In this document Szatmár Canning factory ltd. as a data manager (hereinafter: Data manager) gives information for its customers about handling personal data at the www.regeweb.hu web page.
This documents purpose
The personal data of the Data manager and the visitors of the web page, as well as interested parties who initiate contact through the web page (hereinafter: involved) are handled by the Act of 2011 CXII on Information about Self-Determination and Freedom of Information (hereinafter: Infotv.), furthermore , on the protection of natural persons regarding the management of personal data and the free flow of such data, as well as the regulation of 95/46/EC on its repeal, in unison with the European parliament and councils (EU) regulation of 2016/679 (2016. april 27th) (hereinafter: regulation, GPDR).
This way the Data manager informs the involved users of the web page involving data management, the data managed by the Data manager, its purpose, the datas preservation date, its storaging, the method of transmission, about the principles and practices that is in the management of personal data, as well as the possibilities and methods of the rights of the involved person.
The Data manager maintains the rights, to be able to modify the document unilaterally at any time.
The data manager
Szatmár Canning factory ltd. is the manager of personal data
Venue: 4762 Tyukod, Bem 85 st.
VAT number: 12109010215
contact person regarding data protection:
Email: szatmari@regeweb.hu
by the companies internal decision the company doesn’t appoint anyone to the post of Data Protection Officer, because their activity does not fall into the category where the designation of this position is mandatory.
Data processing by the data controller during the visit to the website
contact, personal data handled during general inquiries
The data managers web page consist a contact form, where those who are interested can come in contact with the Data manager regarding any type of questions. Through the contact, the inquiring persons personal data management is inevitable.
Data managements purpose: Answering the questions of the inquiring people
Legal basis for data management: the concerned voluntary, clear and express consent, based on GDPR 6. article a) point. The consent, as well as the occurrence of the information exchange, the affected people at the same time as the contact forms sending, can fill out the form by ticking in the checkbox.
The source of personal data: The personal data come from the person who initiated the contact.
scope of managed data: Name, and an availability where you can answer (e-mail address), as well as an optional phone number, also any other personal data described in the text of the message.
data retention time: Until the question is answered
place of data management: At the headquarter of the Data manager, or the IT assets found at the data processors and used by the data manager.
Method for data storage: electronic.
data transfer to a third party: data affected by the data management included in this chapter will not be forwarded.
The contact, and data processors used in case of curiosity
| Data manager | what personal data do they have access to? How can they use the given personal data? (what activity does it perform for the Data manager)? | How long can they store data for? |
| PowerPages Ltd2724 Újlengyel, Petőfi Sándor 48 st. | The sent personal data reaches us through the servers of our web pages storage providers, and this company is also our e-mail service partner as well. After filling a contact form, it generates an e-mail message, that goes through our data processors servers and is stored there. | Until we have a live contract with them |
Cookies
when downloading certain parts of the www.regeweb.hu website, the web server automatically places small data files, so-called cookies, on the user’s device, and then reads them back during subsequent visits. In certain cases these data files can be considered personal data in accordance to Infotv. and GDPR, because the browser sends back a cookie that was saved before and in doing that the cookie management service provider can connect the users current visit with previous ones, but only regarding their own content.
When using the web page, it places a cookie on the user’s device for the following purposes.
- Cookies essential for operation, are placed by the web page to be able to identify the user’s work session. The web page loads the awp-wpml_current_language cookie that is absolutely necessery for the selection of the display language.
The detailed list of cookies used by the web page and it’s retention time, can be viewed when visiting the web page with the cookie banner ad pop up, that can give you more information about the matter.
More information about cookies can be viewed at this web page:
https://www.youronlinechoices.eu/
Data management’s purpose: The identification of the users work session
The legal basis for data management: the legitimate interest of the Data manager is based on GDPR’S Article 6 (1) paragraph f) point.
Scope of managed data: identification number, date and time, as well as the previously visited page.
The method of data storage: electronic
Data transfer: no data will be transfered
Data safety
The Data manager will respect the regulations concerning personal data safety, with this, both the Data manager and the authorized data processor will do every technical and organizational management, and establishes those procedural rules that are necessary for the enforcement of its rules about confidentiality and the security of data management.
The data managed by the Data manager are protected from unauthorized access, changes, transfers, disclosure, deletion or effacement, as well as accidental effacement and damage.
The data manager keeps it during its data processing:
- The secrecy: protects the information so that only the entitled person can access it;
- The integrity: protect the accuracy and completeness of the information and the method of processing;
- availability: ensures that when the authorized user needs it, they can actually access the required information and that the related tools are available.
The Data manager properly protects its IT systems and network data from internet scams, spying, fire and flood, as well as viruses and from internet hacks. The operator ensures security with server-level and application-level protection procedures. The data manager whatches over their sytems so that it can record every safety incident, and so it could serve with evidence on every security event. Besides that sytem monitoring provides with checking the effectiveness of employed precautions. compliance with the information protection measures applied by the data controller, requires and controls based on the provisions of the contracts concluded by the data processor.
Data subject rights and enforcement
Every personal data made available to the data controller by the data subject, must be true, complete and accurate in all respects
The data subject can request information about the management of their personal data, as well as they can request correction of their personal data and -with the exception of mandatory data management- deletion, withdrawal, and you can exercise your data portability and objection rights as indicated in the data collection, and the above contact details of the data controller.
right to provide information: The Data manager takes appropriate measures in order to provide data subjects with the provisions of Articles 13 and 14 of the GDPR on the processing of personal data, and according to Articles 15-22 and 34 they need to provide each and every piece of information in a concise, transparent, understandable and easily accessible form, clearly and comprehensibly worded.
The right to provide information can be exercised in writing via the contact details indicated in point 2 of this prospectus. at the request of the person concerned – after verifying their identity – information can also be given in person.
the data subject’s right of access: the person concerned is entitled to receive information from the data manager, that management on their personal data is in progress, and if it is, they are entitled to have access to the following personal data and information: the data managements purpose; categories of personal data of the concerned; recipients or categories of recipients, with whom the personal data was or will be disclosed, especially including recipients in third countries, and international organizations; the planned period of storaging personal data, correction, deletion or the limitation of data management and the right to protest; the right to submit a complaint to the supervisory authority; information about data sources; the fact of automated decision making, including profil creation, as well as understandable information about the applied logic, the importance of such data management, and what are the expected consequences for the affected person. In case of transfer of personal data to a third country or to an international organization, the data subject has the right to receive information about the appropriate guarantees regarding the transfer. The Data manager provides the data subject with a copy of the personal data that is the subject of the data management. for additional copies requested by the data subject, the data manager may charge a reasonable fee in line with the administrative costs. At the request of the data subject, the data manager can provide the information in electronic form. The data manager needs to provide the information within a maximum of one month from the date of submission of the request.
right of correction: the data subject may request the correction of inaccurate personal data concerning him/her managed by the data manager and the completion of incomplete data.
right to deletion: If one of the following reasons exists, the data subject upon requesting the data manager, has the right to have the personal data regarding the person in question deleted without any delay:
– personal data are no longer needed for the purpose for which they were collected or processed otherwise;
– The data subject withdraws their consent, which is the basis of the data management, and there is no other legal basis for the data management;
– the data subject protests to the data processing and there is no overriding legal reason for the data processing
– personal data were handled illegally
– the personal data must be deleted in order to fulfill the legal obligation imposed by the EU or Member State law applicable to the data manager;
– the collection of personal data took place in connection with the offering of services related to the information society
Data deletion cannot be initiated if data management is necessary: For the purpose of exercising the right to freedom of expression and information; fulfillment of the obligation according to the EU or Member State law applicable to the data manager requiring the processing of personal data, or in the public interest or to fulfill an obligation under EU or Member State law applicable to the data manager, or for the purpose of performing a task in the public interest or in the exercise of a public authority entrusted to the data manager affecting the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, based on public interest; or to submit, assert or defend legal claims.
the right to restrict data processing: at the request of the data subject, the data manager restricts data processing if one of the following conditions is met:
– the data subject disputes the accuracy of the personal data, in this case the restriction applies to the period that allows the accuracy of the personal data to be checked;
– the data processing is illegal, and the data subject opposes the deletion of the data, and instead requests the restriction of its use;
-The data manager no longer needs the personal data for the purpose of data management, but the person concerned requires them to submit legal claims, to enforce or protect;
-The data subject objected to data management, in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data manager take precedence over the legitimate reasons of the data subject.
If data managing is subject to restrictions, with the exception of storage, personal data may only be processed with the consent of the data subject, or for the presentation, enforcement or defense of legal claims, or for the protection of the rights of another natural or legal person, or for the important public interest of the Union or a member state. The data manager informs the data subject in advance of the lifting of the limitation of data management.
right for carrying data: the data subject has the right to receive the personal data concerning him/her provided to the data manager in a segmented, widely used, machine-readable format, and to forward this data to another data manager.
right to protest: The data subject has the right to object at any time for reasons related to his own situation to the processing of his personal data necessary for the performance of a task carried out for the public interest or within the framework of the exercise of a public authority vested data manager, or for the enforcement of the legitimate interests of the data manager or a third party, including profiling based on the aforementioned provisions too. In the event of a protest, the data manager may no longer process the personal data, unless it is justified by compelling legitimate reasons that take precedence over the data subjects interests, rights and freedom, or which are related to the presentation, enforcement or defense of legal claims. If the processing of personal data takes place for the purpose of obtaining direct business, the data subject is entitled to object at any time to the processing of his/her personal data for this purpose, including profiling, if it is related to the direct acquisition of business. In case of objection to the processing of personal data for the purpose of direct business acquisition, the data cannot be processed.
Automated decision-making in individual cases, including profiling: The data subject has the right not to be covered by the scope of a decision based solely on automated data management- including profiling to -, which would have legal effects on him or affect him to a similar extent.
The above authorization cannot be applied if the data management is
– necessary in order to conclude or fulfill the contract between the data subject and the data manager;
– made possible by the EU or Member State law applicable to the data manager, which also establishes appropriate measures to protect the rights and freedom and legitimate interests of the data subject; or
– based on the express consent of the data subject.
Right of withdrawal: The data subject has the right to withdraw their consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal.
Procedural rules: The data manager informs the data subject without undue delay, and informs the data subject within one month of the receipt of the request about the measures taken following the request in accordance with Articles 15-22 of the GDPR. taking into account the complexity of the petition and the number of petitions, this deadline can be extended by another two months.
The data manager shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request. If the data subject submitted the request electronically, the information will be provided electronically, unless the data subject requests otherwise.
if the data manager does not take measures following the data subject’s request, without delay, but informs the person concerned no later than one month after receiving the request about the reasons for not taking measures, and that the person concerned can file a complaint with a supervisory authority and exercise their right to judicial redress.
The data manager provides the requested information and general information free of charge. If the data subject’s request is clearly unfounded or – especially because of its repetitive nature -excessive, the data controller may, taking into account the administrative costs associated with providing the requested information or taking the requested action, charge a reasonable fee or refuse to take action based on the request.
The data manager informs all recipients of all corrections, deletions or data management restrictions made by him, to whom or which of the personal data was disclosed, unless this proves to be impossible or requires a disproportionately large effort.
The Data manager provides a copy of the personal data to the data subject that is the subject of data management. For additional copies requested by the data subject, the data manager may charge a reasonable fee based on administrative costs. If the data subject submitted the request electronically, the information will be provided in electronic format, unless the data subject requests otherwise.
compensation for damage: Any person who has suffered material or non-material damage as a result of a violation of the regulation, is entitled to compensation from the data manager or data processor for the damage suffered. The data manager is only liable for damages caused by data managing if it has not complied with the statutory, specifically the obligations imposed on the data managers, or if you ignored the legal instructions of the data manager or acted contrary to them.
If several data managers or data processors or both the data manager and the data processor are involved in the same data management, and is responsible for damages caused by data management, each data manager or data processor is jointly and severally liable for the entire damage.
the data manager and the data processor is exempted from responsibility, if any of them prove that they are not responsible in any way for the events that caused the damage.
Official data protection procedure: the data subject can submit a complaint to the National Data Protection and Freedom of Information Authority regarding the handling of their personal data.
Name: National Data Protection and Freedom of Information Authority
Venue: 1055 Budapest, Falk Miksa 9-11 st.
mailing address: 1363 Budapest mailb. 9.
E-mail: ugyfelszolgalat@naih.hu
Web page: https://www.naih.hu
the right to go to court: in case of violation of the data subjects rights, the data subject may go to court against the data manager, regardless of the filing of the complaint. In this case the court acts out of sequence.
