PRIVACY NOTICE
for the Buyers of ElektroMont Kft. on the processing of personal data of natural persons indicated as buyers’ contact persons or representatives
Introduction
This Privacy Notice concerns the processing of personal data of natural persons indicated as contact persons or representatives of the buyers of ElektroMont. The content of this Privacy Notice shall not be applicable to data relating to persons other than natural persons.
1. Description of the Controller, definition of personal data and Data Subject
The Controller means the legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.
With regard to this Notice,
Controller: ElektroMont Kft.
Seat: H-1116 Budapest, Sztregova u. 1.
Corp. Registry Nr.: 01-09-876325
Website: https://www.elektromont.hu
E-mail address: info@elektromont.hu
For the purposes of this Privacy Notice, personal data shall mean any information relating to an identified or identifiable natural person (Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).
- Subject of this Privacy Notice, legislation under which the processing is performed
This Privacy Notice concerns the processing of the personal data of natural persons indicated as contact persons or representatives of the buyers of Elektromont, with the data processing purposes detailed in Section 10. of this Privacy Notice.
Main legislation related to the processing under this Notice:
- Regulation (EU) 2016/679 of the European Parliament and of the Council (of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR);
- Act CXII of 2011 on Informational Self-determination and Freedom of Information (Privacy Act).
- Legal basis and purposes for data processing, range of data processed and source of data
The legal bases for our data processing are the following points of Article 6(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council
- point a) (data processing based on agreement);
- point c) (data processing necessary for the performance of a legal obligation);
- point f) (data processing necessary for the purposes of legitimate interest).
Determination of the purposes, the details and the legal bases of data processing and the range of the processed data are detailed in Section 10.
Source of data: directly the Data Subject / other Controller e.g., employer.
- Persons entitled to access the data, reason for data transfer
The persons entitled to access the data determined in this Privacy Notice within the organisation of the Controller are the employees and representatives of Elektromont in order that they can perform their tasks deriving from their work.
Other persons entitled to access the data determined in this Privacy Notice are detailed in Section 7.
In the case of the Controller referred to in Section 7, the reason for the data transfer(s) performed by the Controller concerned is enabling the Processor to perform its processing activity.
- Period of processing and storing the personal data
The period of data processing determined in this Privacy Policy is detailed in Section 10.
- Security of Personal Data
The Controller undertakes to ensure the security of personal data processed, implements appropriate measures and develops appropriate procedural rules to ensure the protection of the stored and processed data and prevents the destruction, unauthorised use and unauthorised alteration thereof.
The Controller also undertakes to request every third party to whom the data are transferred or disclosed based on any legal ground to comply with the requirements of the security of personal data.
The Controller shall ensure that the processed data are not accessible to unauthorised persons, and cannot be disclosed, transferred, altered or erased by such persons. The processed data shall exclusively be accessible to the Controller, its employees and the processor(s) engaged by the Controller based on permission levels. The Controller shall not disclose the data to any third person not entitled to access the data. The employees of the Controller and the Processor may access the personal data based on the job roles specified by the Controller and the Processor, in a specified manner and as per the permission levels.
In order to ensure the security of the IT systems, the Controller protects such systems with firewall and also uses virus scanner and anti-virus programs in order to prevent internal and external data loss. The Controller has also taken measures to properly check any form of incoming and outgoing communication to prevent abuse.
The Controller and the Processor deem personal data confidential and process the data as such. In order to ensure the protection of data sets processed electronically in various records, the Controller makes sure that the data stored in the records cannot be directly combined and associated with the Data Subject, with the exceptions stipulated by law.
The Controller shall ensure a level of security appropriate to the risk. While determining the appropriate level of security the risks deriving from data processing must be taken into consideration, especially risks deriving from the accidental or illegal destruction, lost, modification, publication or illegal access of the personal data transferred, stored or processed any way.
- Processors
The Processor means a natural or legal person which processes personal data on behalf of the Controller.
In relation to your contact persons, the following companies act as the Processors of Controllers:
| Név | Azonosító | Székhely | Tevékenység |
|---|---|---|---|
| DHL Express Magyarország Kft. | 01 09 060665 | 1185 Budapest, BUD Nemzetközi Repülőtér 302. ép. | shipment of products |
| DHL Freight Magyarország Kft. | 01 09 902469 | 1185 Budapest, BUD Nemzetközi Repülőtér 264. ép. | shipment of products |
| TNT Express Hungary Kft. | 01 09 068137 | 1185 Budapest, BUD Nemzetközi Repülőtér 283. ép. | shipment of products |
| Fedex Express Hungary Kft. | 01 09 381339 | 1185 Budapest, BUD Nemzetközi Repülőtér 283. ép. | shipment of products |
| Prodosoft Kft. | 01 09 931247 | 1116 Budapest, Sztregova utca 1. | IT services |
| ICT Európa Finance | 01 10 140439 | 1117 Budapest, Fehérvári út 50-52. | accounting services |
| e-Com Informatika Zrt. | 01 10 140348 | 1141 Budapest, Vízakna utca 4 | IT services |
The data processed by Processors are detailed in Section 10.
- Rights related to data processing, the means of right enforcement and available legal remedies
8.1. Rights related to data processing
The Data Subject may request from the Controller the following:
- information on the processing of personal data concerning him/her (Articles 13-14. of GDPR);
- access to the personal data concerning him/her (Article 15. of GDPR);
- correction or completion of the personal data concerning him/her (Article 16. of GDPR);
- erasure or restriction of processing of the personal data concerning him/her – with the exception of obligatory processing (Articles 17-18. of GDPR);
- the Data Subject has the right to data portability (Article 20. of GDPR);
- the Data Subject may object to the processing of the personal data concerning him/her (Article 21. of GDPR).
The Data Subject may submit his/her request to the Controller in writing. The Controller shall fulfil the Data Subject’s request within one month the latest and inform the Data Subject about the measurements taken in writing.
8.2. Means of right enforcement and available legal remedies related to data processing
8.2.1. Before initiating judicial or authority proceedings contacting the Controller is recommended by sending the complaint or observation related to the processing of the personal data of the Data Subject for investigation to the Controller.
In case of the enforcement of any rights of the Data Subject related to the data processing under Section 8.1., Controller shall investigate the case without any delay within the period specified in current laws, take measurements in relation to the request and provide information on the case to the Data Subject (the period may be extended according to law if necessary).
Should the Data Subject have submitted his/her request by electronic form, the information shall be provided by electronic form, if possible, as well, unless otherwise requested by the Data Subject. In case there is no measurement taken by the Controller upon the request of the Data Subject within the period determined by law the latest, Controller must inform the Data Subject on the reason(s) of the delay or the refuse of acting and on the possibility of initiating judicial or authority proceedings.
If you wish to enforce your rights related to data processing, you have any questions or doubts regarding your data processed by the Controller, you wish to request information on your data or submit a complaint, or you wish to exercise any of your rights under Section 8.1, you may do so through the contact details of the Controller listed in Section 1.
8.2.2. The Data Subject may initiate judicial proceedings against the Controller or the Processor – acting on behalf of or following the instruction of the Controller – if in his/her opinion the Controller or the Processor processes his/her personal data with the infringement of the requirements related to data processing and determined in the law or the binding legal act of the European Union.
8.2.3. In order to enforce his/her rights, the Data Subject may request from the Hungarian National Authority for Data Protection and Freedom of Information (Seat: 1055 Budapest, Falk Miksa utca 9-11.; Website: http://naih.hu; Postal address: 1374 Budapest, Pf. 603.; Phone: +36-1-391-1400; Fax: +36-1-391-1410; E-mail: ugyfelszolgalat@naih.hu) the initiation of an investigation or authority proceedings with reference to the fact that related to the processing of his/her personal data infringement has occurred, or there is an imminent risk of that, thus in particular if in his/her opinion,
- the Controller restricts him/her in exercising his/her rights as Data Subject determined in Section 8.1 or refuses his/her request for the enforcement of such rights, and
- during the processing of his/her personal data the Controller or the Processor acting on behalf or following the instructions of the Controller violates the requirements related to data processing and determined in the law or the binding legal act of the European Union.
9. Miscellaneous
During the processing of personal data detailed in this Privacy Notice automated decision-making, profiling and the transfer of personal data to third countries or international organisations are not performed.
The Controller reserves the right to unilaterally modify this Privacy Notice with regard to the future. Should the Controller modify this Privacy Notice, it informs the Data Subject of such modifications through its website.
- Details of data processing
| Purposes for data processing | Legal basis of data processing | Personal data processed | Period of data processing |
|---|---|---|---|
| Invoicing | Legal obligation, legitimate interest (Cotact data are necessary for the fullfillment of contractual obligations of both parties and for the enforcement of rights of the Controller) |
name, e-mail address, phone number address, tax number (only in case of self-employed) |
the period required for keeping documents (basically 8 years) |
| Registry on the contact details of business partners | Legitimate interest (quoting, contracting, fullfillment of purchase orders, information flow, shipments, satisfaction measurements, organisation of information providing events) |
name, e-mail address, phone number address, tax number (only in case of self-employed) |
5 years following the last contact action, or until the withdrawal initiated by the Data Subject |
