Privacy Policy

Of the www.dunagabona.hu website
Valid: as of 15 th February 2021, until revocation


This Privacy Policy governs the processing of personal data of the Dunagabona Kft. and the Pentele Mg. Zrt. (hereinafter: Controller) at this website. Controller reserves the right to amend this Policy anytime by its unilateral decision. The amendments to the Policy shall become effective upon disclosure at the www.dunagabona.hu website.

Controller respects the privacy of the visitors of the website, therefore, it collects and processes only such information, which are inevitable for the purposes specified herein. The use of the website is completely voluntary, therefore, the personal data necessarily arising due to the use of the website shall be processed by Controller on a consent basis.

The purpose of this Policy is to make the visitor of the website overview Controller’s processing activity, and to make their rights provided in this regards clear for them.

DEFINITIONS:

  • Personal data : any information relating to an identified or identifiable natural person. All information, whose collection may lead to the identification of a particular person, shall be also deemed personal data.
  • Processing: irrespective of the process used, any operation performed on the personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, as well as prevention of further use of such personal data.
  • Data subject: any identified or otherwise, either directly or indirectly, identifiable person on the basis of the specified personal data. A person is deemed identifiable in particular, when (s)he may be, either directly or indirectly, identified based on his/her name, ID No., one or more physical, mental, economic, cultural or social factors specified for him/her.
  • Controller: that person or entity, who/which determines the purposes and means of the processing of personal data, makes decisions on and executes the processing (including the tool used); or causes the data processor assigned by him executed.
  • Data Processor: that person or entity, who/which, on the basis of his/its contract with Controller, including contracting based on the provision of the laws, performs the processing of personal data.
  • Third party: that natural or legal person, public authority, agency or any other body, who/which is not identical to Data subject, Controller, Data processor or those persons, who received authorization under the direct supervision of Controller or Data processor on the processing of personal data.
  • Recipient: that natural or legal person, public authority, agency or any other body, who/which the personal data are disclosed, whether he/it is deemed third party or not.
  • Data Subject’s consent: the clear expression of Data Subject’s will based on voluntary, exact notification, where Data Subject notes by his statement or an action clearly expressing confirmation, that he provides his consent to the processing of the personal data relating to him.
  • Data breach: such breach of security, which causes the accidental or illegitimate destruction, loss, alteration, unauthorized disclosure of personal data transferred, stored or otherwise processed, or the unauthorized access thereto.

CONTROLLER:

Name: Dunagabona Kft.
Registered office: 8834 Murakeresztúr, Honvéd u. 2.
Controller’s e-mail address: dunagabona@dunagabona.hu

The data controller is not obliged to appoint a data protection officer.



Name and purpose of data management

Legal basis for data management

Scope of data managed 

Duration of data management

Contact-related data management: User identification, Contacting the User

Consent of the data subject GDPR Article 6 (1)a)

User's name User's e-mail address, User's telephone number

For the duration of the relationship between the parties 

Keeping the contact with the customer: Information related to the order and information about the products and offers available in the future

Legitimate interest GDPR Article 6 (1) f.)

Name, telephone number, e-mail address of the Customer's contact person (Data subject), 

Until the existence of the contract concluded with the Customer or until the contact is prohibited by the Data subject, i.e. until the exercise of the right to object pursuant to Article 21 (2)-(3) of the GDPR. (Whichever occurs earlier.)

Community building on social media interfaces

Consent of the data subject GDPR Article 6 (1)a) (The data subject may withdraw his/her consent unconditionall y at any time.)

Data subject’s public profile information

Until the data subject unsubscribes

 

 

I. RECIPIENTS (ADDITIONAL DATA CONTROLLERS AND DATA PROCESSORS)

The Data Controller may use external Data Processors (Recipients) to perform certain tasks.

1. HOSTING SERVICES

Adatfeldolgozó:. (székhely és postacím: 1162 Budapest Viola u. 4., telefonszám: +36 (1) 210 3624 e-mail cím: info@molehand.eu)
Adatfeldolgozó adatkezelési tájékoztatója az alábbiakban érhető el: http://www.molehand.eu/LinkClick.aspx?fileticket=lhp6t0Nr8Qw%3d&tabid=88&mid=487&language=hu-HU
Adatfeldolgozó igénybe vételére a weboldal elérhetővé tételéhez, megfelelő működtetése érdekében van szükség.
Az adatfeldolgozó az adatok tárolását végzi. Az adattárolás helye az adatfeldolgozó szervere.

2. APPEARANCE AND COMMUNICATION ON THE SOCIAL NETWORK (Linkedin)

Data processor: Linkedin Corporation, Sunnyvale, CA, USA The data management information of the Data Processor is available below: https://privacy.linkedin.com/gdpr The Data Processor is used to access the informant’s public profile - including his/her publicly provided name and other data -, his/her comments, shares and other reactions, as well as to send messages via the social network. When sending a message via the social network, the informant may also communicate other personal data in addition to his/her name, which he/she voluntarily provides on an occasional basis.

II. TRANSFER OF DATA TO A THIRD COUNTRY:

Of the Data Processors, Linkedin Corporation (Community Building, Messaging) is headquartered in a third country (USA).

These companies are included in the Article 45 of the GDPR issued by the European Commission's Adequacy Decision, and the Commission Implementing Decision 2016/1260, as well as in the USA-EU Privacy Shield List established on the basis thereof, i.e. the data transfer to this country does not constitute a transfer to a third country outside the European Union. Therefore it does not require the specific consent of the data subjects, and data transfer is permitted under Article 45 of the GDPR. This company undertook to comply with the GDPR.

III. AUTOMATED DECISION-MAKING AND PROFILING

No automated decision-making and profiling is performed at the website.

IV. DATA SECURITY MEASURES:

Controller shall design and execute the processing operations so, that they shall ensure the protection of data subjects’ privacy in the course of the use of the GDPR and other laws related to processing of personal data. Controller shall ensure the security of the personal data, and shall also take those technical and organizational measures and establish those due process laws, which are required for the achievement of the GDPR and other data protection and privacy regulations. Controller shall protect the personal data using measures in proportion to the risk, in particular against unauthorized access, alteration, transfer, disclosure, erasure or destruction, and against accidental destruction or damage, as well as becoming unavailable due to the change of the technology used. Within its framework, Controller shall store Data Subject’s personal data in a password-protected and/or encrypted database. Controller shall protect the personal data within the framework of protection in proportion to the risk, using anti-virus programs, encryption mechanisms.

V. DATA SUBJECT’S RIGHTS REGARDING PROCESSING:

Data Subject’s rights and remedies, and the restrictions thereof are included in the GDPR in details (in particular Articles 15., 16., 17., 18., 19., 20., 21., 22., 77., 78., 79. and 82). Data Subject may request notification on his/her personal data anytime, request their rectification, erasure, restriction of processing, otherwise may object processing based on legitimate interest.

The key provisions are summarized as follows.

Controller raises Data Subject’s attention in particular on as follows:

Data Subject shall have the right to object the processing of his/her personal data for Controller’s legitimate interest anytime, for reasons related to his/her own situation. In such case, Controller shall not process the personal data further, unless Controller proves that the processing is grounded by such compulsory legitimate causes, which are preferred against Data Subject’s interests, rights and freedoms, or which are related to the submittal, enforcement or protection of legal claims. If the processing of personal data is made for the purpose of direct marketing, Data Subject shall have the right to object the processing of the personal data relating to Data Subject anytime. If Data Subject objects the processing of personal data for direct marketing purposes, then such personal data shall not be processed further for this purpose.

1.) RIGHT TO NOTIFICATION:

If Controller processes personal data relating to Data Subject, then Data Subject shall provide notification to Data Subject, even without Data Subject’s such request, on the main features of processing, such as the purposes, grounds, term of processing, the identity and contact details of Controller and his/her representative, the contact details of the Data Protection Officer, the recipients of personal data, in case of processing based on legitimate interest, on the legitimate interest of Controller and/or third party, and on Data Subject’s rights and remedies related to the processing (including the right to submit a complaint to the supervisory authority, moreover, if the source of personal data is not Data Subject, then on the sources of personal data and the categories of Data Subject’s personal data, if Data Subject does not have such information yet. Controller shall provide this notification by making this Privacy Policy available to Data Subject.

2.) RIGHT TO ACCESS:

Data Subject shall have the right to receive confirmation from Controller regarding whether the processing of his/her personal data is in progress, to get access to personal data and other information related to processing, including the purposes of processing, the categories of Data Subject’s personal data, the recipients of personal data, the (proposed) term of processing, Data Subject’s rights and remedies (including the right to submit a complaint to the supervisory authority), and in case of collection of personal data not from Data Subject, information on the sources thereof. In the event of Data Subject’s such request, Controller shall make a copy of personal data subject to processing, to Data Subject. Controller may charge reasonable fee based on administrative costs for the copies requested by Data Subject. If Data Subject submitted the request by electronic means, the information shall be made available in a widely used electronic form, unless otherwise requested by Data Subject. The right regarding requesting a copy shall not adversely affect others’ rights and freedoms.

3.) RIGHT TO RECTIFICATION:

Data Subject shall have the right to cause Controller rectify the inaccurate personal data related to Data Subject without undue delay, upon his/her request. Taking the purpose of processing into consideration, Data Subject shall have the right to request the supplementation of the deficient personal data, through, among others, supplementary statement.

4.) RIGHT TO ERASURE:

Data Subject shall have the right to cause Controller erase the personal data related to Data Subject without undue delay upon his/her request, and Controller shall erase the personal data related to Data Subject without undue delay, provided that certain preconditions are met. Among others, Controller shall erase, upon Data Subject’s request, his/her personal data, if such personal data are no longer necessary for the purpose for which they were collected or otherwise processed; should Data Subject revoke his/her consent constituting the basis of processing and the processing has no other grounds; or his/her personal data were unlawfully processed; or Data Subject objects such processing and there is no preferred legitimate interest for processing; the personal data shall be erased to fulfil Controller’s legal obligation required by the applicable Union or Member State laws. The above shall not apply, when the processing is necessary:
a) to exercise the freedom of deliverance and right to information;
b) to fulfil legal obligation by Union or Member State laws, requiring the processing of personal data, applicable to Controller;
c) for public archiving purposes, for scientific and historical research or statistical purposes, provided that the right to erasure were likely to disable or substantially risk such processing;
d) to submit, enforce and protect claims.

5.) RIGHT TO RESTRICT PROCESSING:

Data Subject shall have the right to cause Controller restrict the processing upon his/her request, if any of the following conditions are met:
a) Data Subject objects the accuracy of the personal data, in such case, the restriction shall refer to that period, which enables Controller check the accuracy of the personal data;
b) the processing is illegitimate, and Data Subject objects the erasure of the data, and rather request the restriction of the use thereof;
c) Controller no longer requires the personal data for processing purposes, but Data Subject requests them to submit, enforce or protect legal claims; or
d) Data Subject objects the processing; in such case, the restriction shall refer to that period, until it is determined whether Controller’s legitimate interests are preferred against Data Subject’s legitimate interests. If the processing is subject to restriction as per the above, such personal data, except storage, may be processed only upon Data Subject’s consent, or to submit, enforce or protect legal claims, or to protect the rights of other natural or legal persons, or for the substantial public interest of the Union or any Member State. In the event of relief of the restriction requested by Data Subject, Controller shall notify Data Subject in advance.

6.) RIGHT TO OBJECTION:

Data Subject shall have the right to object the processing of his/her personal data by Controller for any reasons related to his/her own situation anytime. In such case, Controller shall no longer process the personal data, unless Controller proves that the processing is grounded by such compulsory legitimate interests, which are preferred against Data Subject’s interests, rights and freedoms, or which are related to the submittal, enforcement of protection of legal claims. If the processing of personal data is made for direct marketing purposes, Data Subject shall have the right to object the processing of his/her personal data for such purpose anytime. If Data Subject objects the processing of personal data for direct marketing purposes, then such personal data shall be no longer processed for this purpose.

VI. RIGHT TO COMPLAINT:

In the event of infringement of his/her rights, Data Subject may file a complaint to the competent data protection supervisory authority (in Hungary, to the National Authority for Data Protection and Freedom of Information; ‘NAIH’), and may exercise his/her remedy. NAIH’s contact details (Address: 1055 Budapest, Falk Miksa str. 9-11 Mailing address: 1363 Budapest, PO. 9., Phone No. +36 1 391 1400, Telefax: +36-1-391-1410, E-mail: ugyfelszolgalat@naih.hu, website: http://naih.hu/)

VII. COOKIE-K (SÜTIK) KEZELÉSE:

Controller otherwise notifies Data Subjects, that it uses cookies on the website. Cookies are such files, which store information in Data Subject’s web browser. Cookie is the information exchange tool between the web server and user’s browser. Using the information sent by the cookies, web browsers are easier to recognize, therefore, users receive relevant and customized content. Cookies make browsing more convenient. Using cookies, the website operators may also make anonymous statistics on the habits of the website visitors. Most cookies contain no personal information, users can not be identified by them. The stored data are necessary for more convenient browsing.

Websites may use the following types of cookies:

Temporary cookies, which remain on Data Subject’s tool until (s)he leaves the website. Permanent cookies, which, depending on the configuration of Data Subject’s web browser, remain on his/her device for longer period, or until Data Subject erases them.

Third-party cookies, which are placed by a third party at Data Subject (eg. Google Analytics). These are placed in his/her browser in the event when the website visited uses the services provided by the third party.

Cookies may be also classified as follows:

a) Inevitable session cookies: their use is absolutely necessary for navigation at the website, for the operation of the website’s functions. Without accepting them, the website or certain parts thereof can not, or only defectively appear.

b.) Analytic or performance monitoring cookies: these assist Controller to identify the website visitors, and collect data on how the visitors behave at the website. They do not collect information able to identify the Data Subject, since the personal data are stored in a summarized and anonymous manner.

c.) Functional cookies: the duty of such cookies is to enhance customer experience. They detect and store for instance at what device Data Subject opened the website, or his/her personal data provided before and requested to store. These cookies do not track Data Subject’s activities performed on other websites. In the information collected by them, however, there might be personal ID data, which Data Subject shared.

d.) Targeted or advertisement cookies: using them, the website can provide information mostly suitable to the Data Subject’s scope of interest. For this, Data Subject’s express consent is required, since these cookies collect detailed information on his/her browsing habits. This website collects the IP address, the time of visiting, the visited website, the country of visitor, the web browser’s version number and the type of the operating system for analytical and security purposes. This is necessary for the enforcement of legitimate interests, provision of services at appropriate level, and for analytical purposes.

Controller uses the cookies in accordance with the Eker Act., Info Act. and of the GDPR.

Those websites, such as the website operated by Controller, which are operated within the European Union, shall ask the users’ consent for the use of cookies, for the storage thereof at the user’s computer or other device. The cookies may be erased or banned in the web browsers used. The browsers, as a default, permit the placement of cookies. This may be banned in the browser’s settings, and erase the existing ones. Also, it can be set, whether the browser shall send a notice to the User, when sending a cookie to the device.

It is important to highlight, however, that banning or restricting these files may lower the browsing experience, and defect may arise also in the website’s functionality. The configuration options are usually found in the ‘Option’ or ‘Settings’ menu section. Every web search engine is different, so for the purpose of appropriate settings, Controller requests Data Subject to use the ‘Help’ or ‘Tutorial’ menu of his/her browser, or click on any of the following relevant links: Internet Explorer: https://support.microsoft.com/hu-hu/help/17442/windows-internetexplorer- delete-manage-cookies Firefox: https://support.mozilla.org/en-US/products/firefox/protect-yourprivacy/cookies Chrome: https://support.google.com/chrome/answer/95647?hl=en Safari: https://support.apple.com/kb/PH5042?locale=en_US Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torleseszamito

APPLICABLE LAWS:

When preparing the Privacy Policy, the following laws have been taken in to particular consideration:

Regulation No. 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” ‘GDPR’) Act CXII of 2011 on the Information self-determination right and freedom of information (‘Info Act’).

When assembling the Privacy Policy, the recommendations of the National Authority for Data Protection and Freedom of Information on the data protection requirements of prior notification have been also taken into consideration.