Data controller:
• Name of data controller: ZEH Kft.
• Headquarters: H-8341 Mihályfa, Petőfi u. 29.
• Tax number: 14609190-2-20
• Company registration number: 20-09-069160
1. Introduction
For the Data Controller, the protection of personal data and ensuring the right of informational self-determination of the data subjects is of paramount importance. In this Notice, we state for what purposes and how we use personal data, as well as how we ensure the preservation and protection of personal data.
During the development of the Information Sheet, we took into account the relevant legislation in force, as well as the most important international recommendations, with particular regard to the following:
• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC ( general data protection regulation),
• CXII of 2011. Act - on the right to self-determination of information and freedom of information (Infotv.);
• Act V of 2013 - on the Civil Code (Ptk.);
2. Our data management
2.1
Name of data management: Newsletter sending
Purpose of data management: Sending newsletter
Personal data processed: name, email address
Affected:
Legal basis for data management:
Duration of data management: 1 year
Recipients:
Data processor's name, address, activities related to data management:
subscribers
the voluntary consent of the subscribers based on Article 6 (1) point a) of the GDPR
until unsubscribe
employees of the Data Controller
3. Source of data:
The affected.
4. Data transfer:
Personal data will not be passed on to third parties under any circumstances in the absence of a suitable legal title. If the authorities authorized to do so request the Data Controller to hand over personal data in the manner prescribed by law (suspected of a crime, in an official data seizure decision), they will - fulfilling their legal obligation - hand over the requested and available information.
5. Actual place of data management:
6. Nature of data management technology used:
7. Rights of the data subject:
7.1. The rights of the data subject: It is important for us that you are aware of the data protection rights of the data subject. To this end, we list below the data protection rights you can exercise in relation to the data entrusted to us.
7.2. The right to withdraw consent: Sections 2.1-2.3. with regard to the data management included in points, you have the right to withdraw your consent at any time by means of a statement delivered to the Data Controller. In this case, we can no longer process the personal data.
7.3. The right to access data: At any time when we are available, you have the right to receive adequate information about whether your personal data is being processed, and if so, you are entitled to access the personal data stored by us
to your data and you can request a copy of them or information about how we handle your personal data.
7.4. When providing information, we provide the following information:
• what is the purpose of data management,
• what personal data are affected,
• who are the recipients of the transmitted data,
• what is the storage period,
• you can request correction, deletion, restriction of data and you can object to data management,
• you can file a complaint with a supervisory authority (www.naih.hu),
• if we have obtained the data from a third party, you have the right to all related information.
7.5. Right to rectification: You have the right to request that inaccurate data be corrected or incomplete data supplemented without undue delay by means of a statement delivered to the Data Controller.
7.6. The right to deletion: You can request, by means of a statement sent to the Data Controller, that we delete certain of your personal data stored by us without undue delay, if:
• You withdraw your consent to the processing of certain data;
• You object to the processing of personal data;
• if it must be deleted to fulfill a legal obligation required by law;
• you are concerned about the legal basis for the processing of your data by us.
7.7. The right to restrict data processing: If you have any questions or concerns
regarding the accuracy, justification or legality of the processing of your personal data by us, you can request the limitation of certain data processing activities by means of a statement delivered to the Data Controller. You can request the restriction even if we no longer need your data, but you, as the data subject, require it to submit, enforce or defend a legal claim. You can also request the restriction if you doubt the legal basis of data processing based on legitimate interest. During the restriction period, data management operations cannot be performed, only data can be stored. The Data Controller will inform you in advance about the lifting of the restriction.
7.8. Right to data portability: You have the right to ask the Data Controller to widely
send it in a used, machine-readable format recorded version to him (or to another data manager indicated by the data subject).
You can exercise the rights listed in the points above in a letter sent to the email addresses [EMAIL] or the correspondence addresses [ADDRESS]. The Data Controller will fulfill the request within a maximum of [NUMBER] months.
7.9. As a Data Subject, you can contact the National Data Protection and Freedom of Information Authority with a complaint at the following contact details:
• National Data Protection and Freedom of Information Authority
• Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C
• Mailing address: 1530 Budapest, Pf. 5
• Phone: +36-1-391-1400 / Fax: +36-1-391-1410
• E-mail: ugyfelszolgalat@naih.hu
• Website: http://www.naih.hu
7.10. Judicial enforcement: You are entitled to file a civil lawsuit against the Data Controller in case of unlawful data processing. According to your choice, the lawsuit can also be initiated before the court of your place of residence.
8. Data security
The data controller ensures the security of data management with technical, organizational and organizational measures that provide a level of protection appropriate to the risks associated with data management, the IT tools used are selected and operated in such a way that the data managed is: (availability); b) its authenticity and authentication must be ensured (authenticity of data management); c) its immutability can be verified (data integrity); d) it should be accessible only to those entitled to it, and it should be protected against unauthorized access (data confidentiality).
We take all necessary steps to ensure the security of personal data - both during network communication (i.e. online data management) and during data storage and protection (i.e. offline data management).
As soon as the personal data has entered the data manager's IT infrastructure, the tasks related to the preservation and protection of the data are prescribed by the principles, procedures and security controls laid down in the internal regulations of the Data Manager, which all employees and colleagues of the data manager are responsible for complying with. Personal data can only be accessed by persons holding relevant positions - subject to the application of high-level access controls.
The technical measures include appropriate protection mechanisms of the server, e.g. application of firewall and other protection protocols, among administrative measures
includes password protection of accesses, appropriate periodical review of authorizations, forced password changes. Such a control mechanism includes, among other things, the control of access to the data and the infrastructure storing it, as well as an agreement concluded with a third party that obliges to comply with the relevant legislation. When developing our services, we pay attention to the installation of appropriate data protection safeguards. We keep the record of the deletion of personal data for 10 years.
If you need additional information in addition to what is contained in the Data Management Information Sheet, or if you have any comments or objections regarding the processing of the Data Subject's data, the Data Controller is at your disposal at 7.8. at the contact details given in
Mihályfa, 30.08.2023.
ZEH Kft.
