Bebusch Hungaria

REGULATION (EU) No 2016/67 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL ("the Regulation"), concerning the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation 95/46 / that the Data Controller shall take appropriate measures to provide the data subject with the personal data management information in a concise, transparent, comprehensible and easily accessible form, in a clear and unambiguous manner, and that the Data Controller shall facilitate the exercise of the rights of the data subject.

The obligation to inform the data subject in advance of the information on the right to information self-determination and the freedom of information in CXII. law also provides.

By following the information provided below, we comply with this statutory obligation.

THE DATABASE TITLE

The publisher of this information, at the same time the Data Manager:

Company name: Bebusch Hungária Kft

Headquarters: 2840 Oroszlány, Handler Kálmán u.3.

Company Registration Number: 11-09-006886

Tax number: 12278930-2-11

Representative: Zoltán Tokai

Tel: 34 / 560-402

Fax: 34 / 365-093

E-mail address: info@bebusch.hu

Website: https://www.bebusch.hu

(hereinafter referred to as "the Company")



DATA PROCESSING TITLE

"Data Processor" means any natural or legal person, public authority, agency or any other body that manages personal data on behalf of the data controller; (Regulation Article 4 8)

The use of the data processor does not require the prior consent of the data subject, but it is necessary to inform him / her. Accordingly, we provide the following information:

 

1. Our IT Service Provider

 

Our Company uses a data processor to maintain and manage its website, which provides IT services (hosting services) and, in the framework of this contract, keeps the personal data provided on the website, its operation is to store personal information on the server.


INSURANCE OF LEGALITY OF DATA MANAGEMENT

 

1. Data management based on the consent of the person concerned

(1) If the Company wishes to perform data-based data management, the consent of the person concerned for handling his or her personal data shall be requested by the content and information contained in the data request form specified in the data management rules.

(2) A consent shall also be deemed to be given to the person concerned when viewing a relevant box when viewing the Company's Internet site, making technical adjustments to the use of information society services, and any other statement or action that is relevant to that context the consent of the person concerned is clearly indicated for the intended treatment of his / her personal data. Silence, the foreground square or non-action is therefore not a consent.

(3) Contribution shall cover all data management activities for the same purpose or purposes. If data management serves multiple purposes at a time, the consent must be given for all data management purposes.

(4) If you give your consent to a written statement that applies to other matters, such as the conclusion of a sales or service contract, the request for consent must be presented in a clearly distinct way in these understandable and easily understandable forms with clear and simple language. Any part of such a declaration containing the consent of the person concerned that violates the Decree shall not have binding force.

(5) The Company may not conclude a contract to fulfill its obligation to provide personal data which are not necessary for the performance of the contract.

(6) The withdrawal of consent should be allowed in the same simple way as the granting of the consent.

(7) If the personal data has been collected with the consent of the data subject, the data controller may handle the data recorded without the need for a different legal provision for the fulfillment of the legal obligation that he or she may have, without further special consent and withdrawal of the consent of the person concerned.


2. Data management based on the fulfillment of a legal obligation

(1) In the case of data processing based on a legal obligation, the provisions of the applicable law shall govern the scope of the manageable data, the purpose of data management, the length of the data storage, and the addressees.

(2) Data management based on the fulfillment of a legal obligation is independent of the consent of the party concerned, as data management is defined by law. Before contacting data, the data subject must be informed beforehand that data management is compulsory and that the data subject is required to be clearly and thoroughly informed of all the facts related to his or her data management, including the purpose and legal basis of data management, data handling and data processing, the duration of the data handling, if the personal data of the person concerned are handled by the data controller on the basis of the legal obligation that he or she is responsible for, and on who will know the data. The information should also include the rights and remedies available to the data subject in question. In the case of mandatory data handling, information may also be disclosed by making public the reference to the legal provisions containing the foregoing information.

(3) Facilitating the Rights of the Rights

  In all data management of the Company, it is obliged to ensure the exercise of the rights of the data subject.


INFORMATION ON THE APPLICATION OF COOKIE

1. The web site visitor must be informed of the application of the cookies on the website and, with the exception of technically indispensable sessions (cookies), must be requested.

2. General information about cookies

2.1. Cookie is a data that the visited website sends to the visitor's browser (variable name value) to store it and later the same website can fill its contents. Cookies can be valid, valid until the browser closes, but for an unlimited period of time. Later on, all HTTP (S) requests will also send this information to the server. This changes the data on the user's machine.

2.2. The essence of the cookie is that by the very nature of the web site services you need to designate a user (eg entering the page) and can handle it accordingly. The risk lies in the fact that this user is not always aware of and may be able to follow the user from the web site operator or other service provider whose content is built into the site (such as Facebook, Google Analytics), resulting in a profile and in this case the contents of the cookie can be considered as personal information.

2.3. Types of Cookies:

2.3.1. Technically indispensable session (s): without which the page simply would not work functionally, they would be used to identify the user, it needs to be handled if you have entered what you did in the basket, etc. This typically stores a session-id; other data is stored on the server, making it safer. There is a security aspect when the session cookie value is not well generated, there is a risk of session hijacking, so it is imperative that these values ​​are generated properly. Other terminology is called a session cookie for each cookie that is deleted at the time of exit from the browser (a session is a browser usage from start to exit).

2.3.2. Cooking Cookies: So you name cookies that comment on the user's choices, such as how you want the user to see the page. These types of cookies are essentially the setting data stored in the cookie.

2.3.3. Cooking Cookies: Although they do not have much to do with 'performance', they usually call cookies that gather information about the user's behavior, time spent, and clicks on the site they visit. These are typically third-party apps (such as Google Analytics, AdWords, or Yandex.ru cookies). They are suitable for profiling from the visitor

2.4. Accepting or enabling cookies is optional. You can reset your browser settings to reject all cookies or to indicate when a cookie is just being sent. Most browsers accept cookies automatically as default, but they can usually be changed to prevent automatic acceptance and offer options every time.

See the links below for the most popular browser cookie settings

• Google Chrome: https://support.google.com/accounts/answer/61416?hl=en

• Firefox: https://support.mozilla.org/en/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn

• Microsoft Internet Explorer 11: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

• Microsoft Internet Explorer 10: http://windows.microsoft.com/en-US/internet-explorer/delete-manage-cookies#ie=ie-10-win-7

• Microsoft Internet Explorer 9: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-9

• Microsoft Internet Explorer 8: http://windows.microsoft.com/en-US/internet-explorer/delete-manage-cookies#ie=ie-8

• Microsoft Edge: http://windows.microsoft.com/en-us/windows-10/edge-privacy-faq

• Safari: https://support.apple.com/en-US/HT201265


However, we also note that certain site features or services may not function properly without cookies.


INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED

I. The rights of the person concerned briefly summarized:

1. To promote transparent communication, communication and the exercise of the relevant case law

2. Right to prior information - where personal data are collected from the data subject

3. Information to the person concerned and information to be made available if personal data are not obtained from the data controller

4. Right of access to the subject

5. Right to rectification

6. Right to an end ("right to forgetting")

7. Right to Restrict Data Management

8. The obligation to notify you of correcting or deleting personal data or limiting your data handling

9. Right to data storage

10. Right to Protest

11. Automated decision-making in individual cases, including profiling

12. Restrictions

13. Informing the person concerned about the privacy incident

14. Right to complain to a supervisory authority (right to an administrative remedy)

15. Right to an effective remedy against a supervisory authority

16. Right to an effective remedy against data controller or data processor

II. Rights of the data subject in detail:

1. To promote transparent communication, communication and the exercise of the relevant case law

1.1. The data controller shall provide the data subject with all information and information on the management of personal data in a concise, transparent, comprehensible and easily accessible form, in a clear and unambiguous manner, in particular for any information addressed to children. The information shall be provided in writing or otherwise, including, where appropriate, the electronic path. Oral information may be provided at the request of the person concerned, provided that the identity of the person concerned has been verified otherwise

1.2. The data controller must facilitate the exercise of the rights of the data subject.

1.3. The data controller shall inform the data subject of undue delay, but in any event within one month of the receipt of the request, of the measures taken on his or her application for the exercise of his rights. This time limit may be extended by two additional months under the terms of the Regulation. to which the person concerned should be informed.

1.4. If the data controller fails to take measures in response to his request, he shall inform the data subject without delay and within one month of the receipt of the request for reasons of non-action and whether he or she may file a complaint with a supervisory authority and exercise his right of judicial redress.

1.5. The data controller provides information and action about the information and rights of the user free of charge, but fees may be charged in the cases described in the Regulation.

The detailed rules are set out in Article 12 of the Regulation.

2. Right to prior information - where personal data are collected from the data subject.

2.1. The person concerned has the right to be informed about the facts and information related to data management prior to commencing the processing of data. In this context, the person concerned should be informed:

(a) the identity and contact details of the data controller and his representative,

b) contact details of the Data Protection Officer (if any),

(c) the purpose of the planned treatment of personal data and the legal basis for data processing,

d) in the case of data handling based on the validation of a legitimate interest, on the legitimate interests of the data controller or third party,

(e) the addressees of personal data with whom personal data are communicated, and the categories of recipients, if any;

(e) where applicable, the fact that the data controller wishes to transmit personal data to a third country or an international organization.

2.2. In order to ensure fair and transparent data management, the data controller must inform the data subject of the following additional information:

(a) the duration of the storage of personal data or, where this is not possible, the criteria for determining that period;

(b) the right of the data subject to request the data controller to access, correct, delete or restrict the personal data relating to the data subject, and object to the handling of such personal data and the right to the data concerned to be covered;

(c) in the case of data handling based on the consent of the party concerned, the right to withdraw the consent at any time without prejudice to the lawfulness of the data processing carried out on the basis of the consent prior to the withdrawal;

(d) the right to lodge a complaint addressed to the supervisory authority;

e) whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for the conclusion of a contract and whether the data subject is obliged to provide personal data and the possible consequences of the lack of data provision;

(f) the existence of automated decision-making, including profiling, and at least in such cases the logic employed and information about the significance of such data management and the likely consequences for the data subject.

2.3. If the data controller wishes to perform further data processing for personal purposes other than the purpose of their collection, he / she must inform the person concerned of this different purpose and any relevant additional information prior to further processing.

The detailed rules for the right of prior information are contained in Article 13 of the Regulation.

3. Information to the person concerned and information to be made available if personal data are not obtained from the data controller

3.1. If the data controller has not obtained the personal data from the data subject, the data controller shall be kept by the data controller within no more than one month after the personal data has been obtained; where personal data are used for contact with the data subject, at least when contacting the person concerned; or if it is expected to communicate with other addressees, it must notify the facts and information referred to in paragraph 2 above, the categories of personal data concerned, the source of personal data and, where applicable, the fact that the data publicly available sources.

3.2. Further rules are set out in Section 2 (Right to Advance Advice).

Detailed rules for this information are contained in Article 14 of the Regulation.

4. Right of access to the subject

4.1. The person concerned has the right to be informed by the data controller about whether his personal data is being processed and, if such data is being processed, he has the right to personal information and to the 2-3. You will receive access to related information in this section. (Article 15 of the Regulation).

4.2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the corresponding guarantees provided for in Article 46 of the Regulation.

4.3. The data controller shall provide the data subject with a copy of the personal data subject to data handling. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.

Detailed rules for the right of access to the subject are set out in Article 15 of the Order.

5. Right to rectification

5.1. The data subject shall have the right to rectify any inaccurate personal data that he or she is entitled upon request by the Data Controller without undue delay.

5.2. Taking into account the purpose of data management, the person concerned has the right to request the addition of incomplete personal data, including by means of a supplementary statement.

These rules are set out in Article 16 of the Regulation.

6. The right to cancel ("the right to be forgiven")

6.1. The data subject shall have the right to delete the personal data relating to him without undue delay, and the data controller shall be required to delete the personal data of the data subject without undue delay if

(a) personal data is no longer required for the purpose from which they have been collected or otherwise handled;

(b) the party concerned withdraws the consent of the data controller and does not have any other legal basis for data processing;

c) the person concerned objects to his or her data handling and has no prior legitimate reason for data handling,

(d) the personal data has been unlawfully handled;

(e) the personal data are to be deleted in order to comply with the legal obligation imposed on the data controller in the Union or Member States' law;

(f) the provision of information society-related services offered directly to children for the collection of personal data.

6.2. The right to cancel can not be enforced if data management is required

(a) to exercise the right to freedom of expression and information;

(b) the performance of a task under the law of the Union or of a Member State applicable to the data controller, or to carry out a task carried out in the exercise of public authority exercised in the public interest or on the data controller;

(c) public interest in the field of public health;

(d) for purposes of public interest archiving, for scientific and historical research purposes or for statistical purposes, provided that the right to cancel would be likely to render impossible or seriously undermine this data management; or

e) filing, enforcing or protecting legal claims.

Detailed rules on the right to cancel are set out in Article 17 of the Regulation.

7. Right to Restrict Data Management

7.1. In the case of limitation of data processing, such personal data may only be managed with the consent of the person concerned, with the exception of storage, with the submission, validation or protection of legal claims or in the protection of the rights of a natural or legal person, or in the public interest of the Union or of a Member State.

7.2. The data subject is entitled to request that the Data Controller restricts the processing of data if one of the following conditions is met:

(a) the person concerned disputes the accuracy of the personal data; in this case, the restriction concerns the period of time that the Data Controller may check the accuracy of the personal data;

(b) data manipulation is unlawful and the data subject is opposed to the deletion of the data and, instead, requests that they be restricted;

c) the Data Controller no longer needs personal data for data processing, but the data subject requires them to submit, enforce, or protect legal claims; or

(d) the person concerned objected to the data handling; in this case, the restriction applies to the duration of determining whether the data controller's legitimate reasons prevail over the legitimate grounds of the party concerned.

7.3. The person concerned must be informed in advance of the discontinuation of the data handling.

The relevant rules are set out in Article 18 of the Regulation

8. The obligation to notify you of correcting or deleting personal data or limiting your data handling

The data controller informs all addressees of any rectification, deletion or data limitation with whom or with which personal information has been communicated, unless this proves impossible or requires disproportionate effort. At the request of the data subject, the data controller shall inform the addressees thereof.

These rules are contained in Article 19 of the Regulation.

9. Right to data storage

9.1. Subject to the conditions set out in this Decree, the data subject shall have the right to receive the personal information provided to him by a data controller in a fragmented, widely used machine-readable format and shall be entitled to transmit this data to another data controller without obstructing the the data controller who has provided the personal data if he / she is

(a) the processing of data is either a contribution or a contract; and

(b) data management is carried out in an automated manner.

9.2. The person concerned may also request the direct transfer of personal data between data controllers.

9.3. The exercise of the right to data storage shall not be in breach of Article 17 of the Regulation (Right of Cancellation). The right to subsistence is not applicable in the event that the task of data processing is in the public interest or exercised in the exercise of its public authority powers conferred on the data controller This law should not adversely affect the rights and freedoms of others.

Detailed rules are set out in Article 20 of the Regulation.

10. Right to Protest

10.1. The person concerned has the right to object at any time to the processing of personal data in the public interest, the performance of a public task (Article 6 (1) (e)) or legitimate interest (Article 6 (f)), including profiling based on those provisions too. In this case, the data controller may not process the personal data unless the data controller proves that the data processing is justified by compelling reasons of lawfulness that prevail over the interests, rights and freedoms of the data subject, or for the purpose of submitting, enforcing or protecting legal claims related.

10.2. If your personal data is handled for direct business, the person is entitled to object at any time to the handling of personal data relating to that purpose, including profiling, if it is related to direct business acquisition. If a person objects to the personal data being handled for direct business purposes, personal data may no longer be handled for that purpose.

10.3. These rights must be explicitly mentioned in the notice of first contact with the person concerned at the latest, and the relevant information must be clearly and completely separate from any other information.

10.4. The right to protest can also be exercised by automated means based on technical specifications.

10.5. If the personal data are handled for scientific and historical research purposes or for statistical purposes, the data subject is entitled to object to the processing of personal data relating to his / her own personal situation, unless it is necessary for the performance of a task for public interest purposes.

The relevant rules are contained in the Article of the Regulation.

.11. Automated decision-making in individual cases, including profiling

11.1. The data subject shall be entitled to exclude the scope of a decision based solely on automated data management, including profiling, which would have a bearing on him or would have a significant effect on him.

11.2. This right shall not apply if the decision is:

(a) it is necessary for the conclusion and performance of the contract between the data subject and the data controller;

(b) be made available to the data controller by means of Union or Member State law which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or

(c) is based on the explicit consent of the person concerned.

11.3. In the cases referred to in points (a) and (c), the data controller shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention, submit an objection.

Further rules are set out in Article 22 of the Regulation.

12. Restrictions

The law of the Union or of the Member States applicable to a data controller or data processor may restrict the scope of rights and obligations (Articles 12 to 22, Article 34 and Article 5) by means of legislative measures if the restriction respects the essential content of fundamental rights and freedoms.

The conditions for this restriction are laid down in Article 23 of the Regulation.

13. Informing the person concerned about the privacy incident

13.1. If the privacy incident is likely to pose a high risk to the rights and freedoms of natural persons, the data controller must inform the data subject of the data protection incident without undue delay. This information must clearly and easily explain the nature of the privacy incident and provide at least the following information:

(a) the name and contact details of the Data Protection Officer or other contact person providing further information;

(c) the likely consequences of a data protection incident;

(d) measures to be taken or planned by the data controller to remedy a data protection incident, including, where appropriate, measures to mitigate any adverse consequences resulting from a data protection incident.

13.2. The data subject need not be informed if any of the following conditions are met:

(a) the data controller has implemented adequate technical and organizational protection measures and applies those measures to the data covered by the data protection incident, in particular the measures, such as the use of encryption, which are unintelligible to unauthorized persons make the data;

(b) after the data protection incident, the data controller has taken further measures to ensure that high risk for the rights and freedoms of the person concerned is no longer likely to be realized;

(c) the information would require a disproportionate effort. In such cases, the data subject shall be informed by means of publicly disclosed information or a similar measure shall be taken to ensure that such information is equally effective.

Further rules are set out in Article 34 of the Regulation.

14. Right to complain to a supervisory authority (right to an administrative remedy)

The person concerned has the right to lodge a complaint with a supervisory authority, in particular in the Member State where he or she is habitually resident, in the workplace or in the suspected breach, if the person concerned considers that the processing of personal data relating to him violates the Regulation. The supervisory authority to which the complaint has been filed shall inform the client about the procedural developments and the outcome of the complaint, including the fact that the client is entitled to seek judicial redress.

These rules are contained in Article 77 of the Regulation.

15. Right to an effective remedy against a supervisory authority

15.1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons shall be entitled to effective judicial remedies against the legally binding decision of the supervisory authority.

15.2. Without prejudice to other administrative or non-judicial remedies, all parties concerned shall be entitled to an effective remedy if the competent supervisory authority does not deal with the complaint or within three months shall not inform the person concerned of the procedural developments or results of the complaint submitted.

15.3. The procedure against the supervisory authority shall be initiated before the courts of the Member State in which the supervisory authority is situated.

15.4. If a supervisory authority commits a decision against which a body has previously issued an opinion or made a decision under the unity mechanism, the supervisory authority shall send that opinion or decision to the court.

These rules are set out in Article 78 of the Regulation.

16. Right to an effective remedy against data controller or data processor

16.1. Without prejudice to any available administrative or non-judicial remedies, including the right to complain to the supervisory authority, all concerned shall be entitled to an effective judicial remedy if it considers that their rights under this Regulation have been infringed as a result of the non-compliance of their personal data with this Regulation.

16.2. The data controller or processor shall be initiated before the court of the Member State in which the data controller or the processor is established. Such proceedings may be instituted before the courts of the Member State in which the person concerned is habitually resident, unless the data controller or the data processor is a public authority of a Member State acting within the scope of his public authority.

These rules are set out in Article 79 of the Regulation.

This Privacy Policy is valid from May 25, 2018.




impressum