This Privacy Notice sets out the rules for the processing of data relating to the data subject on the website www.iptech-hu.com (hereinafter: ‘Website’) operated by IPTECH Ipari Precíziós Termék Gyártó és Forgalmazó Korlátolt Felelősségű Társaság as Data Controller.
For the purposes of this Privacy Statement, a data subject means a user of this Website (hereinafter: ‘data subject’ or ‘User’).
In order to help the interpretation of this Privacy Notice, first of all let us clarify the following terms in accordance with Article 4 of REGULATION (EU) 2016/679 of the European Parliament and of the Council (of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as ‘GDPR’).
- personal data: “means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” [para. 1 Art 4 of the GDPR]
- processing: “means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” [para. 2 Art 4 of the GDPR]
- controller: “means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law” [para. 7 Art 4 of the GDPR]
- processor: “means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller” [para. 8 Art 4 of the GDPR]
- consent of the data subject: “means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her” [para. 11 Art 4 of the GDPR]
1. Data Controller’s details
|Name of the company:||IPTECH Ipari Precíziós Termék Gyártó és Forgalmazó Kft.|
|Registered seat:||4033 Debrecen, Beregszászi Pál u. 12.|
|Company registration number:||09-09-007419|
|Tax identification number:||12504635-2-09|
|Represented by:||Kis Csaba Managing Director|
Recorded in the Court of Registration of the Hajdú-Bihar County Court.
We would like to inform you that as a Data Controller we use the following data processor – as a hosting provider:
|Name of the company:||Web-Server Kft.|
|Registered seat:||4025 Debrecen, Pásti u. 2. I/5.|
|Company registration number:||09-09-011599|
2. Purpose of data processing, legal basis and duration of data processing
Scope of the data processed and data processing:
If you contact us at any of the contact details provided on our website www.iptech-hu.com and provide your personal data e.g. name, email address.
The purposes of processing:
General contact in order to request specific information, make comments or request action from us.
The legal basis for processing:
Such requests constitute a clear consent to data processing according to Section (32) of the Preamble of the GDPR.
Legal basis: Point a) of Article 6(1) and point f) of Article 6(1) of the GDPR (legitimate interest)
Duration of data processing:
Until the goal is achieved, i.e. as long as the Data Controller fulfills the request submitted to the Data Controller during the contact.
3. Transmission of Data
The Data Controller may disclose personally identifiable data e.g. during a legal process, in response to a court order or a subpoena, or in response to a law enforcement agency’s request, or where the Data Controller believes it is necessary to investigate, prevent, or take action with respect to an illegal act, or as otherwise prescribed by the law for the Data Controller.
4. The data subject’s rights relating to data processing
The User may request information about the data processing or whether processing of their personal data is in progress, and during the ongoing data processing they may obtain a copy of the personal data processed in connection with them, as well as request access, rectification and erasure of personal data (termination of data processing) or restriction of processing. The rights relating to the processing of personal data may be exercised by the User. The User’s request for information, access, rectification, restriction of data processing, data portability, objection or erasure (termination of data processing) can be submitted by post (4033 Debrecen, Beregszászi Pál u. 12.) or by email (firstname.lastname@example.org).
In the case of a user request detailed in paragraphs (a) to (e) of this Section 4 below or in Section 5 of this Privacy Notice, the Data Controller shall inform the User of the action taken following the request within 1 month of receiving the same using the email address provided in the request or by post, unless the User specifies another means of notification in their request. The Data Controller may extend this period by a maximum of two months, taking into account the complexity and number of requests. The Data Controller shall inform the User of any such extension within one month of receipt of the request, together with the reasons for the delay.
If the Data Controller does not take action on the request of the User, the Data Controller shall inform the User, without delay and at the latest within 1 month of receiving request, of the reasons for not taking action and on the User’s right to file a complaint with the National Authority for Data Protection and Freedom of Information and seek judicial remedy.
The Data Controller shall fulfil the request free of charge, unless the request is manifestly unfounded or excessive, in particular because of its repetitive character, in which case the Controller may charge a reasonable fee or refuse to act on the request.
- Provision of information, access
The User may request information about the processing of their personal data pursuant to Article 15(1) of the GDPR. Upon request, the Data Controller shall provide the User with information on whether their personal data is processed by the Data Controller itself or by a data processor acting on behalf or at the instruction of the Data Controller. If the data is processed by the Data Controller or a data processor acting on behalf of or at the instruction of the Data Controller, the Data Controller shall provide the User with the personal data processed by the Data Controller or the data processor acting on its behalf or at its instruction, and shall, within the framework of and depending in the User’s requests, disclose to the User:
- the resource of personal data processed,
- the legal basis and duration of data processing,
- the scope of personal data processed,
- the recipients of data transmission including third-country recipients and international organizations where the personal data processed is transmitted,
- the retention period of the personal data processed, and the criteria used to determine such period,
- a description of the User’s rights and how these can be exercised,
- whether or not profiling is used, and
- the circumstances of any data breach arisen in relation to the processing of the User’s personal data, the effects of such breach and the action taken to address and resolve them,
- and inform the User about its activities related to data processing.
Where an item of personal data is deemed untrue or inaccurate, and the correct personal data is at the Data Controller’s disposal, the data Data Controller shall rectify the personal data in question if so requested by the User. The User is also entitled to request the completion of any incomplete personal data.
In accordance with the provisions of this Section 4(b) above, if the personal data processed by the Data Controller or a data processor acting on the Data Controller’s instruction is inaccurate, incorrect or incomplete, the Data Controller shall, in particular if so requested by the User, promptly correct or rectify the data or – if it is compatible with the purpose of the data processing – supplement it with additional personal data submitted by the User or with a statement made by the User concerning the personal data being processed. The Data Controller is released from the obligation written in the previous sentence if the accurate, correct or complete personal data is not available and is not provided by the User, either, or the authenticity of the personal data provided by the User cannot be established beyond a reasonable doubt.
The Data Controller shall delete the personal data if the User requests such deletion or the termination of the data processing. The Data Controller may refuse a request for deletion of data in the following cases:
- continued processing of data is necessary for exercising the right of freedom of expression and information;
- continued processing of data is necessary for compliance with a legal obligation to process personal data required by Union or Member State law to which the Data Controller is subject; or
- continued processing of data is necessary for the assertion, exercise or defence of legal claims.
By revoking the consent to the processing of personal data or by requesting the deletion of the data, the User also waives their right to participate in all activities linked to registration.
- Restriction of processing
The Data Controller shall restrict the processing of data if
- The accuracy of the personal data is contested by the User, in which case the restriction shall last for a period enabling the Controller to verify the accuracy of the personal data; or
- the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead; or
- the Controller no longer needs the personal data for the purposes of the processing, but the data subject requests the same for the assertion, exercise or defence of legal claims.
- Right to data portability
Exercising their right to data portability, the User may request the Data Controller to receive a copy of their personal data managed by the Data Controller in a structured, commonly used and machine-readable format and may request the Data Controller to transfer the personal data submitted by the User directly to another data controller.
5. Legal remedies
Pursuant to Chapter VIII of the GDPR, the following remedies are available to the User:
- They have the right to lodge a complaint with the supervisory authority:
National Authority for Data Protection and Freedom of Information Seat: 1125 Budapest, Erzsébet Szilágyi fasor 22/C. Website: http://www.naih.hu, Email address: email@example.com
- The data subject shall have the right to a judicial remedy against a legally binding decision of the supervisory authority.
- The data subject is directly entitled to legal remedy if, in their opinion, the data controller or data processor has violated their rights under the GDPR as a result of the improper processing of their personal data. Proceedings against a Data Controller shall be brought before the courts of the Member State where the Data Controller has an establishment. The data subject may choose to start the action at the court that has jurisdiction according to their place of residence or their place of stay.
6. Closing provisions
The data subject may withdraw their consent to the processing of their personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing that was carried out based on consent before its withdrawal.
If you contact us through any social media site (Facebook, Instagram, LinkedIn, YouTube, etc.), please also observe the privacy notices of these social media sites/ websites and become familiar with their content, as we have no influence on the collection of data by external websites, and thus we take no responsibility for it. We disclaim any liability for the protection and confidentiality of any information which you may provide on such external websites.
In accordance with its obligations pursuant to Articles 32-34 of the GDPR, the Data Controller shall take all necessary steps to ensure the security of the User’s data, and take the necessary technical and organizational measures and develop procedures that are necessary for enforcing the data protection and confidentiality regulations and complying with the provisions of the GDPR and Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (Info Act).
The Data Controller reminds data subjects that the person who provides personal data shall be liable for the authenticity of the same. If you do not provide your own personal data or you provide incorrect data/personal data, you shall fully indemnify the Data Controller and hold it harmless in the event of a third party’s claim against the Data Controller.
The Data Controller shall perform its data processing operations so as to ensure the protection of the data.
With regard to issues not regulated in this Privacy Notice, the relevant data processing legislation, in particular the GDPR and the Act on the Right to Informational Self-determination shall be governing.
Please be advised that the Data Controller is entitled to unilaterally amend this Privacy Notice. Any amended provisions shall apply after their entry into force.