera.com/en/presto/browser-behavior/#cookies
The Company does not use automated decision-making or profiling for any of the processing described by it.
The Controller will not transfer personal data to third countries or international organisations, other than through the MailChimp mailing system used in connection with the newsletter service.
In providing its services, the Company uses the following processors:
Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) – Our cloud and email service provider (Office 365) and for our data processors and other recipients, data is transferred via Microsoft SharePoint.
The Rocket Science Group, LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA) – Operator of the MailChimp mailing system used by our Company to deliver our newsletter.
The processor may process the personal data of the data subject solely for the purposes specified by the Controller and contractually agreed upon, in accordance with the Controller’s instructions, and has no autonomous decision-making power with regard to the processing of the data. The Processor has undertaken confidentiality obligations and contractual guarantees regarding the retention of personal data obtained in the course of its tasks.
The data subject has the right to receive information relating to the processing, which the Company provides by making this Notice available.
If the legal ground of the processing is the consent of the data subject, they have the right to withdraw their consent to the processing at any time. However, it is important to know that the withdrawal of consent can only apply to data for which there is no other legal ground for processing. Unless there is another legal ground for the processing of the personal data concerned, the Company will permanently and irrevocably erase the personal data after the withdrawal of the consent. However such withdrawal will not affect the legality of the processing activities performed with the data subject’s consent, prior to the withdrawal.
At the request of the data subject, the Company shall at any time provide information on whether the processing of the data subject’s personal data is in progress and, if so, provide access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of the personal data concerned;
c) the recipients or categories of recipients to whom the Company has communicated or will communicate the personal data, including in particular third country recipients or international organisations;
d) the intended preservation period of the personal data or, if this is not possible, the aspects of determining such a preservation period;
e) the data subject shall also be informed of their right to request the Company to rectify, erase or restrict the processing of personal data concerning them, as well as their right to object to the processing of such personal data;
f) the right to lodge a complaint with a supervisory authority or to initiate legal proceedings;
g) if the data were not collected directly from the data subject by the Company, all available information on the source of the data;
h) if automated decision-making takes place, the fact of this, including profiling, and at least in these cases, the logic used, i.e. the significance of such processing and the expected consequences for the data subject.
The data subject has the right at any time to have inaccurate personal data concerning them rectified at their request without undue delay. Taking into account the purpose of the processing, the data subject is also entitled to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement.
If a request is made to rectify (modify) the data, the data subject must prove the validity of the data requested to be modified, and they must also prove that the person requesting the data to be modified is entitled to do so. This is the only way for the Controller to judge whether the new data is real and, if so, whether to modify the previous data.
The Controller further draws attention to the fact that the data subject should announce the change in their personal data as soon as possible, facilitating lawful processing and the enforcement of their rights.
At the request of the data subject, the Company is obliged to erase the personal data of the data subject without undue delay if one of the following reasons exists:
a) the Company no longer requires the personal data for the purpose for which it was collected or otherwise processed;
b) in the case of consent-based processing, the data subject withdraws the consent on which the processing is based and there is no other legal ground for the processing;
c) the data subject objects to the processing and there is no overriding legitimate reason for the processing, or objects to the processing for the purpose of direct business acquisition;
d) the personal data is unlawfully processed by the Company;
e) the personal data must be erased in order to fulfil a legal obligation under Union or Member State law applicable to the Company;
f) the personal data were obtained in connection to the provision of services relating to the information society.
The data subject has the right to request the restriction of processing by the Company if any of the following criteria apply:
a) they contest the correctness of their personal data; in such cases the restriction shall only apply to the time period necessary for the Company to verify the correctness of the personal data;
b) the processing is unlawful and they oppose the erasure of the data, instead they request the restriction of their use;
c) the Company no longer needs the personal data for data processing purposes, but the data subject requests the data for the submission, enforcement or defence of legal claims; or
d) the data subject objected to the processing; in such cases the restriction shall only apply to the time period necessary to determine whether the Company’s justified needs precede the needs of the data subject.
Where the processing of personal data is based on a legitimate interest of the Controller (Article 6 (1) f) of the Regulation) or the processing is necessary for the performance of a task performed in the exercise of a public authority conferred on the Controller (Article 6 (1) e) of the Regulation) the data subject shall have the right to object at any time to the processing of their personal data, including profiling based on those provisions, for reasons related to their own situation.
If the data subject’s personal data is processed by the Company for the purpose of direct business acquisition (i.e. sending notification letters), they have the right to object at any time to the processing of personal data concerning them for this purpose, including profiling, if it is related to direct business acquisition. If the data subject objects to the processing of their personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose.
The data subject is entitled to receive the personal data concerning them and made available to the Company, in a structured, widely used, machine-readable format, and is entitled to request the Company to transfer such data to another data controller, if:
a) the processing is based on the data subject’s consent or a contract pursuant to Article 6 (1) b) of the Regulation; and
b) the processing activity is an automated process.
Where the legal basis for the processing of personal data is the legitimate interest of the controller or of a third party within the meaning of Article 6(1)(f) of the Regulation, a written “interests assesment test” will be carried out pursuant to preamble paragraph 47 and Article 5(2), which the data subject may request by sending an e-mail to privacy@matecohungary.hu.
The data subject may exercise the above rights by sending an e-mail to privacy@mateco-hungary.hu, by sending a letter through the post to the registered office of the Company, or in person at the registered office of the Company. The Company starts assessing and fulfilling the request of the data subject without undue delay upon receipt. The Company informs the data subject of the measures taken based on the request within 30 days of its receipt. If the Company is unable to comply with the request, it shall inform the data subject of the reasons for the refusal and the right of appeal within 30 days.
Within five years after the death of the data subject, the rights of the deceased specified in this Notice, to which the deceased was entitled while alive, may be exercised by the person authorised by the data subject with an administrative order or a statement made to the Controller contained in a public document or a private document with full probative value, and if the data subject made more than one statement to the Controller, by the statement made at a later date. If the data subject did not make an equivalent statement, then, even in the absence thereof, their close relative under the Civil Code is entitled to exercise the rights of the deceased, to which they were entitled while alive, within the five years following the death of the data subject, as provided for in Articles 16 (right to rectification) and 21 (right to objection) of the Regulation and, if the processing was already illegal in the life of the data subject or the purpose of the processing ceased with the death of the data subject, Articles 17 (right to erasure) and 18 (right to restrict processing) of the Regulation. A close relative, who is the first to exercise this right shall be entitled to exercise the rights of the data subject under this paragraph.
In order to enforce their right to judicial remedy, the data subject may apply to a court against the Company, if, in their opinion, the Company or the processor commissioned by it or acting on its instruction is processing their personal data in violation of the provisions specified in the legislation on the processing of personal data or in the mandatory legal acts of the European Union. The court shall hear such cases in priority proceedings. The case falls within the competence of the general court. If so requested by the data subject, the lawsuit may also be brought before the general court in whose jurisdiction the home address or temporary residence of the data subject or the registered office of the Company is located (Kecskemét General Court).
Anyone is entitled to request an investigation from the National Authority for Data Protection and Freedom of Information (NADPFI) against the Company through a notification (complaint), on the grounds that an infringement occurred or is imminent with regard to the processing of personal data, or that the Company restricts the exercising of their rights related to processing or rejects their request to enforce these rights. The notification can be made at one of the following contact details:
National Authority for Data Protection and Freedom of Information (NADPFI)
Postal address: 1363 Budapest, P.O. Box: 9
Address: 1055 Budapest, Falk Miksa utca 9-11.
E-mail: ugyfelszolgalat@naih.hu
URL: naih.hu
2021. 09. 01.