Privacy Notice

PRIVACY NOTICE

 on the processing of the personal data of natural persons arising from filling out the contact and/or quotation form on the website of Elektromont Kft.

  Introduction

This Privacy Notice concerns the processing of personal data of natural persons filling out the Contact Form on the website of Elektromont. The content of this Privacy Notice shall not be applicable to data relating to persons other than natural persons.

1. Description of the Controller, definition of personal data and Data Subject

The Controller means the legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.

With regard to this Notice,

Controller:                             Elektromont Kft.
Seat:                                        1116 Budapest, Sztregova u. 1.
Corp. registry Nr.:               01-09-876325
Website:                                https://www.elektromont.hu
E-mail address:                    info@elektromont.hu
DPO:                                        Csapó Éva
Contact:                                 evacsapo@elektromont.hu, 30/934-7304

For the purposes of this Privacy Notice, personal data shall mean any information relating to an identified or identifiable natural person (Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier (such as name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).

2. Legislation under which the processing is performed

Main legislation related to the processing under this Notice:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (of 27 April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR),
• Act CXII of 2011 on Informational Self-determination and Freedom of Information (Privacy Act).

3. Legal basis and purposes for data processing, range of data processed and source of data

The legal bases for our processing are the following points of Article 6(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council point a) (data processing based on agreement).

Controller collects, stores and processes the personal data in electronic form. Purpose of data processing is to be able to contact the Data Subject in order to provide the quested information to the Data Subject.

Controller undertakes to process the personal data given by the Data Subject while filling out the contact form as confidential data. Besides the following types of personal data given in this table Controller may process further personal data given by the Data Subject during mailings.

The processed personal data and purpose of data processing:

Personal data processed	Purpose of data processing
Name	Contacting the Data Subject
E-mail address	Following first contacting sending a confirmation on receiving the contact request. Sending the information requested by the Data Subject. Sending the quote requested by the Data Subject.
Company name (sole traders)	Sending the quote requested by the Data Subject.
Phone Nr.	Quick contacting of the Data Subject in order to fully understand the whole request.
Other personal data give by the Data Subject	Answering the request of the Data Subject. Sending the quote requested by the Data Subject.

Source of data processed: the Data Subject.

4. Persons entitled to access the data, reason for data transfer

The persons entitled to access the data determined in this Privacy Notice within the organisation of the Controller are the employees and representatives of Elektromont in order that they can perform their tasks deriving from their work.

There are no other persons, external partners entitled to access the data determined in this Privacy Notice, Controller applies no data transfer to any Processor.

5. Period of processing and storing the personal data

The period of processing is maximum 5 years from contacting or until restriction requested by the Data Subject.

6. Security of Personal Data

Controller undertakes to ensure the security of personal data processed, implements appropriate measures and develops appropriate procedural rules to ensure the protection of the stored and processed data and prevents the destruction, unauthorised use and unauthorised alteration thereof.

Controller shall ensure that the processed data are not accessible to unauthorised persons, and cannot be disclosed, transferred, altered or erased by such persons. The processed data shall exclusively be accessible by the Controller and its employees based on permission levels. Controller shall not disclose the data to any third person not entitled to access the data. Employees of the Controller may access the personal data based on the job roles specified by the Controller, in a specified manner and as per the permission levels.

In order to ensure the security of the IT systems, Controller protects such systems with firewall and also uses virus scanner and anti-virus programs in order to prevent internal and external data loss. Controller has also taken measures to properly check any form of incoming and outgoing communication to prevent abuse.

Controller deem personal data confidential and process the data as such. In order to ensure the protection of data sets processed electronically in various records, Controller makes sure that the data stored in the records cannot be directly combined and associated with the Data Subject, with the exceptions stipulated by law.

Controller shall ensure a level of security appropriate to the risk. While determining the appropriate level of security the risks deriving from data processing must be taken into consideration, especially risks deriving from the accidental or illegal destruction, lost, modification, publication or illegal access of the personal data transferred, stored or processed any way.

7. Rights related to data processing, the means of right enforcement and available legal remedies

7.1. Rights related to data processing

Data Subject may request from the Controller the following:

• information on the processing of personal data concerning him/her (Articles 13-14. of GDPR),
• access to the personal data concerning him/her (Article 15. of GDPR),
• correction or completion of the personal data concerning him/her (Article 16. of GDPR),
• erasure or restriction of processing of the personal data concerning him/her – with the exception of obligatory processing (Articles 17-18. of GDPR),
• the Data Subject has the right to data portability (Article 20. of GDPR),
• the Data Subject may object to the processing of the personal data concerning him/her (Article 21. of GDPR).

Data Subject may submit his/her request to the Controller in writing. Controller shall fulfil the Data Subject’s request within one month the latest and inform Data Subject in writing about the measurements taken.

7.2. Means of right enforcement and available legal remedies related to data processing

7.2.1. As first step contacting the Controller is recommended by sending the complaint related to the processing of the personal data of the Data Subject for investigation to the Controller.

Controller shall investigate the case within the period specified in current laws, take measurements and provide information to the Data Subject (the period may be extended according to law if necessary).

Should Data Subject have submitted his/her request by electronic form, the information shall be provided by electronic form, if possible, as well, unless otherwise requested by the Data Subject. In case there is no measurement taken by the Controller upon the request of Data Subject within the period determined by law the latest, Controller must inform Data Subject on the reason(s) of the delay or the refuse of acting and on the possibility of initiating judicial or authority proceedings.

If you wish to enforce your rights related to data processing, you have any questions or doubts regarding your data processed by the Controller, you wish to request information on your data or submit a complaint, or you wish to exercise any of your rights under Section 7.1, you may do so through the contact details of the Controller listed in Section 1.

7.2.2. Data Subject may initiate judicial proceedings against the Controller if in his/her opinion the Controller processes his/her personal data with the infringement of the requirements related to data processing and determined in the law or the binding legal act of the European Union.

7.2.3. In order to enforce his/her rights, Data Subject may request from the Hungarian National Authority for Data Protection and Freedom of Information (Seat: 1055 Budapest, Falk Miksa utca 9-11.; Website: http://naih.hu; Postal address: 1374 Budapest, Pf. 603.; Phone: +36-1-391-1400; Fax: +36-1-391-1410; E-mail: ugyfelszolgalat@naih.hu) the initiation of an investigation or authority proceedings with reference to the fact that related to the processing of his/her personal data infringement has occurred, or there is an imminent risk of that, thus in particular if in his/her opinion,

• Controller restricts him/her in exercising his/her rights as Data Subject determined in Section 7.1 or refuses his/her request for the enforcement of such rights, and
• during the processing of his/her personal data the Controller violates the requirements related to data processing and determined in the law or the binding legal act of the European Union.

8. Miscellaneous

During the processing of personal data detailed in this Privacy Notice automated decision-making, profiling and the transfer of personal data to third countries or international organisations are not performed.

Controller reserves the right to unilaterally modify this Privacy Notice with regard to the future.

Budapest, March 1, 2023