On the basis Regulation (EU) 2016/679 of the European Parliament and of the Council – the General Data Protection Regulation or „GDPR” – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
Effective: from 13/08/2018
1. THE CONTROLLER
Technoplast Group Kft. (hereinafter referred to as: controller) acknowledges as binding on it the provisions of this policy, set out on the basis of the legislation in force.
Details of the controller:
Name: Technoplast Group Kft.
Address: 3561 Felsőzsolca, Bódva út 7.
Phone: +36 46 379 308
Represented by: Péter Zai, manager
DPO (if any): –
Tax No.: 23398506-2-05
Company registration No.: 05-09-022024, Company Registry Court of the Regional Court
Hosting service provider: www.microware.hu
The controller undertakes to ensure that data processing related to the operation of its website and its services complies with the current EU and Hungarian regulations.
The controller reserves the right to change this policy at any time, but undertakes the obligation of announcing and publishing any change.
2. SCOPE OF PROCESSED DATA
On the website personal data may be processed by the controller
- on the basis of a freely given consent, or
- as necessary for the performance of a legal obligation/contract
(legal basis), for the purpose of fulfilling the order of the customer, and providing customer relations services.
Types of personal data:
- forename and surname,
- phone number,
- mailing and e-mail address, or
- if different: invoicing details.
If an order is placed or customer relations are established, from the personal data the service provider shall store the name and address for a period of 8 years in accordance with the current accounting and tax acts (Act No. C of 2000), the rest of the personal data shall be erased 1 year after the last purchase.
3. DATA PROCESSING
3.1 Data processing related to ordering and delivery:
- scope of transferred data: name, delivery address, phone number
- purpose of data processing: delivery of an ordered, purchased product by courier service
- duration of data processing: 8 years in accordance with the accounting act, but for the phone number, 3 working days from the date of delivery
- legal basis: performance of a contract.
3.2 Data processing related to invoicing:
- scope of transferred data: name, address, phone number, necessary invoicing details
- purpose of data processing: bookkeeping of invoices
- duration of data processing: 8 years in accordance with the accounting act
- legal basis: compliance with a legal obligation.
3.3 Data processing related to claims:
- scope of transferred data: name, address, phone number
- purpose of data processing: collection of claims
- duration of data processing: the limitation period of claims
- legal basis: legitimate interest of the controller.
3.4. Data processing related to the IT system:
- scope of transferred data: the runtime environment and database of the IT system
- purpose of data processing: the operation, maintenance, backup and, if necessary, restoration of the Internet portal / website / service / cloud service (infrastructure service)
- duration of data processing: until the termination of the contract for data processing
- legal basis: legitimate interest of the controller.
4. PRELIMINARY INFORMATION OF THE DATA SUBJECT
The data subject shall be clearly and elaborately informed of all aspects concerning the processing of his/her personal data, such as the purpose and legal basis of data processing, the person of the controller and the processor, the duration of data processing, and the persons to whom his/her data may be disclosed.
Information shall also be provided on the rights and remedies available to the data subject relating to data processing.
5. PERSONAL DATA, THE PURPOSE, LEGAL BASIS AND DURATION OF DATA PROCESSING
The processing of all personal data concerning the data subject shall be based on the freely given consent of the data subject or compliance with a legal obligation.
5.1 Data of website visitors
During visits to the website, as controller, we record the IP address of (unidentifiable) users, the time of the visit and the title of the viewed page, – for technical reasons, and for the purpose of compiling statistics on user behaviour. These data are of statistical nature, they are not assigned to specific customers, therefore the data subject is not identifiable.
The data shall be stored on the server for a maximum of one month.
The legal basis of data processing:
- the freely given consent of the data subject person,
- the fulfilment of an order (as a contract),
- the legitimate interest of the controller.
5.2 Making contact, filling out an order form, customer correspondence
Scope of processed data: name, company name, address, phone number, e-mail address.
The messages shall be used by the recipient only for their intended purpose, if no business relationship is established, the data shall be stored by the system for a maximum of 30 days from the date of provision, if a business relationship is established, the data shall be stored and processed in accordance with the accounting and tax acts.
In this case, the duration of data processing: for data related to invoicing, in accordance with subsection (2) of Section 169 of Act No. C of 2000 on Accounting, shall be: 8 years.
Purpose of data processing: Making contact, maintaining contact, providing information, requesting a quote, ordering.
Method of collecting data: Provision of data by the data subject and his/her freely given consent to the processing of such data.
Duration of data processing: Until the withdrawal of the consent of the data subject to the processing of such data.
Legal background and legal basis of data processing:
This policy has been developed in compliance with:
- Act No. CXIX of 1995 on the processing of name and address data for the purposes of research and direct marketing
- Act No. XLVIII of 2008 on the basic requirements and certain restrictions of commercial advertising activities
- Regulation (EU) 2016/679 (of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
5.5. Data collected and processed by statistical programs during the use of the website
The Controller measures Website traffic data using the Google Analytics service. The use of the service involves the transfer of web analytics information. The transferred data is not suitable for the identification of data subjects.
Processed data: All data collected by Google Analytics.
Purpose of data processing: The data collected in this way is used to develop websites and services.
Method of collecting data:
Duration of data processing: While the service is used.
5.6. Data obtained and processed by using cookies
In order to provide a customized service, the service provider places small data files, so called cookies on the device of the user. By using the website, the user accepts that the service provider places cookies on his/her device.
Cookies do not contain personal information, and are unsuitable for the identification of individual users. Cookies often contain a unique identifier – a confidential, randomly generated set of numbers – which is stored on the device of the visitor. Some cookies expire after closing the website, while others are stored on the device of the visitor for a longer period.
The html code of the website operated by the Controller, for the purpose of web analytics measurement, may contain links form external servers and links to external servers that are independent of the Controller. The web analytics service provider does not process personal data, only data related to browsing, not suitable for identifying individual users.
By disabling or deleting cookies, the use of the website may become more inconvenient for the user.
Method of collecting data: Automatic, but not mandatory.
Purpose of data processing:
The Controller uses Google Analytics for continuously optimizing the efficiency of the website, for anonymous market analysis purposes, therefore this service provider also has access to usage data.
For information about the cookies policy of Google, please visit: https://google.com/policies/technologies/cookies.
Duration of data processing: The duration of data processing depends primarily on the settings of the browser of the visitor. The data is erased by Google after 24 months, unless the user visits the website again, then this period restarts.
Legal background and legal basis of data processing:
The legal background of data processing is Act No. CXII of 2011 on the right of informational self-determination and the freedom of information and Act No. CVIII of 2001 on certain issues of electronic commerce activities and information society services.
The legal basis of data processing, in accordance with par. a) of subsection (1) of Section 5 of Act No. CXII of 2011, is the consent of the Data Subject.
5.7. Other data processing
For data processing not specified in this policy, the controller shall provide detailed information and shall obtain the necessary consent prior to starting the data processing operation.
6. MEANS OF DATA STORAGE, DATA SECURITY
The servers hosting the website of the controller are located at http://www.microware.hu/.
6.1 Data security
In the course of data processing, the controller shall maintain:
- integrity and confidentiality: by protecting the information, so that only those authorized have access to it, and by protecting the accuracy and completeness of the information and the method of processing;
- availability: by ensuring that when authorized users need the information, they can actually access it, and the related tools are available.
Electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that lead to unfair activity, contract disputes, or the disclosure or modification of information. The service provider shall take all reasonable precautions to protect against such threats. It shall monitor the systems in order to record any security anomaly, and to have proof of all security incidents. System monitoring shall also make it possible to check the effectiveness of the precautions taken.
6.2 Data storage
The controller shall select and operate its software and IT equipment used for processing data so that the processed data:
- is available to those who are authorized to access it (availability),
- its credibility and authentication is ensured (credibility of data processing);
- its integrity is verifiable (data integrity);
- is protected against unauthorized access (data confidentiality).
The controller shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk involved in the processing personal data.
7. DATA TRANSFER
The controller shall transfer personal data necessary for ordering and fulfilling the order to its seller and/or service provider partners as permitted by legislation.
8. AVAILABLE REMEDIES
The data subject may at any time request information on the processing of his/her personal data, whether or not personal data concerning him/her is being processed, on his/her rights, the safeguards, in particular the person of the controller and processor, the legal basis, purpose and duration of data processing, the place of data storage, and the data security measures taken.
At the request of the data subject, the controller shall provide information on its activities related to data processing, and on data transfer.
The controller shall comply with the request for information within a reasonably short time, and shall provide the information requested in an intelligible form, in writing, within not more than 30 days from the request.
The information shall be provided free of charge for any category of data once a year.
Additional information concerning the same category of data may be subject to a charge, and the controller shall provide the information after the payment of such charge.
The controller shall erase any personal data if it is processed unlawfully, it is so requested by the data subject, the purpose of data processing no longer exists or the legal time limit for storage has expired, or it is so ordered by court or the National Authority for Data Protection and Freedom of Information.
When data is rectified or erased, the controller shall notify the data subject and all recipients to whom it was transferred for the purpose of data processing. Notification may be omitted if in view of the purpose of data processing the legitimate interest of the data subject is not violated by it.
The rectification or erasure of personal data may also be requested in the manner indicated at the time of registration, or through the customer service. No erasure may be requested if the data processing is prescribed by law.
The data subject shall have the right to object to the processing of his/her personal data,
- if the processing (transfer) of personal data is necessary solely for the purpose of discharging a legal obligation or for enforcing a right or legitimate interest of the controller or the recipient, unless data processing is prescribed by law;
- if personal data is used or transferred for the purpose of direct marketing, public opinion polling or scientific research; and
- the exercise of the right to object is otherwise permitted by law.
In case of an objection, the controller – by simultaneously suspending the processing of data – shall investigate the objection in the shortest possible time, and shall inform the data subject of the result in writing within not more than 15 days.
If the objection is justified, the controller shall terminate all data processing operations – including further data collection and data transfer – and block the data, and shall notify of the objection and the measures taken on the basis thereof all recipients to whom the personal data affected by the objection had previously been transferred, who shall also take the measures in order to enforce the right to object.
If the data subject disagrees with the decision made by the controller, he/she shall have the right to turn to court – within 30 days from the receipt of the decision.
The controller shall not erase the data of the data subject if data processing has been prescribed by law. However, data may not be transferred to the recipient if the controller agrees with the objection or if the court has found the objection justified.
8.4. Authority, judicial remedy
A complaint may be lodged against the activities of the controller, proceedings may be initiated at:
- Name: National Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH)
- Registered office: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
- Mailing address: 1534 Budapest, Pf.: 834
- Phone: +36 (1) 391-1400
- Fax: +36 (1) 391-1410
- E-mail: email@example.com
In the event of any infringement of his/her rights, the data subject may turn to court against the controller. The rules of territorial jurisdiction determine at which Regional Court the proceedings shall be initiated in a given case.