I. Data processing
1. Contact (phone call, customer correspondence)
Data Controller processes personal data during Customer, Data Subject phone calls, electronic (email) and paper based (mail, fax) correspondence and contact.
1.1. Legal basis
Legitimate interest of the Data Controller – contact, consultation, retrievability, information, orientation.
1.2. Data Content
Name
Address (billing and shipping address)
Phone number (landline and mobile)
Email address (if email)
BP code
In case the Data Provider is not providing her/his own personal data, it is the obligation of the Data Provider to obtain the consent of the Data Subject.
1.3. Purpose of the Data Processing
Contact, preparation, consultation.
1.4. Data Processing Period
Until the business relationship exists, or for 5 years from the last contact.
1.5. Data Processor
In connection with telephone conversation and correspondence, the relevant hosting provider or IT service provider qualifies as a data processor.
1.6. Data Forwarding
During the consultations, the data related to the transaction (Name, Address, Telephone Number) will be forwarded to the contributor by the Data Controller if necessary.
1.7. Entities learning about the data
Data Controller processes personal data so that only those have access to it whose access is necessary to be able to fulfill the service for the Customer, Data Subject.
Service Provider's employees overseeing internal operations and comliance with work rules (operations control staff, internal auditors, security and safety personnel) can learn about the data too if this is necesssary for carrying out the audit.
Data can also be accessed by the employees of the Service Provider's subcontractors and contributors as Data Processors who are involved in providing the service.
It is a legal obligation of the Service Provider to disclose data or provide access to it to the courts of justice, the prosecutor's office, the investigating authority, the authority of misdemeanor, the administrative authority, the National Data Protection and Freedom of Information Authority, or any body empowered by other statutes. Data Controller is required to cooperate with the bodies responsible for the prevention and detection of criminal offenses and secret information collection.
Data Controller provides personal data or access to it to these bodies if they have indicated the exact purpose and the scope of data, and only to the extent that is indispensable to achieve the purpose of the inquiry and is suitable for the purpose.
1.8. Data Subject rights
The right of access
The Data Subject has the right to receive the information as in points 1-7, and to the rectification of personal data concerning them.
In addition, the Data Subject has the right to request the deletion or the restriction of his or her personal data and may object to the handling of such personal data (see below).
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The Data Subject has the right to submit a complaint to the supervisory authority (see below).
The right to be forgotten (erasure)
The Data Subject can request the erasure of personal data where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
b) the Data Subject withdraws consent on which the processing is based and there is no other legal ground for the processing,
c) the Data Subject objects to the processing and there are no overriding legitimate grounds for it.
d) the personal data have been unlawfully processed,
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
Erasure of personal data can not be requested as a subjective right. After submitting the request, the Data Controller examines the exact legal basis for the data processing and whether there is any legal basis other than the consent. In case the processed personal data is necessary for the establishment, exercise or defence of legal claims, or for reporting to authorities, the data processing may be continued by the Data Controller on the basis of legal obligation or legitimate interest.
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to object
The Data Subject can only object to data processing based on legitimate interest. The Data Controller, in such a case, if it demonstrates compelling legitimate grounds for the processing, or it it is necessary for the establishment, exercise or defence of legal claims, it can continue to process the data.
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to restriction of data processing
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
The Data Subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data,
b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead,
c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims, or
d) the data subject has objected to processing pursuant to Article 21(1).
1.9. Available legal remedies
The Data subject has the right to address a complaint directly to the Data Controller.
The Data subject has the right to lodge a complaint with the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilagyi Erzsébet avenue 22/c, postal address: 1530 Budapest, P.O. box: 5. Email: ugyfelszolgalat@naih.hu, website: www.naih.hu).
The Data Subject has the right to turn to the court.
2. Offer
Data Controller processes personal data as part of its customer and business acquisition activities during the preparation and sending of offers.
2.1. Legal basis
Legitimate interest of the Data Controller – customer and business acquisition.
2.2. Data Content
Name
Email address (registering, contact person and person responsible for receipt)
Address (billing and shipping address)
Phone number (landline and mobile)
BP code
In case the Data Provider is not providing her/his own personal data, it is the obligation of the Data Provider to obtain the consent of the Data Subject.
2.3. Purpose of the Data Processing
Sending offers for products and/or services which are the subject of interest to the Customer, order preparation, making ordering possible.
2.4. Data Processing Period
5 years after the last contact.
2.5. Data Processor
In connection with the offers, electronic correspondance and the internal administration system of the Data Controller, the relevant hosting provider or IT service provider qualifies as a data processor.
2.6. Data Forwarding
During the sending of offers, the data related to the transaction (Name, Address, Telephone Number) will be forwarded to the contributor by the Data Controller if necessary.
2.7. Entities learning about the data
Data Controller processes personal data so that only those have access to it whose access is necessary to be able to fulfill the service for the Customer, Data Subject.
Service Provider's employees overseeing internal operations and comliance with work rules (operations control staff, internal auditors, security and safety personnel) can learn about the data too if this is necesssary for carrying out the audit.
Data can also be accessed by the employees of the Service Provider's subcontractors and contributors as Data Processors who are involved in providing the service.
It is a legal obligation of the Service Provider to disclose data or provide access to it to the courts of justice, the prosecutor's office, the investigating authority, the authority of misdemeanor, the administrative authority, the National Data Protection and Freedom of Information Authority, or any body empowered by other statutes. Data Controller is required to cooperate with the bodies responsible for the prevention and detection of criminal offenses and secret information collection.
Data Controller provides personal data or access to it to these bodies if they have indicated the exact purpose and the scope of data, and only to the extent that is indispensable to achieve the purpose of the inquiry and is suitable for the purpose.
2.8. Data Subject rights
The right of access
The Data Subject has the right to receive the information as in points 1-7, and to the rectification of personal data concerning them.
In addition, the Data Subject has the right to request the deletion or the restriction of his or her personal data and may object to the handling of such personal data (see below).
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The Data Subject has the right to submit a complaint to the supervisory authority (see below).
The right to object
The Data Subject can only object to data processing based on legitimate interest. The Data Controller, in such a case, if it demonstrates compelling legitimate grounds for the processing, or it it is necessary for the establishment, exercise or defence of legal claims, it can continue to process the data.
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to restriction of data processing
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
The Data Subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data,
b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead,
c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims, or
d) the data subject has objected to processing pursuant to Article 21(1).
2.9. Available legal remedies
The Data subject has the right to address a complaint directly to the Data Controller.
The Data subject has the right to lodge a complaint with the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilagyi Erzsébet avenue 22/c, postal address: 1530 Budapest, P.O. box: 5. Email: ugyfelszolgalat@naih.hu, website: www.naih.hu).
The Data Subject has the right to turn to the court.
3. Online registration, profile, placing an order
To place an order of products and/or services online on the Website (www.zartalon.hu, www.szefguru.hu, www.izone.hu) registration is necessary.
3.1. Legal basis
The performance of a contract
Legal obligation
Legitimate interest of the Data Controller – maintaining an active registration, provability
3.2. Data Content
Name (registering, contact person and person responsible for receipt)
Email address (registering, contact person and person responsible for receipt)
Address (billing and shipping address)
Phone number (landline and mobile; registering, contact person and person responsible for receipt)
BP code
In case the Data Provider is not providing her/his own personal data, it is the obligation of the Data Provider to obtain the consent of the Data Subject.
3.3. Purpose of the Data Processing
Enabling electronic ordering of the selected products and/or services, availability of data necessary for order fulfillment, contact to Data Subjects, sending notifications. Purchasing, facilitating practical use, providing order history, provability. Analysis of usage and traffic data. Development of customer experience.
Settlement of deliveries related to items ordered, and their subsequent verifiability. Sending order notifications, order confirmations, performing consultations, proof of payments and deliveries, documentation.
Obligation to report to public organizations (HCSO, NTCA).
3.4. Data Processing Period
The registration exists in the system until its deletion is not requested by the User, Data Subject, or the Data Controller continues its related activities.
The storage period for invoices related to completed orders is 8 years, in accordance with the provisions of Act C of 2000 on Accounting.
3.5. Data Processor
In connection with the administration activities on the website, the electronic notifications and correspondance and the internal administration system of the Data Controller, the relevant hosting providers, IT service providers, other service providers, and the state bodies and authorities qualify as data processors.
3.6. Data Forwarding
During order fulfillment, the data related to the delivery and related contact details (Name, Address, Telephone Number) will be forwarded to the contributor by the Data Controller if necessary.
Data is forwarded also to other contributors and to public bodies, authorities.
SimplePay Data Transmission Statement - in case of payment by bank card
Customer acknowledges that the following personal data stored in the user account of Data Controller in the user database will be handed over to OTP Mobil Ltd. (1143 Budapest, Hungaria Boulevard 17-19.) as a Data Processor. The data transferred by the Data Controller are the following: name, email address, billing and shipping details.
The nature and purpose of the data processing activity performed by the Data Processor can be found in the SimplePay Privacy Policy at the following link: http://simplepay.hu/vasarlo-aff.
3.7. Entities learning about the data
Data Controller processes personal data so that only those have access to it whose access is necessary to be able to fulfill the service for the Customer, Data Subject.
Service Provider's employees overseeing internal operations and comliance with work rules (operations control staff, internal auditors, security and safety personnel) can learn about the data too if this is necesssary for carrying out the audit.
Data can also be accessed by the employees of the Service Provider's subcontractors and contributors as Data Processors who are involved in providing the service.
It is a legal obligation of the Service Provider to disclose data or provide access to it to the courts of justice, the prosecutor's office, the investigating authority, the authority of misdemeanor, the administrative authority, the National Data Protection and Freedom of Information Authority, or any body empowered by other statutes. Data Controller is required to cooperate with the bodies responsible for the prevention and detection of criminal offenses and secret information collection.
Data Controller provides personal data or access to it to these bodies if they have indicated the exact purpose and the scope of data, and only to the extent that is indispensable to achieve the purpose of the inquiry and is suitable for the purpose.
3.8. Data Subject rights
The right of access
The Data Subject has the right to receive the information as in points 1-7, and to the rectification of personal data concerning them, that can be performed by her/himself after accessing her/his profile.
In addition, the Data Subject has the right to request the deletion or the restriction of his or her personal data and may object to the handling of such personal data (see below).
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The Data Subject has the right to submit a complaint to the supervisory authority (see below).
The right to data portability
The Data Subject has the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller.
In addition, the Data Subject has the right to have his/her personal data directly transferred to another controller.
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to data portability applies only to data processed on a legal basis of the performance of a contract.
The right to be forgotten (erasure)
The Data Subject can request the erasure of personal data where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
b) the Data Subject withdraws consent on which the processing is based and there is no other legal ground for the processing,
c) the Data Subject objects to the processing and there are no overriding legitimate grounds for it.
d) the personal data have been unlawfully processed,
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
Erasure of personal data can not be requested as a subjective right. After submitting the request, the Data Controller examines the exact legal basis for the data processing and whether there is any legal basis other than the consent. In case the processed personal data is necessary for the establishment, exercise or defence of legal claims, or for reporting to authorities, the data processing may be continued by the Data Controller on the basis of legal obligation or legitimate interest.
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to object
The Data Subject can only object to data processing based on legitimate interest. The Data Controller, in such a case, if it demonstrates compelling legitimate grounds for the processing, or it it is necessary for the establishment, exercise or defence of legal claims, it can continue to process the data.
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to restriction of data processing
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
The Data Subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data,
b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead,
c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims, or
d) the data subject has objected to processing pursuant to Article 21(1).
3.9. Available legal remedies
The Data subject has the right to address a complaint directly to the Data Controller.
The Data subject has the right to lodge a complaint with the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilagyi Erzsébet avenue 22/c, postal address: 1530 Budapest, P.O. box: 5. Email: ugyfelszolgalat@naih.hu, website: www.naih.hu).
The Data Subject has the right to turn to the court.
4. Placing a paper based order by mail or fax
To place a paper based order of products and/or services of the Service Provider presented on the Website and any additional items by mail or fax.
4.1. Legal basis
The performance of a contract
Legal obligation
Legitimate interest of the Data Controller – provability
4.2. Data Content
Name (registering, contact person and person responsible for receipt)
Email address (registering, contact person and person responsible for receipt; if any)
Address (billing and shipping address)
Phone number (landline and mobile; registering, contact person and person responsible for receipt)
BP code
In case the Data Provider is not providing her/his own personal data, it is the obligation of the Data Provider to obtain the consent of the Data Subject.
4.3. Purpose of the Data Processing
Enabling paper based ordering of the selected products and/or services, availability of data necesssary for order fulfillment, contact to Data Subjects, sending notifications. Purchasing, facilitating practical use, providing order history, provability. Analisys of usage and traffic data. Development of customer experience.
Settlement of deliveries related to items ordered, and their subsequent verifiability. Sending order notifications, order confirmations, performing consultations, proof of payments and deliveries, documentation.
Obligation to report to public organizations (HCSO, NTCA).
4.4. Data Processing Period
In case of paper based orders the processing period of personal data is 5 years from the last order.
The storage period for invoices related to completed orders is 8 years, in accordance with the provisions of Act C of 2000 on Accounting.
4.5. Data Processor
In connection with orders sent on paper the Data Controller does not use a Data Processor.
4.6. Data Forwarding
During order fulfillment, the data related to the delivery and related contact details (Name, Address, Telephone Number) will be forwarded to the contributor by the Data Controller if necessary.
Data is forwarded also to other contributors and to public bodies, authorities.
4.7. Entities learning about the data
Data Controller processes personal data so that only those have access to it whose access is necessary to be able to fulfill the service for the Customer, Data Subject.
Service Provider's employees overseeing internal operations and comliance with work rules (operations control staff, internal auditors, security and safety personnel) can learn about the data too if this is necesssary for carrying out the audit.
Data can also be accessed by the employees of the Service Provider's subcontractors and contributors as Data Processors who are involved in providing the service.
It is a legal obligation of the Service Provider to disclose data or provide access to it to the courts of justice, the prosecutor's office, the investigating authority, the authority of misdemeanor, the administrative authority, the National Data Protection and Freedom of Information Authority, or any body empowered by other statutes. Data Controller is required to cooperate with the bodies responsible for the prevention and detection of criminal offenses and secret information collection.
Data Controller provides personal data or access to it to these bodies if they have indicated the exact purpose and the scope of data, and only to the extent that is indispensable to achieve the purpose of the inquiry and is suitable for the purpose.
4.8. Data Subject rights
The right of access
The Data Subject has the right to receive the information as in points 1-7, and to the rectification of personal data concerning them.
In addition, the Data Subject has the right to request the deletion or the restriction of his or her personal data and may object to the handling of such personal data (see below).
The Data Subject shall send a request in writing, paper based by fax (+36 1 412-0479), or electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The Data Subject has the right to submit a complaint to the supervisory authority (see below).
The right to data portability
The Data Subject has the right to receive the personal data concerning him or her, which he or she has provided to the Data Controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller.
In addition, the Data Subject has the right to have his/her personal data directly transferred to another controller.
The Data Subject shall send a request in writing, paper based by fax (+36 1 412-0479), or electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to data portability applies only to data processed on a legal basis of the performance of a contract.
The right to be forgotten (erasure)
The Data Subject can request the erasure of personal data where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
b) the Data Subject withdraws consent on which the processing is based and there is no other legal ground for the processing,
c) the Data Subject objects to the processing and there are no overriding legitimate grounds for it.
d) the personal data have been unlawfully processed,
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
Erasure of personal data can not be requested as a subjective right. After submitting the request, the Data Controller examines the exact legal basis for the data processing and whether there is any legal basis other than the consent. In case the processed personal data is necessary for the establishment, exercise or defence of legal claims, or for reporting to authorities, the data processing may be continued by the Data Controller on the basis of legal obligation or legitimate interest.
The Data Subject shall send a request in writing, paper based by fax (+36 1 412-0479), or electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to object
The Data Subject can only object to data processing based on legitimate interest. The Data Controller, in such a case, if it demonstrates compelling legitimate grounds for the processing, or it it is necessary for the establishment, exercise or defence of legal claims, it can continue to process the data.
The Data Subject shall send a request in writing, paper based by fax (+36 1 412-0479), or electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to restriction of data processing
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
The Data Subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data,
b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead,
c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims, or
d) the data subject has objected to processing pursuant to Article 21(1).
4.9. Available legal remedies
The Data subject has the right to address a complaint directly to the Data Controller.
The Data subject has the right to lodge a complaint with the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilagyi Erzsébet avenue 22/c, postal address: 1530 Budapest, P.O. box: 5. Email: ugyfelszolgalat@naih.hu, website: www.naih.hu).
The Data Subject has the right to turn to the court.
5. Newsletter
Business advertising on products and/or services, and other related information, providing information, direct marketing inquiries, sending of personalized offers, keeping contact through newsletters.
5.1. Legal basis
Legitimate interest of the Data Controller – contacting potential customers showing interest in the products and services, providing information and business acquisition.
5.2. Data Content
Name
Email address
BP code
5.3. Purpose of the Data Processing
Business advertising on products and/or services, and other related information, providing information, direct marketing inquiries, sending of personalized offers, keeping contact through newsletters.
5.4. Data Processing Period
Data processing connected to newsletters continues until the Data Subject requests the erasure of his/her data, or the Service Provider is not closed down.
5.5. Data Processor
In connection with newsletters the relevant hosting and SMTP service provider qualifies as a data processor.
5.6. Data Forwarding
In connection with the newsletters there is no data forwarding.
5.7. Entities learning about the data
Data Controller processes personal data so that only those have access to it whose access is necessary to be able to fulfill the service for the Customer, Data Subject.
Service Provider's employees overseeing internal operations and comliance with work rules (operations control staff, internal auditors, security and safety personnel) can learn about the data too if this is necesssary for carrying out the audit.
Data can also be accessed by the employees of the Service Provider's subcontractors and contributors as Data Processors who are involved in providing the service.
It is a legal obligation of the Service Provider to disclose data or provide access to it to the courts of justice, the prosecutor's office, the investigating authority, the authority of misdemeanor, the administrative authority, the National Data Protection and Freedom of Information Authority, or any body empowered by other statutes. Data Controller is required to cooperate with the bodies responsible for the prevention and detection of criminal offenses and secret information collection.
Data Controller provides personal data or access to it to these bodies if they have indicated the exact purpose and the scope of data, and only to the extent that is indispensable to achieve the purpose of the inquiry and is suitable for the purpose.
5.8. Data Subject rights
The right of access
The Data Subject has the right to receive the information as in points 1-7, and to the rectification of personal data concerning them.
In addition, the Data Subject has the right to request the deletion or the restriction of his or her personal data and may object to the handling of such personal data (see below).
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (
adatvedelem@bitforce.hu) of the Data Controller, or shall initiate the process by clicking on the unsubscribe link placed at the bottom of any newsletter.
The Data Subject has the right to submit a complaint to the supervisory authority (see below).
The right to be forgotten (erasure)
The Data Subject can request the erasure of personal data where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
b) the Data Subject withdraws consent on which the processing is based and there is no other legal ground for the processing,
c) the Data Subject objects to the processing and there are no overriding legitimate grounds for it.
d) the personal data have been unlawfully processed,
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
Erasure of personal data can not be requested as a subjective right. After submitting the request, the Data Controller examines the exact legal basis for the data processing and whether there is any legal basis other than the consent. In case the processed personal data is necessary for the establishment, exercise or defence of legal claims, or for reporting to authorities, the data processing may be continued by the Data Controller on the basis of legal obligation or legitimate interest.
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to object
The Data Subject can only object to data processing based on legitimate interest. The Data Controller, in such a case, if it demonstrates compelling legitimate grounds for the processing, or it it is necessary for the establishment, exercise or defence of legal claims, it can continue to process the data.
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to restriction of data processing
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
The Data Subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data,
b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead,
c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims, or
d) the data subject has objected to processing pursuant to Article 21(1).
5.9. Available legal remedies
The Data subject has the right to address a complaint directly to the Data Controller.
The Data subject has the right to lodge a complaint with the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilagyi Erzsébet avenue 22/c, postal address: 1530 Budapest, P.O. box: 5. Email: ugyfelszolgalat@naih.hu, website: www.naih.hu).
The Data Subject has the right to turn to the court.
6. Applying for a job
Service Provider processes personal data during the selection process for the purpose of filling open positions.
6.1. Legal basis
Legitimate interest of the Data Controller – selection, the establishment, exercise or defence of legal claims, subsequent provability.
6.2. Data Content
Name
Email address (if email)
Address
Telephone number (landline and mobile)
6.3. Purpose of the Data Processing
Selection.
6.4. Data Processing Period
During the selection process and 90 days after its completion.
6.5. Data Processor
In connection with the telephone conversation and correspondence the relevant hosting and IT service provider qualifies as a data processor.
6.6. Data Forwarding
There is no data forwarding.
6.7. Entities learning about the data
Data Controller processes personal data so that only those have access to it whose access is necessary to be able to fulfill the service for the Customer, Data Subject.
Service Provider's employees overseeing internal operations and comliance with work rules (operations control staff, internal auditors, security and safety personnel) can learn about the data too if this is necesssary for carrying out the audit.
Data can also be accessed by the employees of the Service Provider's subcontractors and contributors as Data Processors who are involved in providing the service.
It is a legal obligation of the Service Provider to disclose data or provide access to it to the courts of justice, the prosecutor's office, the investigating authority, the authority of misdemeanor, the administrative authority, the National Data Protection and Freedom of Information Authority, or any body empowered by other statutes. Data Controller is required to cooperate with the bodies responsible for the prevention and detection of criminal offenses and secret information collection.
Data Controller provides personal data or access to it to these bodies if they have indicated the exact purpose and the scope of data, and only to the extent that is indispensable to achieve the purpose of the inquiry and is suitable for the purpose.
6.8. Data Subject rights
The right of access
The Data Subject has the right to receive the information as in points 1-7, and to the rectification of personal data concerning them.
In addition, the Data Subject has the right to request the deletion or the restriction of his or her personal data and may object to the handling of such personal data (see below).
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller, or shall initiate the process by clicking on the unsubscribe link placed at the bottom of any newsletter.
The Data Subject has the right to submit a complaint to the supervisory authority (see below).
The right to be forgotten (erasure)
The Data Subject can request the erasure of personal data where one of the following grounds applies:
a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
b) the Data Subject withdraws consent on which the processing is based and there is no other legal ground for the processing,
c) the Data Subject objects to the processing and there are no overriding legitimate grounds for it.
d) the personal data have been unlawfully processed,
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject.
Erasure of personal data can not be requested as a subjective right. After submitting the request, the Data Controller examines the exact legal basis for the data processing and whether there is any legal basis other than the consent. In case the processed personal data is necessary for the establishment, exercise or defence of legal claims, or for reporting to authorities, the data processing may be continued by the Data Controller on the basis of legal obligation or legitimate interest.
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to object
The Data Subject can only object to data processing based on legitimate interest. The Data Controller, in such a case, if it demonstrates compelling legitimate grounds for the processing, or it it is necessary for the establishment, exercise or defence of legal claims, it can continue to process the data.
The Data Subject shall send a request in writing, electronically (by email) to the designated email address (adatvedelem@bitforce.hu) of the Data Controller.
The right to restriction of data processing
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject's consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
The Data Subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data,
b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead,
c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims, or
d) the data subject has objected to processing pursuant to Article 21(1).
6.9. Available legal remedies
The Data subject has the right to address a complaint directly to the Data Controller.
The Data subject has the right to lodge a complaint with the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilagyi Erzsébet avenue 22/c, postal address: 1530 Budapest, P.O. box: 5. Email: ugyfelszolgalat@naih.hu, website: www.naih.hu).
The Data Subject has the right to turn to the court.
II. Data security, organisational and technical measures
Data Controller will take all security, technical and organizational measures that guarantee the security of the data.
Data Controller allows access to its IT systems with specific personal authorizations. When allocating access, the principle of necessary and sufficient rights prevails, i.e. the IT systems and services of the Data Controller can be used by a user only to the extent necessary to perform their job duties, with the corresponding authorizations for the required time period. Access to IT systems and services may only be granted to a person who is not restricted due to security or other (e.g. incompatibility) reasons and has the professional, business, and information security knowledge required for their safe use.
Data Controller applies internal policies regarding the processing of personal data.
Every employee of the Data Controller undertakes strict confidentiality rules in a written statement when establishing his/her employment and is obliged to act according to the confidentiality rules during his/her work.
Data Controller protects the operated or used buildings, their premises and thus the data processed and stored there by various security systems (physical access barriers - doors, locks, grids, burlgary safes, fire resistant safe; electronic signaling systems - alarm, fire protection system).
Data Controller stores the data on its own devices, in its data center, except data stored by its data processors. The IT equipment storing the data is located in a separate closed server room. Data is stored redundantly, in several places, in order to protect it from destruction, loss, damage or unlawful deletion due to the failure of IT equipment.
Data Controller protects its internal network from external attacks with a firewall and and active, complex protection against malicious code (such as anti-virus software).
Data Controller will make every effort to ensure that its IT tools and software continually comply with generally accepted technology solutions in the market.
Thanks to logging the operations performed can be tracked and controlled, and incidents like unauthorized access can be detected in the systems.
Data Controller also destroys processed data that is paper based in accordance with the data protection requirements when the storage period expires.
III. Cookie Policy
Data Controller uses cookies on its Websites in order to analyze traffic, save settings and optimize user experience. With the use of the Websites and with the acceptance of this declaration the Customer agrees to the use of cookies by the Data controller in accordance with the following terms.
What is a cookie, and how are these used by the Data Controller's Websites in general?
A cookie is a file containing a set of data (rows of letters and numbers) that a web server sends to the web browser when viewing a website and the web browser stores it. Each time the browser loads a page from the server, it sends this code back to the server.
Cookies do not contain any personally identifiable information, but the information stored in cookies or retrievable from them may refer to the Customer's personal data.
The customer information obtained from the cookies in operation on the Data Controller's Websites may be used by the Data Controller for the following purposes:
To recognize the Customer's computer when visiting the Data Controller's Website
To improve the usability of the Website
To analyze the use of the Website
To personalize the Website (e.g. favorites, storing last visited items, saving view settings)
To track the activity of the Customer on the Website and to allow the use of certain features (e.g. adding/deleting items to/from the cart, ending a purchase with payment etc.)
To remember the Customer when returning to the Website
If you wish to block or delete the cookies from the Website, you can do this with your browser. At the bottom of this statement you will find more information about blocking and deleting cookies.
What types of cookies are specifically used by the Data Controller's Websites?
Data Controller uses two different basic types of cookies:
1) Functionality and navigation cookies
These cookies are essential for the proper functioning and easy navigation of the Websites. For example, they allow the use of the cart function or keep the Customer permanently logged while navigating the website. If you do not accept these cookies, it will affect the functionality of some of the features on the Websites.
- Cookies that store user-set data (compare, kedvenc, kosar)
- User interface customization session cookies (brne, cookie_confirmed, lang, megszunt, megtekintett_2, openfavorite, panel)
2) Analytical cookies
Analytical cookies collect general information about how users use the Website, such as which pages are visited most frequently, and whether users receive an error message on the Website.
Data Controller uses the Google Analytics tool for analytics purposes, that helps to get a better picture of the visitors' activities. The service uses cookies to collect information and report on the statistics on the use of the Website without individually identifying visitors to Google. Cookies used by Google Analytics are the _ga, _gid, and _gat cookies (for further information click here).
Cookies provided by the Data Controller (functionality and navigation cookies) are stored on devices for 30 days and the expiration period starts again with each new user activity. After the expiry of the 30 day period, users will be asked again to accept cookies.
Cookies provided by a third party (analytics cookies) have a 38-month expiration period and the expiration period starts again with each new user activity.
Cookie preferences
For more information about using cookies on websites (including blocking or deleting cookies), visit www.allaboutcookies.org.
Blocking cookies
Most browsers can block cookies. For example:
In the Internet Explorer browser, on the "Privacy" tab under "Internet Options" in the "Tools" menu, you can block the cookies by moving the slider to "Blocking All Cookies".
For further information click here.
In Mozilla Firefox, you can block cookies by clicking on the "Privacy Policy" tab under "Settings" on the "Tools" menu and removing the marking at the option "Accept Cookies from Websites".
For further information click here.
Deleting cookies
You can also delete cookies stored on your computer as follows:
In Internet Explorer the cookie files must be deleted manually, for further information click here.
In Mozilla Firefox, to delete cookies, you must first enable deletion of cookies within the "Delete Personal Information" option (this setting can be changed by clicking on "Settings" in the "Personal Information" box under "Settings" in the "Tools" menu) then click "Delete personal data" in the "Tools" menu.