This policy is effective: from 25 May 2018 until recalled
This Data Protection Guidance respects and protects the personality rights and personal data. Aynex Ltd (henceforward: the Controller) controls personal data with due diligence and in accordance with the following specific acts and decrees: the Fundamental Law of Hungary, Act XII of 2011 On Self-determination and Freedom of Information (henceforward: Act Info), the General Data Protection Regulation of the European Parliament and Council of Europe (EU) 2016/679 (27 April 2016) (henceforward: GDPR).
1. DATA OF THE CONTROLLER
Name of the Controller: Aynex Industrial and Trading Ltd
Abbreviated name of the Controller: Aynex Ltd
Seat of the Controller: 2081 Piliscsaba, István u. 28.
Postal Address of the Controller: 2081 Piliscsaba, Kálvária u. 50-52. 5. épület
E-mail address of the Controller: firstname.lastname@example.org
Number of trade register of the Controller: 13-09-063451
VAT number of the Controller: 10559543-2-13
EU VAT number of the Controller: HU1055954
2. CUSTOMER SERVICE OF THE CONTROLLER
The Controller mainly keeps in touch with its customers and enquires via the contact forms placed on the website or via e-mail. The Controller is not constantly available by phone.
On workdays e-mails arriving till 11:00 are answered until 18:00 on the same day by the Controller. E-mails arriving after 11:00 are answered until 18:00 on the next day by the Controller. The answer means that he replies the e-mail or informs sender about the date of his answer.
Contact e-mail address: email@example.com
The Controller is not bound to appoint a Data Policy Officer according to Article 37 of GDPR, therefore in connection with controlling you can enquire via e-mail: firstname.lastname@example.org.
3. VALIDITY OF THE DATA PROTECTION GUIDANCE
This Data Protection Guidance is applied to all activities, processes, websites of the Controller, principally but not solely to this present website.
4. THE PLACE OF DATA STORAGE
The Controller stores all personal data in the clouds of high safety of the Processors listed in Point 5. The Controller does not store any data in his computers, mobile phones or mobile data storage devices. The Controller does his best to control the Processors and ask for information from them.
5. DATA PROCESSORS
The Controller enlists the services of the following processors:
3in1 Hosting Ltd
Seat: 2310 Szigetszentmiklós, Szivárvány út 1. fsz.1.
Number of trade register: 13-06-055290
VAT number: 22206118-2-13
Claim to process data: Consent has been given expressly and voluntarily (in a form, ticked in the square)
Given data: subject’s IP address, name e-mail address
Aim of data transmission: provision of server service to store data (in case of blog reports, inquiries)
Duration of data processing: until withdrawal or the subject’s request for deletion
When a blog entry is commented besides the data of the form the commentator’s IP address and browser id character chains are also collected to filter out the unsolicited materials.
A depersonalized, character chain created from an e-mail address (so called ”hash”) is transmitted to the service of Gravatar. The service conditions of Gravatar can be read in the following link: https://automattic.com/privacy/
After accepting the comment, the content of the comment and the profile photo belonging to the e-mail address become available to the general public.
6. DATA CONTROLLING, DATA STORAGE, SAFETY COPY
6.1. Giving personal data is voluntarily. Subscriptions on blogs and newsletters for direct marketing purposes is done with double confirmation (so called double opt-in) system which means after initiating the subscription until the subject clicks on the confirmation link sent to the given e-mail address, the Controller only temporarily can store the given data. If the subject does not click on the confirmation link, the software deletes the given data automatically in 3 days.
6.2. The Controller treats and stores the obtained data according to the regulations and besides the data processor in 5., he does not transmit to third parties or companies under any circumstances. The Processors (due to their technical necessity) regularly make copies of the data and store them.
6.3. You can withdraw your consent to receive the newsletter and unsubscribe from it at any time. You can withdraw your consent by clicking on the link contained in each issue of the newsletter or by sending a message to the contact address stated in our guidance.
6.4. The Controller does not check the veracity of the given data.
6.5. The Controller does not make any profiles from behaviour, interests and given data of his inquirers, visitors or customers. Automatic offers, classifications or decisions are not applied.
6.6. The Controller does not want to identify the visitors of the website and does not take measures towards this.
6.7. The services of the Controller can be used without subscription for the newsletter.
7. RIGHT OF DATA SUBJECTS
Data subjects ask information about using their personal data, they can request from the company to correct them, and – except for the obligatory data – or they can request the deletion, withdrawal, blocking or protest on the given address of 1. this guidance.
7.1. Right to information
Measurements are made that the data subjects can receive (Articles 13 and 14, 15-22, 34 GDPR) all the information in a brief, understandable and easily accessible form.
Information is given to the request within 14 days (at the longest 1 month) from submitting.
Information is free except if the subject has already submitted a request on the same topic in the running year. The costs paid by the inquirer are refunded by the Controller if the data were treated illegally or the information request resulted in a correction.
Information can be refused only in cases covered by law, but the Controller has to give the place of it, information of judicial remedies or turning to the competent authorities.
Subjects have to be personally informed about the correction, blocking, marking or erasure of their data. If the data have been transmitted, the third parties have to be informed as well it does not contravene any legitimate interests.
7.2. Right to data access
Data subjects are entitled to get information about the using their data and also entitled access to their personal data and following information:
- the purposes of processing;
- categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data have been or will be disclosed particularly if the data is transmitted abroad to a third country, or international organizations;
- the envisaged period for which the personal data will be stored;
- right of protest, right to have data erased or blocked and right to correction;
- right to clarification and remediation,
- if the personal data are not collected directly from you, any available information as to their source;
Clear information about automatic decisions, making profiles and their consequences. Information is given to the request within 1 month from submitting.
7.3. Right of rectification
Data subjects can request from the Controller to correct the personal data it holds on them at any time if this data is incomplete and/or incorrect.
The modification or completion of data can be personally done by the subjects by clicking on the link of modification form sent via e-mail or by an e-mail sent to email@example.com asking the Controller to modify the data.
7.4. Right to erasure
Data subjects are entitled to request to delete their data at any time if any of these reasons exist:
- the personal data are no longer necessary;
- the consent on which the processing is based is withdrawn and there is no other legal ground for processing;
- the subjects object to the processing and there are no overriding legitimate grounds for processing;
- the personal data have been unlawfully processed,
- the personal data have to be erased for compliance with a legal obligation of the European Union or the Member State;
- the collection of the data was in connection with offering services in the digital society.
The data cannot be erased if their usage is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by law of the European Union or the Member State;
- to fulfil a task in the frame of public interest or public licence given to the Controller;
- in the sphere of public health, archiving, scientific or historical research purposes on the basis of public health;
- for the establishment, exercise or defence of legal claims.
The withdrawal of the consent has to be done within 14 days by the Controller.
The Controller can use data after their withdrawal to fulfil a legal obligation or to validate a legitimate interest.
Explanatory note: in practice the following happens: if the subject request the erasing of his data in the matter of a blog report or a newsletter and he clicks on the unsubscribe link in an e-mail, this digital operation is done immediately, the data of the subject is deleted form the software of the blog report or the newsletter. Therefore the request is fulfilled promptly, there is no need for waiting 14 days. The Controller is obliged to store certain data (purchases, payments, invoices for 8 years), so this kind of data cannot be deleted.
7.5. Right to restriction of processing or withdraw
The Controller restricts the use of data by the subject’s request if any of the following terms occur:
- the subject contests the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data;
- the processing is unlawful and the subject opposes the erasure of the personal data and requests the restriction of their use instead;
- The Controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- the subject has objected to processing, pending verification of whether the legitimate grounds of the data controller override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
7.6. Right to data portability
If this does not adversely affect the rights and freedoms of others, the subject has the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. The subject also has the right to have the Controller directly transfer these data to another data controller.
In case of the subject’s request the Controller sends the used data to him in PDF and/or CSV format. The requests are to be sent to the main e-mail address (firstname.lastname@example.org).
7.7. Right to object
The subject is entitled to protest against using his personal data at any reasons at any time fulfilling a task in order to validate the legal rights of the Controller or making profiles made within the frames of public licence.
In this event, the Controller shall no longer process the personal data unless the data controller demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms, or which are related to the establishment, exercise or defence of legal claims.
If the subject protests against using his personal data, the Controller has to examine and answer the request within 14 days from submit. If the Controller decides that the protest is well-established then he finishes using the data – including the collection and transfer of data – he blocks them and informs everybody about this measurement so that every third party could do the same.
The Controller can deny the fulfilment of the request if he proves that there are compelling reasons to use the personal data which are prior to the subject’s interests, rights and freedoms or to the presentation, validation and protection of legal claim. If the subject does not agree with the decision or the Controller misses the deadline then the subject can turn to the competent court within 30 days from the statement of the decision or form the last day of the deadline.
Note: If you notice any problem, please contact us via e-mail (email@example.com) or send a registered and recorded letter to our seat. We will do everything to solve the problem.
7.8. Right to go to law
If a data subject claims that his/her rights have been violated he/she can go to court. The court proceeds out of turn.
Data protection suits fall within the court’s cognizance, the suit – according to the subject’s choice – can be started at the court by permanent address or residence. Foreign citizens can turn to the supervisory authority of the place of residence with their complaints.
Note: If you notice any problem, please contact us via e-mail (firstname.lastname@example.org) or send a registered and recorded letter to our seat. We will do everything to solve the problem quickly.
7.9. Right to complain
You can lodge a complaint with the supervisory authority:
Nemzeti Adatvédelmi és Információszabadság Hatósága (Hungarian National Authority for Data Protection and Freedom of Information )
Seat: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Postal address: 1530 Budapest, Pf.:5.
Phone number: +36 (1) 391-1400
Fax Number: +36 (1) 391-1410
E-mail address: email@example.com
Further information: https://naih.hu/panaszugyintezes-rendje.html
8. FORWARDING AND RECEPTION OF COMMERCIAL (DIRECT MARKETING) MESSAGES
The subject’s statement during subscription for blog reports or newsletters or later, with modification of his/her personal data stored at newsletter or direct marketing registration sites, gives consent to the Controller to use his/her data for marketing purposes.
In this case the Controller can use the subject’s data for direct marketing and sending newsletters according to the 6 Article of XLVIII Act of 2008 (Act of conditions and restrictions of commercial activities) until withdrawing. The Controller can also send commercial messages, information, offers and forward newsletters.
The data subject can give consent in point of direct marketing and newsletter together or separately and can withdraw them free at any time.
The withdrawal of the subscription (so called “unsubscription”) is always regarded as the withdrawal of the consent. Withdrawal of consent to data process in point of direct marketing and/or newsletter is not automatically regarded as the withdrawal of data processing in general.
“Cookies” are used in some areas of our website to enable us to provide you with more personalized services. Cookies are identifiers that can be sent from a Web server to your computer in order to identify you for the duration of your visit and stores it and during a later visit it is re-read. If the browser returns a saved cookie, the provider can connect the present visit with the previous ones, but only in point of its own content.
General functions of cookies:
- they collect information about the visitors and their devices;
- they memorize the visitors’ individual settings which can be used at on-line transactions, they aren’t needed to be typed again;
- they ease the usage of the website;
- they provide quality user experience.
The most often used Internet browsers (Chrome, Firefox, Internet Explorer, Safari, Edge, Opera etc) usually accept the reloading and usage of cookies as a basic setting. The visitor of a website can refuse or block them with modification of the browser settings. The user can delete the cookies stored in his/her computer.
There are cookies which do not require the visitor’s prior consent (eg.verifiers, multimedia-players, pressure equalizers, session-cookies which help to customize the user interface, user centric secure cookies.)
Websites give short information about all the cookies (which need consent and which do not) at the first opening and they ask the visitor’s consent to use the cookies.
The Controller does not use and let such cookies which help to collect data for a third party (person or company) without the subject’s consent.
Acceptance of the cookies is not obligatory but the Controller does not take the responsibility for the possible inadequate functioning of the websites.
Session cookies (so called “Strictly Necessary“ Cookies)
Legal base: the do not require consent
Description: target of the cookies that the visitors could browse the Controller’s website completely smoothly, use its functions and the available services. These cookies are automatically deleted from the computer or other devices when you close your browser.
Aim of processing: improve the user experience
Period: browser session
Statistic (third party) cookies
Legal base: visitor’s explicit consent (with clicking on the certain switch)
Description: the Controller uses the cookies of Google Analytics, as a third party. Google Analytics uses a statistic service and collects information about how the visitors use the websites. They use it for the development of the website and the improvement of the user experience. These cookies remain in the browsers of your computer or other devices until they expire or you do not delete them.
Aim of processing: improve the user experience
Period: maximum 180 days
Detailed information about cookies from a third party:
About the data protection of Google Analytics:
10. OTHER QUESTIONS IN CONNECTION WITH DATA PROTECTION
The third parties to whom the Controller transfers your data give him guarantees that their data processing is conducted in compliance with the relevant data protection principles, this data protection statement and the provisions of the applicable laws.
The Controlled can be asked to give information and documents by the court, prosecutors’ office, police, National Tax and Customs Office, Hungarian National Authority for Data Protection and Freedom of Information. In these cases the Controller has to fulfil its information obligation but only to the extent as it is strictly necessary.
The Controller’s contributors and employees taking part in the data controlling and/or processing are entitled in specified extent and in strict confidence to access the subject’s personal data.
Your personal data are protected through appropriate technical and other security measures, including protection against unauthorised or unlawful processing and against modification, accidental loss, publication, destruction or damage.
The Controller implements organizational security measurements to check the physical access, continuously trains his contributors and employees, the paper-based documents are stored in a closed safe place. The Controller and the processors use encryption, password protection and anti-virus software in technical protection.
The Controller makes every effort to make processing even safer, though he cannot take the responsibility for data transfer via websites due to the present digital conditions. The Controller has to meet strict regulations in order to protect the subject’s personal data and to prevent unlawful access.
Note: we call your attention the fact that data transfer through Internet is not completely safe even if all measures. In connection with safety questions we ask your help to keep your accesses and passwords carefully, do not share your passwords with anybody. We ask for your cooperation to use our websites from such devices which have no viruses on them.
Budapest, 24 May 2018.