DATA MANAGEMENT INFORMATION - Czédli Anett EV
1 INTRODUCTION
As the operator of the website www.onlinekonyveles-cza.com (hereinafter referred to as the “Website”), I provide the following information on the data management practices related to my business pursuant to Article 13 of the GDPR.
I treat personal data confidentially in accordance with the applicable European and Hungarian legislation, in particular the following legislation:
Regulation 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or GDPR);
Act CXII of 2011 on the right to information self-determination and freedom of information. Act (Information Act);
Act V of 2013 on the Civil Code (Civil Code);
Act XLVII of 1997 on the handling and protection of health and related personal data. Act (Eüatv.)
CVIII of 2001 on certain aspects of electronic commerce services and information society services. Act (Eker Act);
Act XLVIII of 2008 on the basic conditions and certain restrictions of economic advertising activity. Act (Grt.);
1995. CXIX. Act on the Management of Name and Address Data for the Purpose of Research and Direct Business Acquisition (Katv.),
CLV of 1997 on consumer protection. Act (Fgytv.) .;
Act C of 2000 on Accounting (Accounting Act).
2 DEFINITIONS
2.1. "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); identify a natural person who, directly or indirectly, in particular on the basis of an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
2.2. "Processing" means any operation or set of operations on personal data or files, whether automated or non-automated, such as collection, recording, systematisation, sorting, storage, transformation or alteration, retrieval, consultation, use, communication, transmission, dissemination or other harmonization or interconnection, restriction, deletion or destruction;
2.3. "Restriction of data processing" means the marking of stored personal data with the aim of limiting their future processing;
2.4. "Pseudonymisation" means the processing of personal data in such a way that it is no longer possible to determine to which specific natural person the personal data relate without the use of additional information, provided that such additional information is stored separately and technical and organizational measures are taken; it is ensured that this personal data cannot be linked to identified or identifiable natural persons;
2.5. "Controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
2.6. "Processor" means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
2.7. "Recipient" means a natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities that may have access to personal data in the framework of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
2.8. "Third party" means any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons authorized to process personal data under the direct control of the controller or processor; they got;
2.9. "Consent of the data subject" means a voluntary, specific and well-informed and clear statement of the will of the data subject, by which he or she indicates his or her consent to the processing of personal data concerning him or her by means of a statement or unambiguous statement;
2.10. "Data protection incident" means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data which have been transmitted, stored or otherwise handled;
2.11. "Undertaking" means any natural or legal person engaged in an economic activity, regardless of its legal form, including partnerships and associations carrying on a regular economic activity;
2.12. 'Information society service' means a service within the meaning of Article 1 (1) (b) of Directive (EU) 2015/1535 of the European Parliament and of the Council (19);
3 GENERAL INFORMATION
3.1 Contact details of the data controller
name: Czédli Anett ev
Headquarters: 2310 Szigetszentmiklós, Losonczi utca 8 / a
Phone number: +36 30 343 6264
Email: anett.czedli@gmail.com
3.2 About the Data Protection Officer
I would like to inform you that my company is not obliged to choose a data protection officer under Article 37 of the GDPR, as it is not a public authority or a public body, its activities do not involve an operation requiring regular and systematic monitoring of users and handles a large number of special data and personal data on decisions to establish criminal liability and criminal offenses.
In the above, sections 2.1.3 and 2.1.4 of the WP29 Working Party Guidelines on Data Protection Officers I took into account point.
If you have any privacy questions, please contact me at the email address above.
4 NAMED DATA MANAGEMENTS
In the spirit of the transparency required by the GDPR, you can find out about the data processed for their realization, their legal basis and the duration of the data processing, broken down below according to each data processing purpose.
To ensure that the data is protected against unauthorized access, I have taken appropriate technical precautions and will take all possible measures to maintain maximum protection (see also point 5).
4.1 Contacting
If you have any questions or are interested in my service, you have the opportunity to contact me at the e-mail address on the Website or on the contact form.
4.
4.1.1. The purpose of data management is to contact the data subject
4.1.2. Scope of data processed: e-mail address, surname and first name, other data provided by the data subject
4.1.3. Legal basis for data processing: consent of the data subject [Article 6 (1) (a) GDPR]
4.1.4. Duration of data processing: until the end of the contact (until the data subject's question is answered or the information given on the inquiry is provided) but up to a maximum of 6 months.
4.1.5. Data processor:
hosting provider
Wix.com LTD (Registered office: 40 Namal Tel Aviv, 6350671, Israel, VAT ID : EU442008451)
Web developer
4.2 Server logging
When you visit the www.onlinekonyveles-cza.com website, the web server automatically records data in order to ensure the secure operation of the system.
The generated data are not linked to other data during the analysis of the log files, they are for statistical purposes only.
4.2.1. The purpose of data management: to check the operation of the system
4.2.2. Legal basis for data processing: legitimate interest of the controller (Article 6 (1) (f) GDPR). Legitimate interest: safe operation of the website
4.2.3. The range of data managed: date of visit, computer's IP address, browser type and version, operating system type and version
4.2.4. Duration of data management: 6 months
4.2.5. Data processor: hosting provider
Wix.com LTD (Registered office: 40 Namal Tel Aviv, 6350671, Israel, VAT ID : EU442008451)
4.3 Communication
I handle your contact information for contact purposes only.
4.3.1. The purpose of data management is to create the possibility of contacting the data subjects
4.3.2. Legal basis for data processing: performance of a contract (Article 6 (1) (b) GDPR)
4.3.3. The range of personal data processed: surname and first name, e-mail address, telephone number
4.3.4. Duration of data management: until the conclusion of the contract. If a contract is concluded, a separate Privacy Policy will be prepared for the accounting service.
5 HOW TO STORE PERSONAL DATA, SECURITY OF DATA PROCESSING
I store personal data on the territory of Hungary, at my headquarters, on my own data carrier.
Creating data security
IT measures (selection of appropriate software, programs, firewall, backups, password-protected media) and
technical measures (such as providing physical protection to ensure the closed storage of documents, such as invoices)
I try to guarantee.
Regarding the Website and the mail system, the hosting provider: Wix.com LTD (Registered office: 40 Namal Tel Aviv, 6350671, Israel, VAT ID : EU442008451)
6 RIGHTS OF STAKEHOLDERS
You can exercise the following rights of your choice:
6.1 Right of access to personal data (Article 15 GDPR)
By exercising this right, you have the opportunity to request a copy of the personal information stored about you and to make sure that I have acted properly.
The information is free, but I charge a fee based on the administrative cost for additional copies.
6.2 Right of rectification (Article 16 GDPR)
You have the right to correct inaccurate personal data or to supplement incomplete personal data at your request. I will do this immediately (without undue delay).
6.3 Right of cancellation (right of oblivion, Article 17 GDPR)
You have the right to delete your personal data upon request. I will do this immediately (without undue delay). If personal information has been disclosed, I will take all reasonable steps to inform additional data controllers that you request the deletion of links or copies of data to the personal information in question.
In any case, not on request, I am obliged to delete your personal data immediately (without undue delay) in the following cases:
6.3.1. personal data is no longer required for the purpose for which I collected it;
6.3.2. if you withdraw your consent to the processing and there is no other legal basis for the processing;
6.3.3. if you object to the processing and there is no priority legitimate reason for the processing;
6.3.4. despite all efforts, I have handled personal data unlawfully;
6.3.5. personal data must be deleted in order to comply with a legal obligation under applicable Union or Member State law;
6.3.6. personal data was collected in connection with the provision of information society services to children under the age of 16.
6.4 Right to restrict data processing (Article 18 GDPR)
6.4.1. In the event that you believe that the personal data processed is inaccurate, you may request a restriction on the processing of the data until the actual accuracy or inaccuracy of the data is revealed.
6.4.2. If the data processing is illegal, but you do not want me to delete your data because it is in your interest for some reason, you can ask me to restrict the data processing instead.
6.4.3. If the purpose of data management has ceased, but you do not want me to delete the data because you need it to validate any of your claims, you can also request a restriction.
6.5 Right to data portability (Article 20 GDPR)
You have the right to request your processed data in electronic and structured form and to transfer it to another data controller or, if this is technically possible, to request the transfer from me.
6.6 Right to protest (Article 21 GDPR)
You have the right to object to the processing of your personal data for the purpose of direct business acquisition or profiling. In this case, the data cannot be processed for this purpose.
You may also object if the data processing is based on the legitimate interest of the Data Controller (or a third party). In this case, the data can only be further processed in very exceptional cases (in case of a compelling legitimate reason).
7 RULES OF PROCEDURE
If you wish to assert your rights, I will inform you without undue delay, but no later than one month from the receipt of the request, of the action taken on the request. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months.
I will inform you of the extension of the deadline, stating the reasons for the delay, within one month of receiving the request. If you have submitted your application electronically, the information will be provided electronically, unless you request otherwise.
If no action is taken on your request, I will inform you without delay, but no later than one month after receipt of the request, of the reasons for the failure to take action and of the fact that you can lodge a complaint with the National Data Protection and Freedom of Information Authority.
The requested information and information is provided free of charge. However, in the event that your request is manifestly unfounded or, in particular due to its repetitive nature, excessive, I may charge a fee or refuse to act on the request.
8 ENFORCEMENT OPTIONS
8.1. To enforce your rights, you can contact the National Data Protection and Freedom of Information Authority, whose contact details are as follows:
Headquarters: 1125 Budapest, Szilágyi Erzsébet avenue 22 / C.
Mailing address: 1530 Budapest, Pf .: 5.
Phone: + 36-1-391-1400
Fax: + 36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
8.2. In addition to the above, you can also go to court if your rights are violated. The trial falls within the jurisdiction of the tribunal. The lawsuit may be initiated before the court of the User's place of residence or stay, at the User's choice.