I. INTRODUCTORY PART
The Data Controller is committed to the protection of the personal data of its customers, therefore it pays special attention to the collection, processing, use, processing and possible transfer of personal data in accordance with the following legislation:
- Act CXII of 2011 on the right to information self-determination and freedom of information. law,
- Act CVIII of 2001 on certain aspects of electronic commerce services and information society services. law,
- Act CXIX of 1995 on the management of name and address data for the purpose of research and direct business acquisition. law as well
- Regulation 2016/679 / EU on the protection of individuals with regard to the processing of personal data and on the free movement of such data, applicable from 25 May 2018, ie the GDPR, and
- Act V of 2013 on the Civil Code and
- comply with the provisions of other relevant legislation, national and international recommendations.
Furthermore, the right to the protection of personal data is a fundamental constitutional right according to the Basic Law of Hungary (Article VI (2)), according to which the whole process of data processing must be traceable and controllable for everyone, ie everyone has the right to know who, where, when, for what purpose use his personal information.
The Data Controller may use the personal data obtained only for the purpose and in the manner specified in the Regulations, may not disclose it to third parties in any way other than the procedure set forth in these Regulations, and is obliged to refuse all forms of data access and use.
The purpose of the Regulations is that by applying the practice in accordance with the provisions of the Regulations and observing the principles of data management, the Data Controller ensures the enforcement of data security requirements and prevents unauthorized access, alteration and disclosure of personal data. All this is done by the Data Controller taking into account the rights of the data subjects.
All data subjects who contact the Data Controller will be informed about this data management policy.
II. DESIGNATION OF DATA CONTROLLERS
Data Manager: Kern Communications Systems KFT.
Headquarters: 1139 Budapest, Váci út 95.
Company registration number:
III. PURPOSE AND LEGALITY OF DATA PROCESSING
Personal data is processed only to the extent necessary for the Data Controller to perform his / her duties / activities, due to the exercise of his / her rights or the fulfillment of his / her obligations. Data management must always comply with the purpose limitation principle. Data processing is lawful if at least one or more of the purposes listed below together justify the data processing.
Purpose of data management:
- the data subject has consented to the processing of his or her personal data for one or more specific purposes; in the case of personal data necessary for the conduct of the proceedings in court or official proceedings initiated at the request or initiative of the data subject, in other cases initiated at the request of the data subject, the consent of the data subject shall be presumed in respect of personal data provided by him or her.
-Performance of a contract / agreement in which the data subject is also involved with the data subject, or
- data processing for the purpose of taking steps at the request of the data subject prior to concluding a contract with the Data Controller / assignment to the Data Controller, or - with the data subject's consent, or the exercise of an interest is proportionate to the restriction of the right to the protection of personal data without further specific consent, and the controller may process personal data even after the withdrawal of the data subject's consent,
- the data processing is necessary for the fulfillment of the legal obligation to the Data Controller, in which case in the case of data processing prescribed by a given legal act, data processing may only take place for the purpose specified in the legal act authorizing the data processing.
With regard to this data management purpose, the relevant legal requirements of the Data Controller are as follows:
- in the case of those engaged in the activities of lawyers, persons engaged in real estate transactions, auditors, accounting (bookkeepers), tax experts, certified tax experts, tax consultants on the basis of assignments or business relationships - LIII. TV. - for the purpose of customer due diligence pursuant to the Chapter on Customer Screening Measures (§§ 7-11) of the Act on the Prevention and Suppression of Money Laundering and Terrorist Financing.
- CXXVII of 2007 TV. - the processing of personal data for the purpose of fulfilling the provisions of the Act on Value Added Tax concerning the obligation to issue invoices and the data content of the invoice (§ 158 / A - § 178).
ARC. INTERPRETATIVE PROVISIONS
Any natural person identified or identifiable, directly or indirectly, on the basis of personal data;
Data relating to the data subject, in particular the name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities of the data subject, and a conclusion to be drawn from the data concerning the data subject;
A voluntary and firm statement of the data subject's will, based on adequate information, giving his or her unambiguous consent to the processing of personal data concerning him or her, in whole or in part;
A statement by the data subject objecting to the processing of his / her personal data and requesting the termination of the data processing or the deletion of the processed data;
A natural or legal person, or an organization without legal personality, which either alone or jointly with others determines the purpose of the processing, makes and implements decisions on the processing (including the means used) or implements it with the processor;
-Irrespective of the procedure used, any operation performed on the data or a set of operations, in particular the collection, recording, recording, systematisation, storage, alteration, use,
-retrieval, disclosure, coordination or interconnection, blocking, erasure and destruction of data and
-recording sound or images and recording physical characteristics capable of identifying a person (eg fingerprint or palm print, DNA sample, iris image);
Making the data available to a specific third party;
Making data available to anyone;
Making the data unrecognizable in such a way that it is no longer possible to recover it;
Identifying the data to distinguish it;
Complete physical destruction of the data carrier;
Performing technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
A natural or legal person or an organization without legal personality who carries out the processing of data under a contract, including a contract concluded in accordance with the provisions of law;
The set of data managed in one record;
A natural or legal person or an organization without legal personality who is not the same as the data subject, the controller or the processor;
A Member State of the European Union and another State party to the Agreement on the European Economic Area and a State of which a State party to the Agreement on the European Economic Area is a national under an international agreement concluded between the European Union and its Member States and a State not party to the Agreement on the European Economic Area enjoys the same legal status as a national of a State;
Any non-EEA state;
1.Subscribe to newsletter
We send a newsletter regularly (1 or 2 per week) to those who are interested in netTerrain. In our newsletters we report on current events, we send you our current news about…. Thus, we give news primarily…. . When you subscribe to a newsletter, we collect your name and email address, the date of your subscription, and your IP address. The legal basis for data collection is your consent. Providing this information is completely voluntary, if you do not consent, we will not be able to send you our newsletter to send you up-to-date information such as…. Does this mean that if I provide my name and email address, Shared Data Controllers will keep my personal information indefinitely? Of course not, if you request, we will delete your personal information. You can unsubscribe from our newsletter at any time with the push of a button in any of our emails, at the link at the bottom of the email, your details will be deleted and we will not send you any further newsletters. We will process your data as long as you do not unsubscribe from the newsletter. You can also request the deletion of your personal data by post or by e-mail.
2. Contact page
On the contact page you can ask us questions about our services and request a quote from us. Please do not provide us with any personal information that is not required during the bidding phase. Should this be necessary, we will keep your information confidential. As we are interested in selling our services, we will interpret your information as sharing your information with us in preparation for a possible future contract. Providing this information is voluntary, if we do not receive enough information to respond, we may not be able to fulfill your request or we may not be able to make an offer. We look forward to your satisfaction and welcome you to our contracted clients / customers soon. We will keep your data until the expiry date of the civil claim, which is 5 years according to the current legislation.
3. Ordering a service
When ordering a service, we will process your requested data for the purpose of concluding the contract and fulfilling the order. The legal basis for data management is contract performance. We will keep your data until the expiration date of the civil claim, this is 5 years according to the current legislation, except for your personal data on invoices, we will keep it for a business year closed in accordance with these mandatory legal regulations + 8 years. Please note that after completing the contract, we will only use your name and e-mail address for your own purposes to send you an edm, so that you can be informed about our next publications, trainings and educational materials. Your data processed in this way: name, e-mail address In this case, the data is processed in a legitimate interest, as according to the GDPR, the processing of personal data for direct business purposes can also be considered a legitimate interest, for example when there is a relevant and appropriate relationship. between the data subject and the controller. The data controllers have performed the balancing test, and a relevant statutory relationship as author and performer exists between the stakeholders as former customers. it is in the legitimate business interest of the readers and customers who have already expressed their interest in their work to be verified by a specific purchase, to reach them again with their new offers and publications. As a result of the balance of interests, it was concluded that the interests of the parties concerned are not disproportionately harmed, the e-mails received in this way do not fall under the weight of unsolicited letters and the right to protest is maximally guaranteed. You can send us your protest against the data processing by post to the address or by e-mail, and you can unsubscribe from the mailing list at any time by clicking on the link developed for this purpose at the bottom of any newsletter. Even in the event of a protest or unsubscription, your personal data will be deleted immediately.
4. Customer relations and other data management
If you have any questions or problems while using our services, you can contact us in the ways provided on the website (telephone, e-mail, social networking sites, etc.). Incoming e-mails, messages, telephone data will be deleted together with your name and e-mail address, as well as any other personal data you have voluntarily provided, up to two years after the communication. During our service, data processing not listed in this information may occur. In such a case, when recording the data, we will provide information in writing - orally orally - on how, for what purpose, on what basis we will process your data during the current data collection, how long we will keep it and what your rights are in relation to data processing. We are obliged to provide information, communicate and hand over data, or make documents available at the request of an exceptional authority or in the case of other bodies based on the authorization of legislation. In such cases, personal data will only be provided to the requester if it has indicated the exact purpose and scope of the data to the extent and to the extent strictly necessary to achieve the purpose of the request.
5. Social sites
We keep in touch with you on social media, including Facebook / Twitter / Youtube / Instagram, etc. You can see your name registered on social networking sites and your public profile picture if you have registered for these social networking sites and allow the social networking site operator during your settings. Data management is carried out on social networking sites, so the duration and method of data management, as well as the possibilities of deleting and modifying data are regulated by the given social networking site.
Who gets your data?
Your personal data may be processed by our employees as well as by the data processors who have entered into a written data processing contract with us. Your data may only be processed by our employees, data processors and their direct employees to the extent necessary to achieve the purpose of the data processing and for the period provided by the legal basis. The data processors do not make an independent decision, they are only entitled to act in accordance with the contract concluded with us and the instructions received. We control the work of our data processors, our data processors are only entitled to use additional data processors with our consent. Data processors used by Kern Communications Systems as Data Controller:
Management of technical data and cookies
If we display various content on the website with the help of external web services, it may result in the storage of some cookies that are not supervised by XY Kft. As the Data Controller, so we have no influence on what data these websites or external domains collect. These cookies are described in the regulations for the given service.
Use Google Ads Conversion Tracking
1. We use an online advertising program called "Google Ads" as your Data Manager and use Google's conversion tracking service as part of it. Google Conversion Tracking is an analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; "Google"). 2. When a User accesses a website via a Google ad, a cookie is used on their computer to track conversions. These cookies have limited validity. 3. When the User browses certain pages of the website and the cookie has not expired, both Google and the Data Controller can see that the User has clicked on the advertisement. 4. Each Google Ads customer receives a different cookie, so they cannot be tracked through Ads customers' websites. 5. The information obtained through the conversion tracking cookies is used to generate conversion statistics for Ads conversion tracking customers. This is how customers find out the number of users who clicked on your ad and were redirected to a page with a conversion tracking tag. 6. If you do not wish to participate in conversion tracking, you can opt out by disabling cookies in your browser. You will then not be included in your conversion tracking statistics. 7. More information and Google's privacy statement can be found at: google.de/policies/privacy/
Apply Google Analytics
Use Facebook ads
1. We use the Facebook advertising system as a Data Controller and within its framework
We use the Facebook pixel solution. Facebook ads are a service of Facebook Inc. (4 Grand Canal Square, Dublin Ireland). 2. When a User visits a website, a cookie is placed on their computer after consent. These cookies have limited validity. 3. When the User browses certain pages of the website and the cookie has not yet expired, both Facebook and the Data Controller can see which User has visited the website and what pages have been viewed. 4. Each visitor receives a different Facebook cookie 5. The information - which we obtained using Facebook cookies - serves the purpose of enabling us to display ads more accurately to our website visitors and to provide conversion information. 6. If you do not wish to participate in conversion tracking, you can opt out by disabling cookies in your browser. You will then not be included in your visit or conversion tracking statistics. 7. With the help of a cookie installed by Facebook Pixel, we also collect events such as page visits, cart page views or purchases after their express consent from visitors to our website. 8. If a website visitor withdraws their consent to the operation of Facebook pixels, the related cookies will be deleted from your browser after reloading the page. 9. You can change your own advertising preferences within Facebook via this link: https://www.facebook.com/ads/preferences 10. Facebook privacy information can be found here: https://www.facebook.com/privacy
As Data Controllers, we comply with the legal regulations, we process personal data only on the legal basis specified by law, we comply with the principles of personal data processing. Together with the definition of a few concepts, we have compiled these legal bases and principles for you at the end of our data management information so that you can find out more about them here as well.
1. "personal data" shall mean any information relating to an identified or identifiable natural person ("data subject"); identifies a natural person who, directly or indirectly, in particular by reference to an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identified; 2. "processing" means any operation or set of operations on personal data or files, whether automated or non-automated, such as collection, recording, systematisation, sorting, storage, transformation or alteration, retrieval, consultation, use, communication, transmission or dissemination; by other means of access, coordination or interconnection, restriction, deletion or destruction; 3. "controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law; 4. "processor" means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller; 5. "recipient" means a natural or legal person, public authority, agency or any other body to whom personal data are communicated, whether a third party or not. Public authorities that may have access to personal data in the framework of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing; 6. "third party" means any natural or legal person, public authority, agency or any other body which is not the data subject, controller, processor or persons who, under the direct control of the controller or processor, process personal data; authorized to deal with; 7. "data subject's consent" means the voluntary, specific and duly informed and unambiguous statement of the data subject's intention, by means of a statement or unambiguous statement of consent, to consent to the processing of personal data concerning him or her; 8. "data protection incident" means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data which have been transmitted, stored or otherwise handled.
Principles for the processing of personal data
1. kebe carried out lawfully and fairly and in a way that is transparent to the data subject ("legality, fairness and transparency"); 2. be collected only for specified, explicit and legitimate purposes and not be treated in a way incompatible with those purposes; further processing for data purposes for archiving in the public interest, for scientific and historical research purposes or for statistical purposes ("purpose limitation") shall not be considered incompatible with the original purpose; 3. they must be appropriate and relevant to the purposes of the processing and must be limited to what is necessary ("data saving"); 4. be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without delay ("accuracy"); 5. it must be stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period only if the personal data are processed for archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the appropriate technical and organizational measures provided for in this Regulation to protect the rights and freedoms of data subjects (‘limited storage capacity’); 6. processing must be carried out in such a way as to ensure adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage to personal data ("integrity and confidentiality"), using appropriate technical or organizational measures. The controller is responsible for compliance with the above and must be able to demonstrate such compliance ("accountability").
Legal basis for data management
The processing of personal data is lawful only if and to the extent that at least one of the following is met: 1. the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes; 2. the processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to the conclusion of the contract; 3. the processing is necessary for the fulfillment of a legal obligation to the controller; 4. the processing is necessary in order to protect the vital interests of the data subject or of another natural person; 5. the processing is necessary for the performance of a task carried out in the public interest or in the exercise of a public authority conferred on the controller; 6. the processing is necessary for the protection of the legitimate interests of the controller or of a third party, unless those interests take precedence over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular when the child concerned.
Budapest, 2020 05.06