Privacy Policy
Of the www.dunagabona.hu website
Valid: as of 15 th February 2021, until revocation
This Privacy Policy governs the processing of personal data of the Dunagabona Kft. and the
Pentele Mg. Zrt. (hereinafter: Controller) at this website. Controller reserves the right to
amend this Policy anytime by its unilateral decision. The amendments to the Policy shall
become effective upon disclosure at the www.dunagabona.hu website.
Controller respects the privacy of the visitors of the website, therefore, it collects and processes only such information, which are inevitable for the purposes specified herein. The use of the website is completely voluntary, therefore, the personal data necessarily arising due to the use of the website shall be processed by Controller on a consent basis.
The purpose of this Policy is to make the visitor of the website overview Controller’s processing activity, and to make their rights provided in this regards clear for them.
DEFINITIONS:
CONTROLLER:
Name: Dunagabona Kft.
Registered office: 8834 Murakeresztúr, Honvéd u. 2.
Controller’s e-mail address: dunagabona@dunagabona.hu
The data controller is not obliged to appoint a data protection officer.
Name and purpose of data management | Legal basis for data management | Scope of data managed | Duration of data management |
Contact-related data management: User identification, Contacting the User | Consent of the data subject GDPR Article 6 (1)a) | User's name User's e-mail address, User's telephone number | For the duration of the relationship between the parties |
Keeping the contact with the customer: Information related to the order and information about the products and offers available in the future | Legitimate interest GDPR Article 6 (1) f.) | Name, telephone number, e-mail address of the Customer's contact person (Data subject), | Until the existence of the contract concluded with the Customer or until the contact is prohibited by the Data subject, i.e. until the exercise of the right to object pursuant to Article 21 (2)-(3) of the GDPR. (Whichever occurs earlier.) |
Community building on social media interfaces | Consent of the data subject GDPR Article 6 (1)a) (The data subject may withdraw his/her consent unconditionall y at any time.) | Data subject’s public profile information | Until the data subject unsubscribes |
I. RECIPIENTS (ADDITIONAL DATA CONTROLLERS AND DATA PROCESSORS)
The Data Controller may use external Data Processors (Recipients) to perform certain tasks.
1. HOSTING SERVICES
Adatfeldolgozó:. (székhely és postacím: 1162 Budapest Viola u. 4., telefonszám: +36 (1) 210 3624 e-mail cím: info@molehand.eu)
Adatfeldolgozó adatkezelési tájékoztatója az alábbiakban érhető el: http://www.molehand.eu/LinkClick.aspx?fileticket=lhp6t0Nr8Qw%3d&tabid=88&mid=487&language=hu-HU
Adatfeldolgozó igénybe vételére a weboldal elérhetővé tételéhez, megfelelő működtetése érdekében van szükség.
Az adatfeldolgozó az adatok tárolását végzi. Az adattárolás helye az adatfeldolgozó szervere.
2. APPEARANCE AND COMMUNICATION ON THE SOCIAL NETWORK (Linkedin)
Data processor: Linkedin Corporation, Sunnyvale, CA, USA The data management information of the Data Processor is available below: https://privacy.linkedin.com/gdpr The Data Processor is used to access the informant’s public profile - including his/her publicly provided name and other data -, his/her comments, shares and other reactions, as well as to send messages via the social network. When sending a message via the social network, the informant may also communicate other personal data in addition to his/her name, which he/she voluntarily provides on an occasional basis.
II. TRANSFER OF DATA TO A THIRD COUNTRY:
Of the Data Processors, Linkedin Corporation (Community Building, Messaging) is headquartered in a third country (USA).
These companies are included in the Article 45 of the GDPR issued by the European Commission's Adequacy Decision, and the Commission Implementing Decision 2016/1260, as well as in the USA-EU Privacy Shield List established on the basis thereof, i.e. the data transfer to this country does not constitute a transfer to a third country outside the European Union. Therefore it does not require the specific consent of the data subjects, and data transfer is permitted under Article 45 of the GDPR. This company undertook to comply with the GDPR.
III. AUTOMATED DECISION-MAKING AND PROFILING
No automated decision-making and profiling is performed at the website.
IV. DATA SECURITY MEASURES:
Controller shall design and execute the processing operations so, that they shall ensure the protection of data subjects’ privacy in the course of the use of the GDPR and other laws related to processing of personal data. Controller shall ensure the security of the personal data, and shall also take those technical and organizational measures and establish those due process laws, which are required for the achievement of the GDPR and other data protection and privacy regulations. Controller shall protect the personal data using measures in proportion to the risk, in particular against unauthorized access, alteration, transfer, disclosure, erasure or destruction, and against accidental destruction or damage, as well as becoming unavailable due to the change of the technology used. Within its framework, Controller shall store Data Subject’s personal data in a password-protected and/or encrypted database. Controller shall protect the personal data within the framework of protection in proportion to the risk, using anti-virus programs, encryption mechanisms.
V. DATA SUBJECT’S RIGHTS REGARDING PROCESSING:
Data Subject’s rights and remedies, and the restrictions thereof are included in the GDPR in details (in particular Articles 15., 16., 17., 18., 19., 20., 21., 22., 77., 78., 79. and 82). Data Subject may request notification on his/her personal data anytime, request their rectification, erasure, restriction of processing, otherwise may object processing based on legitimate interest.
The key provisions are summarized as follows.
Controller raises Data Subject’s attention in particular on as follows:
Data Subject shall have the right to object the processing of his/her personal data for Controller’s legitimate interest anytime, for reasons related to his/her own situation. In such case, Controller shall not process the personal data further, unless Controller proves that the processing is grounded by such compulsory legitimate causes, which are preferred against Data Subject’s interests, rights and freedoms, or which are related to the submittal, enforcement or protection of legal claims. If the processing of personal data is made for the purpose of direct marketing, Data Subject shall have the right to object the processing of the personal data relating to Data Subject anytime. If Data Subject objects the processing of personal data for direct marketing purposes, then such personal data shall not be processed further for this purpose.
1.) RIGHT TO NOTIFICATION:
If Controller processes personal data relating to Data Subject, then Data Subject shall provide notification to Data Subject, even without Data Subject’s such request, on the main features of processing, such as the purposes, grounds, term of processing, the identity and contact details of Controller and his/her representative, the contact details of the Data Protection Officer, the recipients of personal data, in case of processing based on legitimate interest, on the legitimate interest of Controller and/or third party, and on Data Subject’s rights and remedies related to the processing (including the right to submit a complaint to the supervisory authority, moreover, if the source of personal data is not Data Subject, then on the sources of personal data and the categories of Data Subject’s personal data, if Data Subject does not have such information yet. Controller shall provide this notification by making this Privacy Policy available to Data Subject.
2.) RIGHT TO ACCESS:
Data Subject shall have the right to receive confirmation from Controller regarding whether the processing of his/her personal data is in progress, to get access to personal data and other information related to processing, including the purposes of processing, the categories of Data Subject’s personal data, the recipients of personal data, the (proposed) term of processing, Data Subject’s rights and remedies (including the right to submit a complaint to the supervisory authority), and in case of collection of personal data not from Data Subject, information on the sources thereof. In the event of Data Subject’s such request, Controller shall make a copy of personal data subject to processing, to Data Subject. Controller may charge reasonable fee based on administrative costs for the copies requested by Data Subject. If Data Subject submitted the request by electronic means, the information shall be made available in a widely used electronic form, unless otherwise requested by Data Subject. The right regarding requesting a copy shall not adversely affect others’ rights and freedoms.
3.) RIGHT TO RECTIFICATION:
Data Subject shall have the right to cause Controller rectify the inaccurate personal data related to Data Subject without undue delay, upon his/her request. Taking the purpose of processing into consideration, Data Subject shall have the right to request the supplementation of the deficient personal data, through, among others, supplementary statement.
4.) RIGHT TO ERASURE:
Data Subject shall have the right to cause Controller erase the personal data related to Data
Subject without undue delay upon his/her request, and Controller shall erase the personal data
related to Data Subject without undue delay, provided that certain preconditions are met.
Among others, Controller shall erase, upon Data Subject’s request, his/her personal data, if
such personal data are no longer necessary for the purpose for which they were collected or
otherwise processed; should Data Subject revoke his/her consent constituting the basis of
processing and the processing has no other grounds; or his/her personal data were unlawfully
processed; or Data Subject objects such processing and there is no preferred legitimate
interest for processing; the personal data shall be erased to fulfil Controller’s legal obligation
required by the applicable Union or Member State laws. The above shall not apply, when the
processing is necessary:
a) to exercise the freedom of deliverance and right to information;
b)
to fulfil legal obligation by Union or Member State laws, requiring the processing of personal
data, applicable to Controller;
c) for public archiving purposes, for scientific and historical
research or statistical purposes, provided that the right to erasure were likely to disable or
substantially risk such processing;
d) to submit, enforce and protect claims.
5.) RIGHT TO RESTRICT PROCESSING:
Data Subject shall have the right to cause Controller restrict the processing upon his/her
request, if any of the following conditions are met:
a) Data Subject objects the accuracy of the personal data, in such case, the restriction shall
refer to that period, which enables Controller check the accuracy of the personal data;
b) the processing is illegitimate, and Data Subject objects the erasure of the data, and rather
request the restriction of the use thereof;
c) Controller no longer requires the personal data for processing purposes, but Data Subject
requests them to submit, enforce or protect legal claims; or
d) Data Subject objects the processing; in such case, the restriction shall refer to that period,
until it is determined whether Controller’s legitimate interests are preferred against Data
Subject’s legitimate interests. If the processing is subject to restriction as per the above, such
personal data, except storage, may be processed only upon Data Subject’s consent, or to
submit, enforce or protect legal claims, or to protect the rights of other natural or legal
persons, or for the substantial public interest of the Union or any Member State. In the event
of relief of the restriction requested by Data Subject, Controller shall notify Data Subject in
advance.
6.) RIGHT TO OBJECTION:
Data Subject shall have the right to object the processing of his/her personal data by Controller for any reasons related to his/her own situation anytime. In such case, Controller shall no longer process the personal data, unless Controller proves that the processing is grounded by such compulsory legitimate interests, which are preferred against Data Subject’s interests, rights and freedoms, or which are related to the submittal, enforcement of protection of legal claims. If the processing of personal data is made for direct marketing purposes, Data Subject shall have the right to object the processing of his/her personal data for such purpose anytime. If Data Subject objects the processing of personal data for direct marketing purposes, then such personal data shall be no longer processed for this purpose.
VI. RIGHT TO COMPLAINT:
In the event of infringement of his/her rights, Data Subject may file a complaint to the competent data protection supervisory authority (in Hungary, to the National Authority for Data Protection and Freedom of Information; ‘NAIH’), and may exercise his/her remedy. NAIH’s contact details (Address: 1055 Budapest, Falk Miksa str. 9-11 Mailing address: 1363 Budapest, PO. 9., Phone No. +36 1 391 1400, Telefax: +36-1-391-1410, E-mail: ugyfelszolgalat@naih.hu, website: http://naih.hu/)
VII. COOKIE-K (SÜTIK) KEZELÉSE:
Controller otherwise notifies Data Subjects, that it uses cookies on the website. Cookies are such files, which store information in Data Subject’s web browser. Cookie is the information exchange tool between the web server and user’s browser. Using the information sent by the cookies, web browsers are easier to recognize, therefore, users receive relevant and customized content. Cookies make browsing more convenient. Using cookies, the website operators may also make anonymous statistics on the habits of the website visitors. Most cookies contain no personal information, users can not be identified by them. The stored data are necessary for more convenient browsing.
Websites may use the following types of cookies:
Temporary cookies, which remain on Data Subject’s tool until (s)he leaves the website. Permanent cookies, which, depending on the configuration of Data Subject’s web browser, remain on his/her device for longer period, or until Data Subject erases them.
Third-party cookies, which are placed by a third party at Data Subject (eg. Google Analytics). These are placed in his/her browser in the event when the website visited uses the services provided by the third party.
Cookies may be also classified as follows:
a) Inevitable session cookies: their use is absolutely necessary for navigation at the website, for the operation of the website’s functions. Without accepting them, the website or certain parts thereof can not, or only defectively appear.
b.) Analytic or performance monitoring cookies: these assist Controller to identify the website visitors, and collect data on how the visitors behave at the website. They do not collect information able to identify the Data Subject, since the personal data are stored in a summarized and anonymous manner.
c.) Functional cookies: the duty of such cookies is to enhance customer experience. They detect and store for instance at what device Data Subject opened the website, or his/her personal data provided before and requested to store. These cookies do not track Data Subject’s activities performed on other websites. In the information collected by them, however, there might be personal ID data, which Data Subject shared.
d.) Targeted or advertisement cookies: using them, the website can provide information mostly suitable to the Data Subject’s scope of interest. For this, Data Subject’s express consent is required, since these cookies collect detailed information on his/her browsing habits. This website collects the IP address, the time of visiting, the visited website, the country of visitor, the web browser’s version number and the type of the operating system for analytical and security purposes. This is necessary for the enforcement of legitimate interests, provision of services at appropriate level, and for analytical purposes.
Controller uses the cookies in accordance with the Eker Act., Info Act. and of the GDPR.
Those websites, such as the website operated by Controller, which are operated within the European Union, shall ask the users’ consent for the use of cookies, for the storage thereof at the user’s computer or other device. The cookies may be erased or banned in the web browsers used. The browsers, as a default, permit the placement of cookies. This may be banned in the browser’s settings, and erase the existing ones. Also, it can be set, whether the browser shall send a notice to the User, when sending a cookie to the device.
It is important to highlight, however, that banning or restricting these files may lower the browsing experience, and defect may arise also in the website’s functionality. The configuration options are usually found in the ‘Option’ or ‘Settings’ menu section. Every web search engine is different, so for the purpose of appropriate settings, Controller requests Data Subject to use the ‘Help’ or ‘Tutorial’ menu of his/her browser, or click on any of the following relevant links: Internet Explorer: https://support.microsoft.com/hu-hu/help/17442/windows-internetexplorer- delete-manage-cookies Firefox: https://support.mozilla.org/en-US/products/firefox/protect-yourprivacy/cookies Chrome: https://support.google.com/chrome/answer/95647?hl=en Safari: https://support.apple.com/kb/PH5042?locale=en_US Mozilla: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torleseszamito
APPLICABLE LAWS:
When preparing the Privacy Policy, the following laws have been taken in to particular consideration:
Regulation No. 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” ‘GDPR’) Act CXII of 2011 on the Information self-determination right and freedom of information (‘Info Act’).
When assembling the Privacy Policy, the recommendations of the National Authority for Data Protection and Freedom of Information on the data protection requirements of prior notification have been also taken into consideration.
Copyright © Dunagabona Kft. 2021