Briefly
We collect and process personal data only in accordance with the law.
DM mail will only be sent with your specific consent. We can send a system message without this.
We store your data as securely as possible.
We only disclose personal data to third parties with your consent.
We will provide anyone with information about the data we hold about them if they request it in writing to kitti.szephegyi@icloud.com.
You can request the deletion of your personal data at kitti.szephegyi@icloud.com.
Introduction
RPM System Kft. (1141. Budapest, Vezér utca 106.) (hereinafter referred to as the "Service Provider" or "Data Controller") is subject to the following information.
Article 20 (1) of Act CXII of 2011 on Informational Self-Determination and Freedom of Information states that the data subject (in this case the website user, hereinafter referred to as the "user") must be informed before the processing starts whether the processing is based on consent or whether it is mandatory.
Before the processing starts, the data subject must be informed clearly and in detail of all the facts relating to the processing of his or her data, in particular the purposes and legal basis of the processing, the identity of the controller and the processor, and the duration of the processing.
The data subject must also be informed pursuant to Section 6(1) of the Info Act that personal data may be processed even if obtaining the data subject's consent would be impossible or would involve disproportionate costs, and the processing of personal data would.
- necessary for compliance with a legal obligation to which the controller is subject, or
- is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and the pursuit of those interests is proportionate to the restriction of the right to the protection of personal data.
The information should also cover the rights and remedies of the data subject in relation to the processing.
Where it would be impossible or disproportionate to provide personal information to data subjects (such as in this case on a website), the information may be provided by disclosing the following information:
(a) the fact of collection,
(b) the identity of the data subjects,
(c) the purpose of the data collection,
(d) the duration of the processing,
(e) the identity of the potential controllers who have access to the data,
(f) the rights and remedies of the data subjects with regard to the processing; and
(g) where the processing is subject to registration, the registration number of the processing.
This privacy notice governs the processing of data on the following website: www.brandin.hu and is based on the content of the above content. The notice is available at: www.brandin.hu/adatvedelmitajekoztato
Amendments to the prospectus will enter into force when they are published at the above address. The legal reference will also appear behind each chapter heading in the prospectus.
Interpretative terms (§ 3)
1.any natural person who is identified or can be identified, directly or indirectly, on the basis of specific personal data;
2.personal data: data which can be associated with the data subject, in particular the name, identification mark and one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, and the conclusions which can be drawn from the data concerning the data subject;
3.special data:
a) personal data revealing racial or ethnic origin, nationality, political opinions or opinions, religious or philosophical beliefs, membership of an interest group or membership of a representative body, sex life,
b) personal data concerning health, pathological addiction and personal data concerning criminal offences;
1.consent: a voluntary and explicit expression of the data subject's wishes, based on appropriate information, by which he or she gives his or her unambiguous agreement to the processing of personal data concerning him or her, either in full or in relation to specific operations;
2.a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the erasure of the processed data;
3.the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are to be processed, takes and implements decisions regarding the processing (including the means used) or has them implemented by a processor on its behalf;
4.data processing: any operation or set of operations which is performed upon data, regardless of the procedure used, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data or any prevention of their further use, taking of photographs, sound recordings or images and any physical features which permit identification of a person (e.g. fingerprints, palm prints, DNA samples, iris scans);
5.making the data available to a specified third party;
6.disclosure: making the data available to anyone;
7.rendering data unrecognisable in such a way that it is no longer possible to recover it;
8.data marking: the marking of data with an identification mark to distinguish it;
9.to identify the data for the purpose of limiting their further processing permanently or for a limited period of time;
10.the complete physical destruction of the storage medium containing the data;
11.data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
12.a natural or legal person or unincorporated body which processes data on the basis of a contract with the controller, including a contract concluded pursuant to a legal provision;
13.data controller: the public sector body which has produced the public interest data subject to mandatory disclosure by electronic means or in the course of whose activities the data were generated;
14.the public sector body which, if the data controller does not publish the data itself, publishes on a website the data supplied to it by the data controller;
15.the set of data managed in one register;
16.third party: a natural or legal person or unincorporated body other than the data subject, the controller or the processor;
Legal basis for processing (§ 5.-6.)
1.Personal data may be processed if
lthe data subject consents, or
lit is ordered by law or by an ordinance of a local authority, within the scope and on the basis of the authorisation granted by law, for a purpose in the public interest.
1.Personal data may also be processed where obtaining the data subject's consent would involve an impossible or disproportionate effort and the processing of the personal data would.
a) necessary for compliance with a legal obligation to which the controller is subject; or
b) is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, and the pursuit of those interests is proportionate to the restriction of the right to the protection of personal data.
1.Where the data subject is unable to give his or her consent due to incapacity or for other reasons beyond his or her control, the personal data of the data subject may be processed to the extent necessary to protect his or her vital interests or those of another person or to prevent or protect against imminent danger to life, limb or property of a person, as long as the obstacles to consent persist.
1.The consent of the legal representative of a minor aged 16 or over is not required for the validity of the declaration of consent of the data subject.
1.Where the processing based on consent is intended to implement a contract concluded in writing with the controller, the contract must contain all the information that the data subject needs to know about the processing of personal data, in particular the identification of the data to be processed, the duration of the processing, the purposes for which the data are to be used, the fact of the transfer of the data, the recipients of the data, the fact of the use of a processor. The contract must unambiguously state that the data subject, by signing it, consents to the processing of his or her data as provided for in the contract.
1.If the personal data have been collected with the consent of the data subject, the controller shall, unless otherwise provided by law,
lto comply with a legal obligation to which it is subject, or
lfor the purposes of the legitimate interests pursued by the controller or by a third party, where such interests are proportionate to the restriction of the right to the protection of personal data
Purpose limitation of processing (§ 4 [1]-[2])
1.Personal data may only be processed for specific purposes, for the exercise of rights and the performance of obligations. At all stages of the processing, the purpose of the processing must be fulfilled and the collection and processing of the data must be fair and lawful.
1.Only personal data that is necessary for the purpose of the processing and is suitable for achieving that purpose may be processed. Personal data may only be processed to the extent and for the duration necessary to achieve the purpose.
Other principles of data management (§ 4 [3]-[4])
The personal data will retain this quality during processing as long as the relationship with the data subject can be re-established. The link with the data subject can be re-established if the controller has the technical conditions necessary for the re-establishment.
The processing must ensure that the data are accurate, complete and, where necessary for the purposes for which they are processed, kept up to date, and that the data subject can be identified only for the time necessary for the purposes for which they are processed.
Functional data management
1.Pursuant to Section 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, the following shall be defined in the scope of the functionality of the webshop website:
a) the fact of data collection,
b) the data subjects,
(c) the purpose of the collection,
(d) the duration of the processing,
(e) the identity of the potential controllers who have access to the data,
(f) a description of the data subjects' rights in relation to the processing.
1.Fact of data collection, scope of data processed: first and last name, e-mail address, telephone number, company name, date of registration, IP address at the time of registration.
1.Data subjects: all data subjects registered on the website.
1.Purpose of data collection: the Service Provider processes Users' personal data for the purpose of the full use of the website, e.g. to create a contract for the provision of services, to determine its content, to modify it, to monitor its performance, to bill the resulting fees and to enforce claims related to it, and to send newsletters.
1.Duration of data processing, deadline for deletion of data: immediately upon cancellation of registration. Except in the case of accounting records, since, pursuant to Article 169(2) of Act C of 2000 on Accounting, these data must be kept for 8 years.
Accounting documents (including general ledger accounts, analytical or detailed records) directly and indirectly supporting the accounting accounts must be kept for at least 8 years in a legible form, retrievable by reference to the accounting records.
1.Potential data controllers who may have access to the data: personal data may be processed by the controller's staff, in compliance with the principles set out above.
1.Description of the data subjects' rights in relation to data processing: the following data can be modified on the websites: first and last name, e-mail address, telephone number, company name. The data subject may request the deletion or modification of personal data by the following means:
lby post to 1141. Budapest, Vezér utca 106,
lby e-mail at kitti.szephegyi@icloud.com.
1.Legal basis for data processing: the consent of the User, the Infotv. Article 5(1) of the Act on Electronic Commerce Services and Certain Aspects of Information Society Services of 2001 (hereinafter: Elker Act), Article 13/A(3) of the Act on Electronic Commerce Services and Information Society Services of 2001 (hereinafter: Elker Act):
The service provider may process personal data that are technically necessary for the provision of the service. The provider must, other things being equal, choose and in any event operate the means used in the provision of the information society service in such a way that personal data are processed only to the extent strictly necessary for the provision of the service and for the fulfilment of the other purposes laid down in this Act, but even then only to the extent and for the duration necessary.
Our principles for functional data management (Elker tv. 13/A.)
1.For the purposes of invoicing the fees resulting from a contract for the provision of an information society service, the service provider may process natural person identification data, address, and data relating to the time, duration and location of the use of the information society service.
1.The service provider may process personal data that are technically necessary for the provision of the service. The service provider must, other things being equal, choose and in any case operate the means used to provide the information society service in such a way that personal data are processed only to the extent strictly necessary for the provision of the service and for the fulfilment of the other purposes laid down in the Elker Act, but even in this case only to the extent and for the duration necessary.
1.The service provider may process data related to the use of the service for any other purpose, in particular to increase the efficiency of its service, to deliver electronic advertisements or other targeted content to the user, for market research purposes, only with the prior specification of the purpose of data processing and with the consent of the user.
1.The user must be given the possibility to object to data processing before and during the use of the information society service.
1.The processed data must be deleted after the contract has not been concluded, after the contract has been terminated and after invoicing. The data shall be deleted when the purpose for which they were collected ceases to exist or when the user so requests. Unless otherwise provided by law, the deletion shall be carried out without delay.
1.The service provider must ensure that the recipient of an information society service can find out at any time before and during the use of the service which types of data are processed by the service provider for which purposes, including the processing of data that cannot be directly related to the recipient.
Cookie management (cookies)
1.Pursuant to Article 20 (1) of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, the following shall be specified in the cookie processing of the webshop website:
a) the fact of data collection,
b) the data subjects,
(c) the purpose of the collection,
(d) the duration of the processing,
(e) the identity of the potential controllers who have access to the data,
(f) a description of the data subjects' rights in relation to the processing.
Website-specific cookies are so-called "password-protected session cookies" and "security cookies", which do not require the prior consent of the data subject.
Fact of processing, scope of data processed: unique identification number, dates, times
Data subjects: all data subjects visiting the website.
The purpose of data processing: to identify users and track visitors.
Duration of data processing, deadline for deletion of data: the duration of data processing for session cookies is until the end of the visit to the websites.
Potential data controllers who may have access to the data: personal data may be processed by the controller's staff, in compliance with the principles set out above.
Description of data subjects' rights in relation to data processing: data subjects have the possibility to delete cookies in the Tools/Preferences menu of their browsers, usually under the Privacy settings.
Legal basis for processing: consent is not required from the data subject where the use of cookies or the .
The Service Provider measures the website traffic data by using the Google Analytics service. Data is transmitted when using this service. The data transmitted cannot be used to identify the data subject. For more information on Goggle's privacy policy, please visit http://www.google.hu/policies/privacy/ads/.
The website uses Google Adwords remarketing tracking codes. Remarketing is a feature that allows the website to display relevant ads to users who have previously visited the site while browsing other sites in the Google Display Network. Remarketing code uses cookies to tag visitors. Users who visit the website can disable these cookies and find other information about Goggle's privacy practices at http://www.google.hu/policies/technologies/ads/ and https://support.google.com/analytics/answer/2700409. If users disable remarketing cookies, they will not receive personalised offers from the web store.
Newsletter, DM activity
Pursuant to Article 6 of Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Economic Advertising Activity, the User may expressly consent in advance to the Service Provider contacting him/her with advertising offers and other mailings at the contact details provided at the time of registration (e.g. e-mail address or telephone number).
In addition, the Customer may, subject to the provisions of this notice, consent to the processing of personal data by the Service Provider for the purpose of sending advertising offers.
The Service Provider will not send unsolicited commercial messages, and the User may unsubscribe from receiving such offers without any restriction and without giving any reason, free of charge. In this case, the Service Provider will delete all personal data necessary for sending advertising messages from its records and will not contact the User with further advertising offers. The User may unsubscribe from advertising by clicking on the link in the message.
Pursuant to Article 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following shall be defined in the data management of newsletter distribution:
a) the fact of data collection,
b) the data subjects,
(c) the purpose of the collection,
(d) the duration of the processing,
(e) the identity of the potential controllers who have access to the data,
(f) a description of the data subjects' rights in relation to the processing.
Fact of processing, scope of data processed: name, e-mail address, (phone number) date, time.
Data subjects: all data subjects who subscribe to the newsletter.
Purpose of data processing: sending electronic messages containing advertising (e-mail, sms, push messages) to the data subject, providing information on current information, products, promotions, new features, etc.
Duration of data processing, deadline for deletion of data: data processing lasts until the consent is withdrawn, i.e. until unsubscription.
Potential data controllers who may have access to the data: personal data may be processed by the controller's staff, in compliance with the principles set out above.
Description of the data subjects' rights in relation to data processing: the data subject may unsubscribe from the newsletter at any time, free of charge.
Legal basis for data processing: the data subject's voluntary consent, the Infotv. Article 5 (1) of the Act on the Fundamental Conditions and Certain Restrictions of Economic Advertising Activities (Act XLVIII of 2008), Article 6 (5):
The advertiser, the advertising service provider or the publisher of the advertisement shall keep a record of the personal data of the persons who have given their consent within the scope specified in the consent. The data recorded in this register, relating to the recipient of the advertising, may be processed only in accordance with the consent given in the consent form, until it is withdrawn, and may be disclosed to third parties only with the prior consent of the person concerned.
1.Pursuant to Article 20 (1) of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information, the following shall be defined in the scope of the website's data transfer activities:
a) the fact of data collection,
b) the data subjects,
(c) the purpose of the collection,
(d) the duration of the processing,
(e) the identity of the potential controllers who have access to the data,
(f) a description of the data subjects' rights in relation to the processing.
The fact of data collection, the scope of data processed: the name registered on Facebook.com, youtube.com, https://www.linkedin.com/, https://plus.google.com/, https://twitter.com/, https://www.instagram.com/, https://hu.pinterest.com/ and the user's public profile picture.
Data subjects: all data subjects who have registered on the above sites and have clicked on the website.
Purpose of processing: to share or like certain content, products, promotions or the website itself on the above pages.
The duration of the processing, the identity of the controllers who may have access to the data and the rights of the data subjects in relation to the processing of the data: the data subject can find out about the source of the data, the processing of the data and the method and legal basis of the transfer at http://www.facebook.com/about/privacy/, youtube.com, https://www.linkedin.com/, https://plus.google.com/, https://twitter.com/, https://www.instagram.com/, https://hu.pinterest.com/.
The processing of data is carried out on the above websites, so the duration of data processing, the method of data processing and the possibility of deleting and modifying data are governed by the rules of the facebook.com community site:(http://www.facebook.com/legal/terms?ref=pf), (http://www.facebook.com/about/privacy/),youtube.com, https://www.linkedin.com/, https://plus.google.com/, https://twitter.com/, https://www.instagram.com/, https://hu.pinterest.com/
Legal basis for processing: the data subject's voluntary consent to the processing of personal data on the above websites.
Data security (§ 7)
The controller shall design and implement the processing operations in such a way as to ensure the protection of the privacy of data subjects.
The data controller or the data processor shall ensure the security of the data and shall take the technical and organisational measures and establish the procedural rules necessary to enforce the Info Act and other data protection and confidentiality rules.
In particular, appropriate measures shall be taken to protect the data against unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction or accidental damage and against inaccessibility resulting from changes in the technology used.
In order to protect the data files managed electronically in the different registers, an appropriate technical solution should ensure that the data stored in the registers cannot be directly linked and attributed to the data subject, unless permitted by law.
When processing personal data by automated means, the controller and the processor shall take additional measures to ensure that.
◦ the prevention of unauthorised data input;
◦ the prevention of the use of automated data processing systems by unauthorised persons by means of data transmission equipment;
◦ the verifiability and ascertainability of the bodies to which personal data have been or may be transmitted using data communication equipment;
◦ the verifiability and ascertainability of which personal data have been introduced into automated data-processing systems, when and by whom;
◦ the recoverability of the installed systems in the event of a failure and
◦ that errors in automated processing are reported.
The controller and the processor should take into account the state of the art when defining and implementing measures to ensure the security of the data. The choice between several possible processing solutions should be made which ensure a higher level of protection of personal data, unless this would impose a disproportionate burden on the controller.
Rights of data subjects (Articles 14-19)
The data subject may request the Service Provider to provide information on the processing of his or her personal data, request the rectification of his or her personal data, and request the erasure or blocking of his or her personal data, except for mandatory processing.
At the request of the data subject, the controller shall provide information about the data of the data subject processed by the controller or by a processor on its behalf, the source of the data, the purpose, legal basis and duration of the processing, the name and address of the processor and the activities related to the processing, and, in the case of transfer of personal data of the data subject, the legal basis and the recipient of the transfer.
For the purpose of monitoring the lawfulness of the transfer and informing the data subject, the controller shall keep a record of the transfer, including the date of the transfer of personal data processed by the controller, the legal basis and the recipient of the transfer, the scope of the personal data transferred and other data specified in the legislation providing for the processing.
The data controller shall provide the information in writing in an intelligible form and at the request of the data subject within the shortest possible time from the request, but not later than 30 days from the request. The information shall be provided free of charge.
Upon the User's request, the Service Provider shall provide information about the data processed by it, their source, the purpose, legal basis and duration of the data processing, the name and address of any data processor and its activities related to data processing, and - in the case of the transfer of personal data of the data subject - the legal basis and recipient of the data transfer. The service provider shall provide the information in writing and in an intelligible form within the shortest possible time from the date of the request, but not later than 30 days. The information shall be provided free of charge.Felhasználó kérelmére Szolgáltató tájékoztatást ad az általa kezelt adatokról, azok forrásáról, az adatkezelés céljáról, jogalapjáról, időtartamáról, az esetleges adatfeldolgozó nevéről, címéről és az adatkezeléssel összefüggő tevékenységéről, továbbá - az érintett személyes adatainak továbbítása esetén - az adattovábbítás jogalapjáról és címzettjéről. Szolgáltató a kérelem benyújtásától számított legrövidebb idő alatt, legfeljebb azonban 30 napon belül írásban, közérthető formában adja meg a tájékoztatást. A tájékoztatás ingyenes.
If the personal data is not accurate and the accurate personal data is available to the data controller, the Service Provider shall correct the personal data.
Instead of deletion, the Service Provider shall block the personal data if the User requests this or if, based on the information available to it, it can be assumed that deletion would harm the legitimate interests of the User. The blocked personal data may be processed only for as long as the processing purpose that precluded the deletion of the personal data persists.
The Service Provider shall delete the personal data if its processing is unlawful, the User requests it, the processed data is incomplete or incorrect - and this situation cannot be remedied by law - provided that deletion is not excluded by law, the purpose of the processing has ceased, or the statutory deadline for storing the data has expired, or the court or the National Authority for Data Protection and Freedom of Information has ordered it.
The controller shall mark the personal data it processes if the data subject contests the accuracy or correctness of the personal data, but the inaccuracy or incorrectness of the contested personal data cannot be clearly established.
Rectification, blocking, flagging and erasure must be notified to the data subject and to all those to whom the data were previously disclosed for processing. The notification may be omitted if this does not harm the legitimate interests of the data subject having regard to the purposes of the processing.
If the controller does not comply with the data subject's request for rectification, blocking or erasure, it shall provide the factual and legal grounds for refusing the request for rectification, blocking or erasure in writing within 30 days of receipt of the request. In the event of refusal of a request for rectification, erasure or blocking, the controller shall inform the data subject of the possibility of judicial remedy and of recourse to the Authority.
Legal remedies
You may object to the processing of your personal data if.
- the processing or transfer of personal data is necessary solely for the performance of a legal obligation to which the Service Provider is subject or for the purposes of the legitimate interests pursued by the Service Provider, the data recipient or a third party, unless the processing is required by law;
- the personal data are used or transmitted for direct marketing, public opinion polling or scientific research purposes;
- in other cases specified by law.
The service provider shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide whether the objection is justified and inform the applicant in writing of its decision. If the Service Provider determines that the objection of the data subject is justified, it shall terminate the processing, including further recording and transmission of data, and block the data, and shall notify the objection and the measures taken on the basis of the objection to all those to whom it has previously transmitted the personal data concerned by the objection and who are obliged to take action to enforce the right to object.
If the User does not agree with the decision of the Service Provider, the User may appeal against it to the court within 30 days from the date of its notification. The court shall act out of turn.
A complaint against a possible infringement by the data controller can be lodged with the National Authority for Data Protection and Freedom of Information:
National Authority for Data Protection and Freedom of Information
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Postal address: 1530 Budapest, P.O. Box 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Judicial enforcement (§ 22)
The controller must prove that the processing is in compliance with the law. It is for the recipient to prove the lawfulness of the transfer.
The court has jurisdiction to hear the case. The action may also be brought, at the option of the person concerned, before the court of the place of residence or domicile of the person concerned.
A person who does not otherwise have legal capacity to sue can also be a party to the lawsuit. The Authority may intervene in the proceedings in order to ensure that the person concerned is successful.
If the court upholds the application, the data controller shall be obliged to provide the information, rectify, block or erase the data, annul the decision taken by automated processing, take into account the right of the data subject to object, or disclose the data requested by the data subject.
If the court rejects the data subject's request, the controller is obliged to delete the data subject's personal data within 3 days of the judgment. The controller shall also be obliged to delete the data if the data subject does not apply to the court within the time limit.
The court may order the publication of its judgment, with the publication of the controller's identification data, if the interests of data protection and the protected rights of a large number of data subjects so require.
Damages and compensation (Article 23)
If the data controller causes damage to another person by unlawful processing of the data subject's data or by breaching data security requirements, the data controller must compensate the damage.
If the controller infringes the data subject's right to privacy by unlawfully processing his or her data or by breaching data security requirements, the data subject may claim damages from the controller.
The controller is liable to the data subject for any damage caused by the processor and the controller is also liable to pay the data subject the damages due in the event of a personal data breach caused by the processor. The controller shall be exempted from liability for the damage caused and from the obligation to pay the damage fee if it proves that the damage or the infringement of the data subject's personality rights was caused by an unavoidable cause outside the scope of the processing.
No compensation shall be payable and no damages shall be recoverable where the damage has been caused by the intentional or grossly negligent conduct of the victim or the infringement of a right relating to personality.
Final words
In preparing this information, we have taken into account the following legislation:
l - Act CXII of 2011 - on the Right to Informational Self-Determination and Freedom of Information (hereinafter: Infotv.)
l - Act CVIII of 2001 - on certain aspects of electronic commerce services and information society services (in particular § 13/A)
l - Act XLVII of 2008 - on the prohibition of unfair commercial practices against consumers;
l - Act XLVIII of 2008 - on the basic conditions and certain restrictions on commercial advertising (in particular § 6)
l - Act XC of 2005 on Freedom of Electronic Information
l - Act C of 2003 on Electronic Communications (specifically § 155)
l - Opinion No 16/2011 on the EASA/IAB Recommendation on best practice on behavioural online advertising