1.1. The purpose of this Privacy Policy is to introduce the data privacy and data processing principles guiding the Electrostatics Kft. (Limited Liability Corporation) as controller (hereinafter: Controller) during the processing of personal data of visitors of (henceforth: data subject) the electrostatics.hu and the … [1] webpages (hereinafter: Webpages).
1.2. The Controller is committed to adhering to the requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (henceforth: General Data Protection Regulation), the Act CXII of 2011 on information self-determination and freedom of information, other legal regulations, the legal practice of the Hungarian National Authority for Data Protection and Freedom of Information and the relevant case-law of the Court of Justice of the European Union and Hungarian courts in the context of its data processing activities.
1.3. For these purposes, the Controller issues the following Privacy Policy in connection with the data processing activities related to the contact form and contact options of the Webpages.
2.1.
2.2. The Controller has no appointed data protection officer.
3.1. The Controller processes personal data, which are provided by the data subject to the Controller in connection with contact form and contact options of the Webpages and any other personal data provided by the data subject. In case the provided personal data are modified during the data processing activities, the data subject is obliged to notify the contact person defined in 2.1. without undue delay.
3.2. The processed personal data are collected from the data subject.
3.3. The precise scope of processed personal data is defined in conjunction with the purpose, legal basis and duration of the data processing in 4.
The Privacy Policy demonstrates the different categories of processed personal data based on the purpose of data processing.
In case the data subject grants the Controller access to personal data, which does not adhere to the data processing purposes defined in the Privacy Policy, the Controller without undue delay, but within no more than 72 hours deletes these personal data.
The Controller publishes the extract of its data processing activities in the form of a chart in the I. Annex.
4.1.1. The Controller processes especially the following personal data sent by the data subject via e-mail to the e-mail address of info@electrostatics.hu or via phone to the phone number +36 (20) 375 1957, based on the legitimate interests pursued by the Controller in accordance with Article 6 paragraph (1) point f) of the General Data Protection Regulation:
a) the data subject’s e-mail address or
b) the data subject’s phone number and
c) any other personal data provided by the data subject to the Controller in the e-mail/ phone communication including text messages.
4.1.2. The Controller processes the data subject’s personal data defined in 4.1.1. with the purpose of corresponding/communicating (answer inquiries and grant requests) with the data subjects. The exact purpose of each processed personal data category is defined in the table below.
The Controller employs data processors for all data processing enshrined in 4. The data processing is regulated by the contract concluded by the Controller and the processors. The precise information on the data processing implemented by the processors (e.g. duration of data processing) is described in the privacy policies of the processors.
5.2.1. Besides manager of the Controller, and data processors no one is entitled to access the personal data.
5.2.2. The Controller processes the personal data electronically.
5.2.3. The Controller aims to mitigate the risks of the processing of personal data by implementing data security measures. The data security measures implemented by the Controller are illustrated in the table below.
5.2.4. The Controller in addition to the measures enshrined in 5.2.3.
5.2.5. In case of transferring personal data to processors or independent controllers, the data security measures implemented by the processors or independent controllers apply, which are listed in the privacy policies provided by the processors or independent controllers.
6.1.1 The Controller shall refuse to comply with the data subject’s request to exercise his/her rights defined in 6. in case the Controller demonstrates that it is not in a position to identify the data subject. In the context of complying with the data subject’s exercise of its rights as outlined in 6., the Controller provides information to the data subject in a concise, transparent, comprehensible, and easily accessible form, using clear and plain language, in writing or otherwise (including electronic means). At the request of the data subject, the information will be given orally, provided that the identity of the data subject is proven by other means.
6.1.2. The Controller informs the data subject on the actions taken based on the data subject’s request without undue delay, but no later than one month after receipt of the request, unless a shorter time limit is provided in 6. for the exercise of certain rights. If necessary, this period can be extended by two months, taking the complexity and number of requests into consideration. The Controller shall inform the data subject of the extension within one month of receipt, together with the reasons for the delay. In case the data subject has submitted his/her request by electronic means, the information must be provided by electronic means as well, unless the data subject requests otherwise.
6.1.3. The Controller provides the information and fulfills the requests of data subjects based on the rights defined in 6. free of charge. Where requests from a data subject are manifestly ill-founded or excessive, particularly because of their repetitive character, the Controller is entitled to either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested or refuse to act on the request.
6.1.4. When the Controller has reasonable doubts concerning the identity of the natural person making the request to exercise the rights set out in this part, the Controller is entitled to request the provision of additional information necessary to confirm the identity of the data subject.
6.1.5. The Controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with the rights set out in 6. to each recipient to whom the personal data have been disclosed, unless this proves to be impossible or involves disproportionate effort. The Controller shall inform the data subject about those recipients based on the data subject’s request.
6.2.1 The data subject shall have the right to access to the information specified in Article 15 of the General Data Protection Regulation from the Controller, in particular the following information:
6.2.2. The Controller shall provide a copy of the personal data undergoing processing in one copy. For any further copies requested by the data subject, the controller is entitled to charge a reasonable fee based on administrative costs.
6.2.3. If the data subject submits her/his request electronically, the Controller will provide a copy of the personal data in a commonly used electronic form (unless the data subject requests otherwise).
6.2.4. The personal data are not transferred to a third country or to an international organization. In case personal data were transferred, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
6.3.1. Pursuant to Article 16 of the General Data Protection Regulation, the data subject shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her.
6.3.2. The data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
6.4.1 The data subject shall have the right to withdraw his or her consent in writing in case of consent-based data processing at any time without giving reasons pursuant to Article 7 (3) of the General Data Protection Regulation.
6.4.2. Withdrawing consent does not affect the prior legality of the processing of the personal data.
6.4.3. In case the data subject withdraws his or her consent, the Controller deletes the personal data without undue delay, but within 72 hours, with the exception of the existence of an alternative legal basis for the processing.
6.4.4. The data subject can withdraw his or her consent from the processing activities listed in 4.2. by sending an e-mail or a mail to the addresses provided in 2.1.
6.5.1 The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her pursuant to Article 17 of General Data Protection Regulation,
6.5.2. The data subject is not entitled to exercise his or her right to erasure, in case the data processing is necessary:
6.5.3. During the data processing, the Controller does not disclose the personal data of the data subject, should this happen, and the Controller would be obliged to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
6.6.1 The data subject shall have the right to obtain from the Controller restriction of processing pursuant to Article 17 of General Data Protection Regulation in case:
6.6.2. In case the processing of personal data has been restricted pursuant to 6.6.1., such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
6.6.3. If the data subject has successfully restricted the processing of personal data, the Controller shall inform the data subject in advance of the lifting of the restrictions.
6.7.1. Pursuant to Article 20 of the General Data Protection Regulation, the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a commonly used electronic format.
6.7.2. The data subject has the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided, when:
6.7.3. The data subject shall have the right to have the personal data transmitted directly from one Controller to another, where technically feasible.
6.7.4. The exercise of the right referred to in 6.7.1. and 6.7.2. shall be without prejudice to the right to erasure. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
6.7.5. The right to data portability shall not adversely affect the rights and freedoms of others.
6.8.1. Pursuant to Article 21 of the General Data Protection Regulation, the data subject shall have the right to object on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 paragraph (1), including profiling based on those provisions, thus to the data processing specified in 4.4 and 4.8.
6.8.2. The Controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
6.8.3. During data processing, the data is not processed for the purpose of direct business acquisition. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such purposes, which includes profiling to the extent that it is related to such direct marketing.
6.8.4. Data processing is related to the use of information society services, thus the data subject can also exercise her or his right to object by automated means based on technical specifications, which he/she can manage through the form available via the footer of the Website. In connection with this right, the Controller in accordance with Article 6 paragraph (1) point c) of the General Data Protection Regulation, with the specific legal obligation enshrined in Article 21 paragraph (5) of the General Data Protection Regulation for the purpose of guaranteeing that the right to object by automated means based on technical specifications can be exercised, for the time necessary to evaluate the objection and respond to the data subject in the specific case, processes the following personal data
6.8.5. Personal data are not processed for scientific, statistical or historical research purposes. Should this arise, the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
6.9.1 The Controller does not make decisions based solely on automated processing, nor profiling.
6.9.2. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
6.9.3. In the event of the data subject’s objection, the Controller can no longer process the personal data, except if:
6.9.4. In the cases referred to in 6.9.3. a) and b), the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the Controller, to express his or her point of view and to contest the decision.
6.9.5. The exceptions which are set out in 6.9.3. cannot be based on sensitive data except, where the data subject has expressly consented to the data processing or the processing is necessary in the overriding public interest and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
7.1. The data subject is entitled to raise a complaint about the data processing via the contact e-mail defined in 2.1. The data subject is also entitled to raise a complaint relating to the data processing via mail addressed to the contact person and sent to the Controller’s mailing address defined in 2.1.
7.2. The data subject is entitled to turn to the Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority) (mailing address: 1363 Budapest, Pf. 9., phone: +36 (1) 391-1400, e-mail: ugyfelszolgalat@naih.hu, website: www.naih.hu) if he or she feels, that he or she has been harmed or is in imminent danger regarding the processing of personal data.
7.3. The data subject can go to court if the competent supervisory authority (Hungarian National Authority) fails to deal with his/her complaint or to inform him/her within three months of any procedural developments or the outcome of the complaint. In case the data subject believes that there a violation of his/her rights has taken place, he or she can bring an action before the competent court based on his/her place of residence.
Controller: the legal person defined in 2.1.;
Processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Controller;
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Data subject: You, for whom the Controller handles any information that qualifies as personal data; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Sensitive data: racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation;
Personal data: any information about You as a data subject;
The Privacy Policy is effective from …2021.
The Controller is entitled to amend the Privacy Policy at any time with uploading it to the Webpages.
Dated …
4.1. Corresponding/communicating with data subjects (e-mail, phone)
4.2. Corresponding/communicating with data subjects (contact form)
5.1. Data Processors
5.2. Data security
6.1. Rights of the data subjects in general
6.2. Right of access by the data subject
6.3. Right to rectification
6.4. Right to withdraw consent
6.5. Right to erasure
6.6. Right to restriction of processing
6.7. Right to data portability
6.8. Right to object
6.9. Rights concerning the automated decision-making