i) Personal data may only be processed for a specific purpose, in order to exercise a right or perform an obligation. The processing activities must be in accordance with the relevant purpose during all stages of processing, and the data must be recorded and processed in a manner that is fair and lawful.
ii) Personal data can only be processed if they are essential and suitable for achieving the purpose of processing. Personal data may only be processed to the extent and for a period necessary for the achievement of the purpose.
iii) Personal data will remain personal data during the processing as long as its relationship with the data subject can be restored. The relationship between the data and the data subject can be restored if the controller has the technical facilities that are required for restoring such relationship.
v) It must be ensured during processing that the data are accurate, complete, and up-to-date, if necessary in view of the purpose of processing, and it must be ensured that the data subject can be identified only for a period that is necessary for the purpose of processing.
1. GENERAL PROVISIONS
Name of the controller:
TRA Kft. (hereinafter: Controller)
Address of the Controller: 1118 Budapest, Kelenhegyi út 27., Hungary
Contact details of the Controller:
Tel.: +36 30408 25 68
The legal basis of processing: the consent of the data subject, based on Section 5(1)(a) of Act CXII of 2011 on the right of informational self-determination and on the freedom of information.
Data subjects: persons who send a message via the contact form. Consent to processing: When sending a message, the Users give their express consent to the Controller to process their personal data in the manner described in this Policy.
The purpose of processing: contacting the Users
The means of processing: automated processing
The period of processing: until consent is withdrawn
2. THE PERSONAL DATA PROCESSED::
Users may provide the following data voluntarily (they provide the data voluntarily, but the data are indispensable for using the service) in order to use the contact form available on the www.botaniqkastely.hu website:
the name of the user “Name” (of the person writing the message) – related purpose: contacting and identifying the user
e-mail address “E-mail" – related purpose: contacting the user
phone number “Phone number” – related purpose: contacting the user
3. THE DATA PROCESSORS (PERSONS WHO PERFORM TECHNICAL TASKS RELATING TO THE PROCESSING OPERATIONS): TRA Kft.
Address: 1118 Budapest, Kelenhegyi út 27, Hungary
Tax number: 25372175-2-43
4. THE PERIOD OF PROCESSING:
The Controller will process the data provided to it for 1 year or until the data subject withdraws his or her consent.
5. DATA TRANSFER
The Controller will not transfer the personal data provided to it. The Controller will only use the data for the purposes stated in this document with no third party data processor.
6. ADATTOVÁBBÍTÁS KÜLFÖLDRE:
No data will be transferred abroad.
7. THE RIGHTS OF DATA SUBJECTS:
The data subject may request the Controller
a) to provide information on the processing of his or her personal data;
b) to rectify his or her personal data; and
c) to erase or block his or her personal data, unless the processing of personal data is mandatory.
At the request of the data subject, the Controller will provide information on the data subject’s data processed by the Controller or a processor hired by or on behalf of the Controller; the source of such data; the purpose, legal basis and period of processing; the name, address and processing-related activity of the processor; the circumstances and effects of any personal data breaches and the measures taken by the Controller to eliminate such breaches; furthermore, the legal basis and the recipient of the data transfer in the case of transferring the data subject’s personal data.
Az Adatkezelő - ha belső adatvédelmi felelőssel rendelkezik, a belső adatvédelmi felelős útján - az adatvédelmi incidenssel kapcsolatos intézkedések ellenőrzése, valamint az érintett tájékoztatása céljából nyilvántartást vezet, amely tartalmazza az érintett személyes adatok körét, az adatvédelmi incidenssel érintettek körét és számát, az adatvédelmi incidens időpontját, körülményeit, hatásait és az elhárítására megtett intézkedéseket, valamint az adatkezelést előíró jogszabályban meghatározott egyéb adatokat.
The Controller will maintain records – if it has an employee in charge of data protection, through such data protection officer – for the purpose of monitoring any measures taken in connection with personal data breaches and of notifying the data subjects; these records contain the personal data concerned, the data subjects affected by the personal data breach and the number of those data subjects, the date, circumstances and effects of the personal data breach and the measures taken to eliminate it, as well as any other data specified in the law requiring the processing. The Controller, upon request by a data subject, must provide information to the data subject in writing as soon as possible after the submission of the request, but no later than within 25 days, using clear and plain language.
The information must be provided free of charge if the person requesting the information has not submitted any request for information for the same dataset to the Controller in the same year. In other cases the Controller may charge a fee for providing the information.
The Controller will erase the personal data if
i) its processing is unlawful;;
ii) the data subject requests its erasure;
iii) t is incomplete or incorrect and it cannot be lawfully rectified, provided that erasure is not excluded by a law;
iv) the purpose of processing no longer exists or the statutory time limit for the storage of the data has expired;
v) it is ordered by a court or the Authority.
When any data is rectified, blocked, marked or erased, the data subject and all recipients to whom it was transferred for processing shall be notified accordingly. Notification is not required if its omission does not violate the legitimate interests of the data subject in view of the purpose of processing. If the Controller refuses to comply with the data subject’s request for rectification, blocking or erasure, it shall notify the data subject of the factual or legal reasons for the rejection of the request for rectification, blocking or erasure in writing or, based on the consent of the data subject, electronically, within 30 days of the receipt of the request. If the request for rectification, blocking or erasure is rejected, the Controller shall inform the data subject of the possibilities for seeking judicial remedy or lodging a complaint with the Authority.
8. OBJECTION TO THE PROCESSING OF PERSONAL DATA:
The data subject may object to the processing of his or her personal data
a) if the processing or transfer of the personal data is only required for the performance of a legal obligation of the Controller or the enforcement of the legitimate interests of the Controller, the recipient or a third party, unless processing is mandatory;
b) if the personal data is used or transferred for the purposes of direct marketing, public opinion polling or scientific research; and
c) in other cases prescribed by law.
The Controller shall examine the objection within the shortest possible time, but within 15 days at the latest, it shall make a decision on the merits of the objection, and it shall notify the data subject in writing of such decision.
If, according to the findings of the Controller, the data subject’s objection is justified, the Controller shall terminate all processing operations (including any further data collection and data transfer), block the data concerned, and send a notification of the objection and the relevant measures taken to all recipients to whom the personal data concerned by the objection had previously been transferred, and those recipients shall also take measures to ensure the enforcement of the right to object.
If the data subject disagrees with the decision taken by the Controller, or if the Controller fails to meet the above deadline, the data subject shall have the right to turn to court within 30 days of the delivery of the decision or from the last day of the time limit.
If the data subject objects to the processing of his or her personal data or seeks judicial remedy, or if the Controller receives a request for information from a third party that is not based on the data subject’s consent, the Controller may disclose the data to its lawyers, to the extent necessary for assessing the lawfulness of the above objection or request.
9 JUDICIAL REMEDY:
Users feeling that the Controller has violated their rights relating to the protection of personal data are kindly invited to contact us at email@example.com so that we could remedy any infringement.
Furthermore, we would like to inform the Users that in the event of the violation of their rights, the data subjects may challenge the Controller in court. The court shall hear such cases in priority proceedings. The action shall be adjudged by a regional court. The action can be brought before the regional court having jurisdiction based on the address of the registered office of the Controller, or, according to the data subject’s request, before the regional court that has jurisdiction based on the data subject’s permanent address or temporary residence. A person who otherwise lacks legal capacity to act as a party to legal proceedings may nevertheless be involved in such actions.
If the Controller causes damage to a person by the unlawful processing of the data subjects’ data or by any breach of data security requirements, it shall be obliged pay for such damage. If the Controller violates the personality rights of the data subject by the unlawful processing of the data subjects’ data or by any breach of data security requirements, the data subject may demand restitution from the Controller. The Controller shall be released from the liability for damages and from the obligation to pay restitution if it demonstrates that the damage or the violation of the data subject’s personality rights resulted from unavoidable reasons beyond the scope of its data processing activity. No compensation shall be paid and no restitution can be claimed where the damage or harm caused by the violation of personality rights resulted from the wilful or grossly negligent conduct of the injured party or the data subject.
10. THE PROCEDURE OF THE AUTHORITY:
The data subject may also submit a complaint to or request information from the Authority:
Name: Hungarian Authority for Data Protection and Freedom of Information
Registered office: H-1125 Budapest Szilágyi Erzsébet fasor 22/c, Hungary
Postal address: 1530 Budapest, Pf.: 5.
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
11. DETAILED PROVISIONS ON DATA PROCESSING
MANAGEMENT OF COOKIES: