As data manager, our company independently defines the objectives and tools of the handling of personal data, and in its capacity as data manager, handles personal data.
Data handling is the totality of any operation or operations, performed on personal data or data sets, in an automated or non-automated manner, including collection, recording, categorization, classification, archiving, conversion, editing, downloading, viewing, use, communication, forwarding, distributing, by making it accessible in any way, harmonizing, attaching, deleting, or destroying.
Data processing is not data handling in the technical sense, there is no right to dispose of or make decisions regarding the data.
Any information regarding an identified or identifiable natural person (“data subject”) shall be considered personal data. A natural person is considered identifiable if they can be identified directly or indirectly, in particular based on an identifier such as name, number, location data, online identifier, or one or more factors pertaining to their physical, physiological, genetic, economic, cultural or social identity.
In our capacity as a data handler, our company respects the privacy of all such persons who convey us personal data; our company is dedicated to protect such data.
I.
Pursuant to Article 13 of the GDPR, our company notifies Data Subjects of the following:
Data handler information:
Company name: Rákosy-Glass Kft.
Registered seat: 1141 Budapest, Álmos vezér útja 55.
Website: www.helioheating.com
Contact person: Anikó Kozma
Telephone: +3670 377 8227
E-mail: kozma.aniko@rakosyuveg.hu
Data Protection Officer:
Pursuant to Article 37 of the GDPR, our company is not obligated to appoint a data protection officer
Data protection requests:
In the event that you have any requests or questions regarding data handling, please send your request by postal mail to the address 1141 Budapest, Álmos vezér útja 55. or by electronic mail to eszter@rakosyuveg.hu. We respond without delay, but at the latest within 30 days to the address you have provided.
Data transfer abroad:
Data is not transferred abroad
II.
The objective, legal basis, and duration of the data handling of our company:
Data handling objectives:
Our company performs data handling to achieve the following objectives, in accordance with relevant laws and regulations:
- In connection with the provision of informational activities, we manage the data of service users for the purpose of maintaining client contact;
- the handling of the data of contact personnal of contractual partners, for the purpose of performing the agreement;
- performing client orders
Legal basis of the handling of data:
- GDPR Article 6 Paragraph (1) point a): consent of relevant party
- GDPR Article 6 Paragraph (1) point b): necessary for the performance of the agreement
- GDPR Article 6 Paragraph (1) point c): necessary to perform the legal obligation
- GDPR Article 6 Paragraph (1) point d): lawful interest, all interest considerations are required
The legal basis of certain data handling activities:
- issuing the appropriate invoice in accordance with accounting laws and regulations: legal basis: GDPR Article 6 Paragraph (1) point c)
- contact: legal basis (in case of the data of the employees of partners) of the data handling: GDPR Article 6 Paragraph (1) point f). The lawful interest of the data handler: continuity of business operations.
- contractual partner data handling: legal basis GDPR Article 6 Paragraph (1) point b)
- legal basis of on-line registration: GDPR Article 6 Paragraph (1) point a)
In case of the handling of the personal data of the data subject on the basis of a lawful interest, we perform interest assessment, over the course of which:
- we identify and set forth the lawful interest
- we identify and record the interests and rights of the data subject
- assessment on the basis of necessity and proportionality, whether it is related to the objective, data effficiency, and the principle of limited storage
- we inform the data subject of the interest assessment
Data subjects have a right to protest, on the basis of which we no longer handle the personal data.
Duration of data handling:
- The length of time we preserve contact information data is 1 year after the contact ceases.
- Length of time of preservation of data associated with the performance of the agreement: 5 years.
III.
Data subject rights:
The data subject has rights as defined in laws and regulations with regard to their personal data.
- access rights (learning of the data, of the fact that data handling is/is not happening);
- correction of outdated or incorrect data;
- deletion (exclusively in case of data handling based on consent);
- limitation on data handling;
- the prohibition of the use of personal data for direct marketing purposes;
- conveying personal data to third party service providers, or the prohibition of the same;
- requesting a copy of personal data handled by the data handler; or
- protest against the use of personal data.
IV.
Data protection incident:
A violation of data security which results in the accidental or illegal destrution, loss, change, illegal publication or unlawful access of personal data.
Our company ensures data security appropriate for the degree of risk associated with data handling; in the event that this security is breached, the data handler or its representative shall without delay, but at the latest within 72 hours of becoming aware of such breach, report to the supervisory authority and also inform the data subject.
Once aware of the data protection incident, without delay, our company shall undertake necessary measures to eliminate or repair the breach that formed the basis of the data protection incident.
We notify the data subject concerning the taken measures and their results.
V.
Legal remedy notice:
In Hungary, the data protection supervisory authority is the following: Nemzeti Adatvédelmi és Információszabadság Hatóság (Hungarian National Authority for Data Protection and Freedom of Information)(hereinafter: NAIH, address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C, e-mail address: ugyfelszolgalat@naih.hu). The data subject may submit a complaint to NAIH, in the event that the data subject believes that the personal data handling applicable to the data subject did not comply with the obligations at law.
NAIH’s decision may be appealed in court.
VI.
Notice on databases:
Our company performs the handling and processing of data in a lawful, transparent and reviewable manner, and we store the data on secure servers.
Dated: Budapest, 10/01/2020