1. Data controller
The present website (hereinafter referred to as ‘Website’) is operated and provided by the ProfiKomp® Környezettechnika Zrt. (2100 Gödöllő, Kühne Ede utca 7; registration number: 13-10-041077; represented by: dr. Aleksza László CEO; hereinafter referred to as ’Data Controller’). The Data controller and the associates of the Data Controller are entitled to control and process the data mentioned above.
2. Scope of the Statement
Every Website (at the present time: http://www.profikomp.hu ) operated by the Data Controller falls within the scope of this Privacy Statement (hereinafter referred to as “Statement”). The Data Controller may require registration to use some of the services of the Website. In order to use the Website, You (hereinafter referred to as ‘User’) must read and accept the full content of the Statement. By entering the Website the User acknowledges that he/she accepts and expresses its consent to be bound by the provisions and conditions included in the Statement.
By keeping the provisions of the Statement, the User is able to visit the Website at any time. Please note, that the data provision is voluntary and that you are entitled to request information about data processing and entitled to require the corrigendum or deletion of data by writing a letter (address: ProfiKomp® Környezettechnika Zrt. 2100 Gödöllő, Kühne Ede utca 7.) or sending an e-mail to email@example.com. We do not take responsibility for the correctness of the data provided by you.
3. General Data Protection Provisions
The Data Controller undertakes to comply with the provisions of the Hungarian law being in force, concerning data processing and data protection. The Data Controller processes the User’s personal data in accordance with the provisions of the Act of CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred to as ‘Act’), the official communication of the authority responsible for data protection (at the present time: Hungarian National Authority for Data Protection and Freedom of Information – Registered office: 1024 Budapest, Szilágyi Erzsébet fasor 22/C., website: www.naih.hu – hereinafter referred to as ‘Authority’) and the Hungarian jurisdiction.
The provision of personal data is not necessary to survey the information available on the Website. However, using some of the services requires the provision of certain personal data. In this case, the Data Controller informs the User of the rules of data processing and obtain the User’s prior consent (which can be withdraw at any time) for data processing. The using of personal data is based – every time - on the written statement of the User. The Data controller uses the personal data exclusively internally and for contact purposes. In every case the Data Controller intends to use this data for a different purpose, the Data Controller informs the User, obtains the User’s prior consent and provides the opportunity to withdraw this consent in the future.
The User is able to request the deletion or modification of his/her personal data in written, by sending a letter to ProfiKomp® Környezettechnika Zrt. 2100 Gödöllő, Kühne Ede utca 7. or sending an e-mail to firstname.lastname@example.org.
On the Website the User can register once and one way (hereinafter referred to as ‘Registration’). Afterwards, the User is able the use those services of the Website (hereinafter referred to as ’Services’) that requires Registration. The Users who do not use the Services that requires Registration also accepts and are bound by the provisions of the Statement, by entering/ searching or using the Website. According to the Statement, the registered Users are those Users, who provide the necessary data during Registration and accept the provisions of the Statement therefore, the provisions of section 5. in the Statement are fulfilled.
5. The statement of the User
By registering, the User confirms that he/she has read, acknowledged and accepted the full content of the Statement and gives his/her consent to the Data Controller to process his/her personal data (specified in the Statement) in accordance with the purpose of data processing and according to the provisions of Act of CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information and the provisions of the Statement.
The User hereby declares that the data (given in the course of registering) is correct and does not violate others’ personal rights.
6. The purpose of data processing
The purpose of processing personal data (collected while visiting the Website) is to ensure the full usage of the Website and to enable the contracting (and in case the modification of the contract) between the User and the Data Controller for providing services and performing the orders. The primary purpose of data processing is to cognize the Users who read the online available and free downloadable archive copies of the magazine “Biohulladék”.
The Data controller is entitled to use the data provided by the Users - especially but not exclusively – for the following purposes: analyzing the customs of the customers, compilation of attendance statistics, completing the orders, fulfilling other services.
Some of the computer data of the Users is automatically logged in order to keep track the attendance data of the Website and in order to detect any incidental failures. In some cases, this data may be qualified as personal data however, the Data Controller do not connect it to any other data from which the person of the User could be identified.
7. The scope of the personal data processed
a) Personal identification data of the User: first name and surname
b) The e-mail address of the User (given during the Registration)
c) The address and postal address of the User
d) Other personal information given by the User voluntarily (for example job, position, interest)and other data
e) Date of the Registration, IP address of the Registration/order
f) In case of order: ship-to address, shipping name
8. The legal basis of data processing
By using the Website, the User accepts the provisions of the Statement and gives his/her consent to the data processing specified in the Statement. The Users give their consent (which is necessary to the processing of their personal data) by registering or by ordering a product. Giving personal data is always voluntary on the Website (section 5. (1) of the Act). The Data Controller shall choose and operate the measures - implied while providing services relating to the information society – in each case, in a way that ensures that personal data is processed only if it is necessary to fulfill legislative purposes, but only to the extent that, and for such a period, as is strictly necessary.
The Data Controller informs the User, that according to section 6. (1) of the Act; personal data may be processed also if obtaining the data subject’s consent is impossible or it would give rise to disproportionate costs, and the processing of personal data is necessary
a) for compliance with a legal obligation pertaining to the Data Controller, or
b) for the purposes of the legitimate interests pursued by the Data Controller or by a third party , and enforcing these interests is considered proportionate to the limitation of the right for the protection of personal data.
9. The method of data processing
The Data Controller is entitled to process personal data only for the purposes defined in section 6. of the Statement, and only for the period of time defined in section 10. of the Statement. The Data Controller shall also ensure that data processing is carried out in accordance with the provisions of the Statement. By accepting the present Statement, the User hereby declares that his/her consent to the data processing, and the data provision are voluntary and that the data provision is based on his/her informed and explicit consent.
10. Term of data processing
The Data Controller shall store the data as long as the User is registered and as long as the User uses the Services of the Website. With one exception, the deadline of the deletion of the data stored is 5 years after the possibility of using the Services is ceased (in particular, 5 years after the Registration is deleted). The deadline is 5 years, due to the fact that the Data Controller my claim for damages from the User only within 5 years after the Services are ceased.
The only exception is the obligation of the Data Controller based on section 169. (2) of the Act of C of 2000 on Accounting; the accounting documents underlying the accounting records directly or indirectly (including ledger accounts, analytical records and registers) shall be retained for minimum 8 years, shall be legible and retrievable by means of the code of reference indicated in the accounting records.
11. Data security
The Data Controller shall make arrangements for and carry out data processing operations in a way so as to ensure full respect for the right to privacy of the Users in due compliance with the provisions of the Act and other regulations on data protection.
The Data Controller must implement adequate safeguards and appropriate technical and organizational measures to protect personal data, as well as adequate procedural rules to enforce the provisions of the Act and other regulations concerning confidentiality and security of data processing.
Data must be protected by means of suitable measures against unauthorized access, alteration, transmission, public disclosure, deletion or destruction, as well as accidental loss and damage, and to ensure that stored data cannot be corrupted and rendered inaccessible due to any changes in the applied technique.
For the protection of data files stored in different electronic records, suitable technical solutions shall be introduced to prevent – unless it is permitted by law – the interconnection of the data stored and the identity of the Users.
In determining the measures to ensure the security of data processing, the Data Controller shall take into account the latest technical developments. In case alternate data processing solutions are available, the one selected shall ensure the highest level of protection of personal data, except if this would entail unreasonable hardship for the Data Controller.
The User is obliged to keep confidential the password given by him/her. In case the User gives his/her unique identification and password away and as a result an unauthorized third person obtains the User’s data, the Data Controller is not responsible for the damage and disadvantage that occurs. The Data Controller provides the opportunity for the User (after giving the unique identification and password) to get access to his/her data and to modify and delete this data.
During the Registration, the User is obliged to provide correct and full information on the questions of the registration data sheet, and in case of changing the registration data, the User is obliged to update this data. In case the data (given by the User) is incorrect, inaccurate or insufficient, or in case the User infringes the provisions of the Statement or other regulations on data protection, the Data Controller is entitled to suspend (partially or fully) or terminate the User’s access.
On the Website, links to other companies’ website may occur. The Data Controller is not responsible for the measures of other websites concerning the confidentiality and security of data processing. The provisions of the Statement are applied only to the Website operated by the Data Controller. The Data Controller implements all necessary measures to protect the User’s personal data from any unauthorized person.
In case other person’s personal data is provided (during the Registration or the order), the person who gives this data is responsible for obtaining the consent of the other person and for giving appropriate information on data processing which are both necessary to the lawful data processing (including data transfer, and all data processing operations performed by the Data Controller). Please note, that the misuse of personal data is unlawful.
Protecting the User’s personal data is of paramount importance for the Data Controller. The Data Controller protects all personal data with the same measures, regardless how this personal data is provided (etc. through the internet or in another way). By voluntarily providing any personal data, the User gives his/her consent to the register and processing of this data by the Data Controller (for a definite purpose and term defined by the nature of the service).
In order to prevent the unauthorized use and misuse of the personal data processed, the Data Controller implements technical and operational security measures. The security procedures are checked regularly and are developed in accordance with the technological development. However, the Data Controller declares that he is not responsible for the damage in the database, for the theft of data or for any other damage that occurred due to malicious actions (like hacking or other cyber-attacks).
12. Data transmission
By accepting the present Statement, the User hereby declares that he/she is aware that the personal data (processed by the Data Controller) will be transmitted to data processors, and other persons who act on behalf of the Data Controller (for example persons who make invoices, claims management, delivery, bookkeepers, customer service) and in case it is necessary, to authorities who – according to the regulations – are entitled to adjudicate. These persons shall be bound by an obligation of confidentiality and data protection, and shall process data according to the instructions of the Data Controller.
13. Cookie placement
14. Rights of the Users and enforcement
The User may request from the Data Controller:
a) information on his/her personal data being processed,
b) the rectification of his/her personal data, and
c) the erasure or blocking of his/her personal data, except if processing is rendered mandatory.
Upon the User’s request the Data Controller shall provide information concerning the data relating to him/her, the sources from where they were obtained, the purpose, grounds and duration of processing, and the conditions and effects of the data incident and measures taken with a view to eliminate them and –in case of data transfer – the legal basis and the recipients.
In order to control measures relating to data incidents and to inform the User, the Data Controller shall keep records containing the personal data affected, the personal scope affected by the data incident , the time, circumstances and effects of the data incident and the measures taken to eliminate thereof as well as other information determined by law.
The Data Controller must comply with requests for information without any delay, and provide the information requested in an intelligible form, in writing at the data subject’s request, within not more than 25 days. This information shall be provided free of charge for any category of data once a year. Additional information concerning the same category of data may be subject to a charge. The amount of such charge may be fixed in an agreement between the parties. Where any payment is made in connection with data that was processed unlawfully, or the request led to rectification, it shall be refunded.
If a personal data is deemed inaccurate, and the correct personal data is at the Data Controller’s disposal, the Data Controller shall rectify the personal data in question.
The Data Controller shall erase the personal data if; it is processed unlawfully; so requested by the User; it is incomplete or inaccurate and it cannot be lawfully rectified, provided that erasure is not disallowed by statutory provision of an act; the purpose of processing no longer exists or the legal time limit for storage has expired; so ordered by court or by the Authority.
If the purpose of data processing no longer exists or the legal time limit for storage has expired, the requirement of erasure shall not apply to personal data recorded on a carrier that is to be deposited in archive under the legislation on the protection of archive materials. Personal data shall be blocked instead of erased if so requested by the User, or if there are reasonable grounds to believe that erasure could affect the legitimate interests of the User. Blocked data shall be processed only for the purpose which prevented its erasure.
If the accuracy of an item of personal data is contested by the data subject and its accuracy or inaccuracy cannot be ascertained beyond doubt, the Data Controller shall mark that personal data for the purpose of referencing. When a data is rectified, blocked, marked or erased, the User and all recipients to whom it was transmitted for processing shall be notified. Notification is not required if it does not violate the rightful interest of the User in light of the purpose of processing. If the Data Controller refuses to comply with the User’s request for rectification, blocking or erasure, the factual or legal reasons on which this decision is based shall be communicated in writing or, on the consent of the User, electronically within 25 days of receipt of the request. Where rectification, blocking or erasure is refused, the Data Controller shall inform the User of the possibilities for seeking judicial remedy or lodging a complaint with the Authority.
The User shall have the right to object to the processing of data relating to him/her:
a) if processing or disclosure is carried out solely for the purpose of discharging the Data Controller’s legal obligation or for enforcing the rights and legitimate interests of the Data Controller, the recipient or a third party, unless processing is mandatory;
b) if personal data is used or disclosed for the purposes of direct marketing, public opinion polling or scientific research; and
c) in all other cases prescribed by law.
In the event of objection, the Data Controller shall investigate the cause of objection within the shortest possible time inside a fifteen-day time period, adopt a decision as to merits and shall notify the User in writing of its decision. If, according to the findings of the Data Controller, the User’s objection is justified, the Data Controller shall terminate all processing operations (including data collection and transmission), block the data involved and notify all recipients to whom any of these data had previously been transferred concerning the objection and the ensuing measures, upon which these recipients shall also take measures regarding the enforcement of the objection. If the User disagrees with the decision of the Data Controller, the User shall have the right to turn to court within 30 days of the date of delivery of the decision. The court shall hear such cases in priority proceedings.
In case of the infringement of the Data Controller, the User is able to make a complaint to the Authority:
Hungarian National Authority for Data Protection and Freedom of Information
1024 Budapest, Szilágyi Erzsébet fasor 22/C.,
Postal address: 1530 Budapest, p.o.b. 5.
Phone number: +36-1-391-1400
16. Judicial remedy
The burden of proof to show compliance with the law lies with the Data Controller. The burden of proof concerning the lawfulness of transfer of data lies with the data recipient.
The action shall be heard by the competent tribunal, primarily by the tribunal in whose jurisdiction the Data Controller’s registered office is located. If so requested by the User, the action may be brought before the tribunal in whose jurisdiction the User’s home address or temporary residence is located. Any person who otherwise lacking legal capacity to be a party to legal proceedings may also be involved in such actions. The Authority may intervene in the action on the User’s behalf. Act V of 2013 on the Civil Code and the Act contain the enforcement practices and the legislative provisions concerning the obligations of the Data Controller.
The provisions of the present Statement can be modified – within the applicable laws - at any time by the Data Controller. These modifications shall take effect on the day of the publication on the Website, and by opening the Website the User acknowledges and expresses its consent to be bound by these modifications.
If you have any questions or comments concerning the Statement, please contact us via e-mail; email@example.com.