Privacy Policy

RECITALS

Infofutár-Mikrotech Kft. (hereinafter: Controller), during its activity, shall pay extra attention on the protection of personal data, the compliance with mandatory provisions of law, secure and fair data processing.

Controller’s data:

Company name: Infofutár-Mikrotech Kft.

Company reg. No.:

Head office: Jósika M. u. 3. al. H-3524 Miskolc

VAT No.: HU25113367

 

Controller shall process the personal data made available to it pursuant to the Hungarian and European laws in force and according ethic requirements at all times, and take all of those technical and organizational measures, which are required for appropriate secure data processing. The present Policy was drafted pursuant to the following effective laws:

• Act CXIX of 1995 on the processing of name and address data for the purpose of research and direct marketing
• Act CVIII of 2001 on certain matters of electronic trading services and services related to the information society
• Act XLVIII of 2008 on the basic conditions and certain limitations of business advertisement activity
• Act CXII of 2011 on informational self-determination right and informational freedom
• 2016/679/EU (27^th April 2016) Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive).

 

Controller undertakes the unilateral compliance with this Policy, and hereby requests its customers to acknowledge the provisions of the Policy. Controller reserves the right to amend the Privacy Policy, and shall make the amended Policy public in such event.

DEFINITIONS

In our Policy, the privacy terms shall have the following meanings:

Personal data: any data or consequence arising from the data on the data subject relating to an identified or identifiable natural person (hereinafter: ‘data subject’). The personal data shall preserve its such quality, until its relationship with the data subject can be recovered. A person shall be deemed identifiable in particular, if (s)he can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.

Consent: any freely given, specific and unambiguous indication of the data subject’s wishes based on proper information, by which he or she, signifies agreement to the processing of personal data relating to him or he, in full or for certain operations.

Objection: data subject’s statement, where (s)he objects the processing of his/her personal data, and request the termination of the data processing, and/or the erasure of the processed data.

Controller: that natural or legal person or business entity without legal personality, which, alone or jointly with others, determines the purposes of the processing of personal data, makes and enforces the decisions on processing (including the tools involved), or make them enforced by Processor.

Processing: irrespective of the applied method, any operation or set of operations which is performed on personal data, in particular collection, recording, organisation, storage, alteration, use, query, transfer, disclosure, alignment or combination, restriction, erasure or destruction, and the prevention of further use of data, making photo, audio or video footage, and recording of physical attributes suitable to identify the person (eg. fingerprint or palm print, DNA-sample, iris-image).

Data transfer: making the data available to a specific third party.

Disclosure: making the data available to anyone.

Erasure: making the data unable to be identified so, that its recovery is not possible anymore.

Data locking: affixing an ID to the data for the purpose of restricting its further processing permanently or for a specified period.

Processing: performance of technical duties related to the processing operations, irrespective of the method and tool used for the operation, and the place of application, provided that the technical duty is made on the data.

Processor: a natural or legal person, or business entity without legal personality, who or which processes data upon Agreement, including the Agreement concluded based on the provision of laws.

Set of data: all data processed in the same registry.

Third Party: that natural or legal person, or business entity without legal personality, who or which is other than the data subject, the controller or the processor.

EGT stat: a member state of the European Union or other state participating in the Agreement on the European Economic Area, and that state, whose citizen, based on an international treaty arranged between the European Union and its member states, and a state that is not member of the Agreement on the European Economic Area, enjoys the same status as the citizens of any member of the Agreement on the European Economic Area.

Third country: every state that is not EEA state.

 

DATA PROCESSING PRINCIPLES

 

A personal data may be processed when the data subject consents, or it is ordered by an Act, or upon the authorization of the law, within certain limitations, by the Local Municipal Regulation.

Personal data may be processed only for specific purposes, to exercise rights or perform obligations. The processing shall comply with the purpose in all phases.

Only such personal data may be processed, which is necessary for the purposes of the data processing, suitable to achieve the specific purpose, for the extent and duration required to achieve the specific purpose.

Personal data may be transferred, and different processings may be interconnected, if the data subject consents, or it is provided by the law, and if the requirements of processing are met in regards all personal data.

Personal data may be transferred from the country, irrespective of the data storage or data transfer method, to a controller or processor situated in a third country, if the data subject expressly consents, or it is provided by the law, and during the control or processing of the transferred data in the third country, the appropriate level of protection of the personal is ensured.

In case of mandatory data processing, the purposes and conditions of the processing, the scope and availability of data to be processed, the duration of processing and the person of the processor are determined in the law or local municipal regulation ordering the processing. Disclosure of personal data may be ordered by the law for public interests, by expressly determining the scope of data. In all other cases, the data subject’s consent, in case of sensitive data, his/her written consent is required for disclosure. In case of doubt, it shall be deemed as default, that the data subject did not consent. The data subject’s consent shall be deemed provided in regards the data disclosed or provided for public disclosure during his/her public appearance.

The right to protect personal data and the data subject’s privacy rights, unless otherwise provided by the law, shall not be infringed by interests of the processing, including the publicity of public data.

 

LEGAL BASIS OF PROCESSING

 

Controller’s activities are based on the law or voluntary consent in all cases. In certain cases, the processing, in the absence of consent, is based on other legal basis or the Article 6 of the Regulation.

Controller avails the cooperation and services of the following Processors for its activity:

 

 

Barion Payment Zrt.

Head office: Infopark setany 1. I. building 5/5 H-1117 Budapest

Company reg. No.: Cg. 01-10-048552

VAT No.: HU25353192

Transferred data: customer’s name, e-mail address, name and price of the purchased product, total amount of payment.

Purpose of data transfer: credit/debit card payment

 

The Rocket Science Group LLC (Mailchimp)

675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

Transferred data: customer’s name, e-mail address, customer’s billing address, newsletter registering person’s e-mail address and first name

Purpose of data transfer: sending newsletters

 

The html code of the websites operated by Controller, for the purpose of web analytics measurements, may contain independent links arriving from external server, referring to external server. The measurement may cover conversion tracking too. The web analytics service provider does not process personal data, only data related to browsing, that are unsuitable for the identification of certain individuals. Currently, Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043) provides the web analytics services within the Google Analytics service.

Controller runs so-called remarketing advertisements via Facebook and Google AdWords advertisement systems. These service providers may collect or receive data from Controller’s website or other Internet sources using cookies, web trackers or similar technologies. They may provide measurement services and customize advertisements using these data. These customized advertisements may appear in additional websites listed in Facebook’s or Google’s affiliate network. The remarketing lists do not contain the visitor’s personal data, they are unsuitable for the identification of a person. The user may cancel the use of cookies on his/her own computer, and/or may disable their application in the web browser. These options, depending on the actual browser, but usually, are available in the Settings / Privacy menu section. You can find further information on Google’s and Facebook’s privacy policies on the following links: http://www.google.com/privacy.html and https://www.facebook.com/about/privacy/

Newsletter

Controller sends online newsletters and electronic, or postal direct marketing messages containing news and offers to the subscribers to the newsletters of the websites operated by itself usually monthly. By subscribing to the newsletter, providing the first name and an e-mail address are mandatory, which are required to send the messages. We process the data as long as the data subject requests their erasure. The unsubscribe option is ensured by a direct link in each newsletter. User shall be liable for the validity of the provided personal data.

 

Purchase

 

Controller sends online newsletters and electronic, or postal direct marketing messages containing news and offers to the users making purchases on the websites operated by itself usually monthly. During the purchase, providing the data required for the invoicing and potential shipping, e-mail address and phone number are mandatory. We process the data as long as the data subject requests their erasure. The unsubscribe option is ensured by a direct link in each newsletter, and/or the erasure of the above data may be requested on the website. User shall be liable for the validity of the provided personal data.

 

Comment

 

When submitting comment to the website, in addition to the data provided in the comment textbox, the commenter’s IP address and the browser ID character string are also collected to ban spam contents.

Following accepting the comment, the comment’s content and the profile image appear to the public.

 

The processing was reported to the National Authority for Data Protection and Freedom of Information, the processing’s privacy registration ID No. is: NAIH-127834/2017

 

PROCESSING SECURITY

 

Place of processing: C-Host Kft.’s actual site

Controller shall protect the data in particular against unauthorized access, alteration, transfer, disclosure, erasure or destruction and accidental destruction or damage. Controller, jointly with the server’s operators, shall ensure data security taking such technical and organizational measures, that provide the appropriate level of protection according to the risks arising in relation to the processing.

 

RIGHTS OF DATA SUBJECTS

 

Data subject may request notification on the processing of his/her personal data, and request the rectification, and/or, except the processings ordered by the laws, erasure of his/her personal data via the link provided in the footnote, or any of Controller’s contact details. On Data Subject’s request, Controller shall provide notification on his/her processed data, the purposes, legal basis, duration of processing, the name and address (head office) of Processor and the activity related to the processing, and who and for what purposes receive or received the data. Controller shall provide the requested information as soon as possible, but latest within 25 days from submitting the request in writing, free of charge, in a clear form.

Controller shall rectify invalid personal data. Controller shall erase the personal data, if its processing is unlawful, it is requested by the data subject, or if it is deficient or incorrect, and this state can not be rectified, provided that the erasure is not prohibited by the law, if the purpose of processing ceased, or the deadline to store the data provided by the law has expired, or it is ordered by the Court or the Data Privacy Ombudsman. The data subject and all persons, who the data for processing purposes have been transferred to, shall be notified on the rectification or erasure. The notification may be dismissed, if regarding the purpose of processing, it does not infringe the data subject’s lawful interests.

The data subject may object the processing of his/her personal data, if the processing (transfer) of the personal data is necessary solely for the exercise or enforcement of Controller’s or Transferee’s rights or lawful interests, except if the processing was ordered by the law, the personal data is used or transferred for direct marketing, survey or scientific research, the right to objection is otherwise provided by the law.

Controller, by concurrently suspending the processing, shall investigate the objection as soon as possible, but latest within 15 days, and notify the requesting party in writing on its result. If the objection has grounds, Controller shall cancel the processing, including further data recording and transfer, and lock the data, and notify all parties on the objection and the measures taken upon that, who it has transferred the personal data subject to the objection, and shall take measures to enforce the right to objection, and who shall take measures to enforce the right to objection.

Data subject, in the event of personal data breach, may turn to the Court or the Data Privacy Authority. Legal remedies and complaints shall be sent to the following contact details:

Name: National Authority for Data Protection and Freedom of Information

Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.

Phone No.: +36 1 391 1400

Telefax: +36 1 391 1410

E-mail: ugyfelszolgalat@naih.hu

Website: naih.hu

 

Effective as of: 25.04.2019