1) Bay Zoltán Közhasznú Kft., as the controller and processor of the personal data, processes and records the data itself and does not entrust the task to a third party (hereinafter referred to as the “Controller”).
2) The Controller will not use the information obtained for profiling purposes, will not carry out such activities, and will not transfer data to third parties for profiling purposes. Personal data are stored in the records system only for the time necessary to achieve the purposes for which the personal data are processed.
– controller: the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller’s designation may also be determined by Union or Member State law;
– data subject: any specified natural person who is identified or can be identified, directly or indirectly, on the basis of personal data;
– personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
– third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.
4) Data of Controller
Name of Controller: Bay Zoltán Alkalmazott Kutatási Közhasznú Nonprofit Kft.
Address of Controller: H-1116 Budapest, Kondorfa utca 1.
5) Legal basis for processing: The legal basis for processing is the informed, explicit and voluntary consent of the Data Subject (Act CXII of 2011 on the Right of Informational Self-Determination and the Freedom of Information, hereinafter referred to as “Information Act” [Section 5 (1) a)])
6) The Data Subject may withdraw his or her prior consent at any time without time limit. Withdrawal of consent covers all the Data Subject’s data processed together, but does not affect ongoing performance.
7) Scope of processed data
– the IP address of the computer of the data subject and the address of the pages viewed;
– the type of tool used for browsing;
– by special consent: place of residence;
– by special consent: e-mail address (for sending newsletters)
In no case will the Controller collect sensitive personal data.
8) Provision of personal data
The Data Subject may, at any time, request information about his or her rights in relation to the personal data processed, and may submit a request to exercise his or her rights at firstname.lastname@example.org. The Controller shall, upon the Data Subject’s request, provide full information on the scope of the data managed by the Controller and the data processed by the processor, the legal basis, the purposes and duration of the processing and the circumstances of the consent. The Controller may exceptionally refuse to provide the information, and shall inform the Data Subject thereof, stating the exact reason and legislation.
9) Rights of the Data Subject in relation to the processing of their personal data
The Data Subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, may have access to the personal data and the information listed in the Regulation (right of access).
The Data Subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her (right to rectification).
The Data Subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data relating to the Data Subject without undue delay under specified conditions (right to erasure).
The Data Subject has the right to obtain, at his or her request, the restriction of processing by the controller under specified conditions (right to restriction of processing) and the right to object at any time to the processing of his or her personal data on grounds relating to his or her particular situation (right to object).
The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (right to data portability).
10) Time of processing
The Controller stores personal data obtained on the basis of the Data Subject’s voluntary consent for an indefinite period.
The data will be erased:
– immediately upon the Data Subject’s request for erasure (unless they are still necessary for the fulfilment of the obligation entered into or for the exercise of rights, until the fulfilment of the obligation or the exercise of the right);
– when the website ceases to exist;
– when the legal basis or purpose of the processing ceases to exist.
11) Persons having access to the data
The data may primarily be accessed by the Controller, its internal staff and persons entrusted with the processing of the data, and shall not be disclosed, transferred to third parties or used for any other purposes than those set out in the Data Processing Statement. The Controller will not transfer personal data to third parties.
12) Data security
The processor shall ensure the security of the personal data processed by providing the necessary technical and organisational measures, equipment and procedures to protect personal data against unauthorised or unlawful processing, loss, destruction or damage.
For the purpose of sending targeted promotional mailings, the personal data of the Data Subject will only be used on the basis of the Data Subject’s specific consent, other than for other purposes. To this end, the Data Subject gives his or her consent voluntarily and expressly by his or her active conduct.
If the Data Subject unsubscribes from the newsletter, the Controller shall erase the Data Subject’s personal data from its records within a reasonable period of time.
15) Automated decision-making
The Controller does not use automated decision-making in the processing.
16) Transfer of personal data to third parties for marketing purposes
The Controller will not sell the data held.
17) Legal remedies
In the event of a personal data breach, the Data Subject may lodge a complaint with the National Authority for Data Protection and Freedom of Information or, in the case of a breach of the law, with the competent Court.
18) Miscellaneous provisions
The Controller does not verify the personal data provided to it. The person providing the information is solely responsible for its correctness. By providing an e-mail address, each Data Subject is also responsible for ensuring that the e-mail address provided is the only one from which he or she will receive services.
In the above case, the Controller shall provide all possible assistance to the acting authorities in order to establish the identity of the infringer.