Effective from May 25, 2018
The purpose of this brochure is to record the privacy and management principles applied by www.bende.hu, which is recognized by the web site operator, Gábor Bende as a private entrepreneur as a data controller.
This brochure contains the principles for managing your personal information provided by users, buyers, jobseekers and employees on this website.
This information is provided in the European Parliament and Council Decree 2016/679 ("General Data Protection Regulation" or "GDPR"), Act CXII of 2011 on Information Freedom of Information and Freedom of Information. ("Infotv."), Act V of 2013 on the Civil Code ("Act"), and Act XLVIII of 2008 on the Fundamental Terms and Limitations of Commercial Advertising Activity. ("Grtv.").
However, this information does not cover the services and data management of websites, service providers, and possibly links to websites that are subject to the information. Such services are governed by the provisions of the third parties' data management information service, and the data controller is not responsible for any such data handling.
DATABASE AND DATA SHEET DATA, AVAILABILITY:
DATA MANAGER DATA:
Bende Gábor is a private entrepreneur
Headquarters: 2455 Beloiannisz, Szarafisz utca 8.
Branch office: 1084 Budapest, József utca 36.
Registration number: ES320887
Registering authority: Adony Municipality
Tax number: 41152386-2-27
Electronic mailing address: email@example.com
Phone / Fax: 06-1-477-0262
Place of complaint handling: 1084 Budapest, József utca 36.
Name, place of residence, branch of the consignee: Transzport Studium Kft. 1108 Budapest, Kozma utca 7.
E-mail address: firstname.lastname@example.org
DATA PROCESSING DATA:
Transzport Studium Kft. 1108 Budapest, Kozma utca 7.
Andee-Tax 1191 Budapest dobó Katica u 21
I. INTERPRETATIVE PROVISIONS:
According to the European Parliament and Council Regulation 2016/679 ("the General Data Protection Regulation" or "GDPR") and the Act CXII of 2011 on Information Freedom of Information and Freedom of Information, ("Infotv."):
"Concerned" means any natural person identified or identified, directly or indirectly, by any personal identifier;
"Personal data" means any information relating to an identified or identifiable natural person ("concerned"); a natural person may be identified, directly or indirectly, based on one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity of an identifier such as name, number, positioning data, online identifier or natural person identified;
"Data management" means any operation or operation carried out in an automated or non-automated manner on personal data or data files, such as collection, recording, systematization, subdivision, storage, conversion or modification, querying, inspecting, using, communicating, disseminating or otherwise disclosure, coordination or interconnection, restriction, deletion or destruction;
(a) personal data relating to racial origin, nationality, political opinion or party affiliation, religious or other beliefs of the world, membership of an interest representation organization, personal data relating to sexual life,
(b) personal data relating to the state of health, abnormal passion and criminal personal data;
"Consent of the party concerned" means a voluntary, concrete and appropriate and informed and clear statement of the will of the person concerned by means of which the statement or confirmation is expressed in an unambiguous way of expressing his consent to the processing of his personal data;
"Data controller" means any natural or legal person, public authority, agency or any other body that determines the purposes and means of handling personal data individually or with others; where the purposes and means of data management are defined by Union or national law, the data controller or the particular aspects of the designation of the data controller may also be defined by Union or national law;
Under this Code, Gende Bende is a sole proprietor of the data processing company.
"Processor" means a natural or legal person, a public authority, agency or any other body that manages personal data on behalf of the data controller;
Under this Code, it is considered to be a data processor
Transzport Studium Kft. 1108 Budapest, Kozma utca 7.
Andee-Tax 1191 Budapest dobó Katica u 21
"Data management" means any operation or combination of operations, such as collecting, capturing, recording, systematizing, storing, modifying, using, querying, transmitting, publishing, aligning, linking, blocking, deleting, and destroying any operation on a data record , as well as preventing further use of the data, taking photographs, sound or images, and recording physical features (such as finger or palm print, DNA pattern, iris image) for identifying the person;
"Restrictions on data management" means the designation of stored personal data to limit their future management;
"Profiling" means any form of automated processing of personal data where personal data are used to evaluate certain personal characteristics associated with a natural person, in particular work performance, economic status, health status, personal preferences, interest, reliability, behavior, residence or movement used to analyze or predict related features;
"Pseudonymation" means the processing of personal data in a way that, without the use of additional information, no longer identifies the specific natural person of the personal data provided that such additional information is stored separately and provided for technical and organizational measures that this personal data can not be linked to identified or identifiable natural persons;
"Registration system" means the personal data in any way, centralized, decentralized or functional or geographic, that is accessible on the basis of defined criteria
"Consignee" means a natural or legal person, a public authority, agency or any other body with whom or with which personal data is communicated, whether or not it is a third party. Public authorities which have access to personal data in an individual investigation in accordance with Union or national law shall not be considered recipients; the management of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
"Third party" means any natural or legal person, public authority, agency or any other body other than the data subject, the data controller, the data processor or any person authorized to manage personal data under the direct control of the data controller or data processor they got;
"Privacy incident" means a breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled;
II. THE PURPOSE OF PERSONAL DATA, THE PURPOSE, SUBJECT AND DURATION OF DATA MANAGEMENT
DATA PROTECTION POLICY
We respect your privacy every time. The data controller collects, stores or uses personal data only within the legal framework in force.
We only record personal information that you voluntarily and verifiably provide to us, so your data will always be based on your consent or statutory provision. By submitting your personal information and accepting our privacy statement, you agree to the processing of the information you provide.
Collect or treat personal data of persons under the age of 16 unless the parent or his / her legal representative has given his / her consent. When you provide this information, we specifically invite the minors to not disclose their personal information. If the minor (s) still pass on their personal information, we ask their parents or their legal representative to inform us of the fact of the former and to request the deletion of these personal data.
Your personal information will only be used in accordance with this Privacy Statement and solely for the legitimate and unambiguous purposes stated here and for the time needed to accomplish these. We will only disclose your personal information to the natural and legal persons we indicate by you on your prior and informed consent.
If you later withdrawn your prior consent to the processing of your data, we would like to draw your attention to the fact that this does not affect prior legitimate data management.
All technical and organizational security measures are taken to ensure that your personal information may not be accidentally or deliberately altered, destroyed, lost, lost and unauthorized by unauthorized persons. Our security measures are constantly being developed according to the state of the art.
WEBSHOP'S DATA MANAGEMENT
All data processing at www.bende.hu webshop is based solely on the voluntary contribution of the person concerned, subject to the statutory mandatory data handling.
A. HANDLING OF CUSTOMER DATA IN ORDER TO ORDER
Purpose of data management: The data handling of the web site is exclusively for registering, purchasing, ordering, invoicing, ordering, purchasing and payment in the www.bende.hu webshop, delivering the product and fulfilling the data controller's accounting obligation.
Legal basis for data processing: when order is submitted: Section 169 (2) of Act C of 2000 on Accounting and CVIII of 2001 on certain aspects of electronic commerce services and information society services. Section 13 / A (1) - (3) of the Act, which requires that the data controller must read the accounting records directly and indirectly (including the ledger accounts, analytical and detailed records) directly and indirectly for accounting purposes for at least eight years in a form that can be retrieved in the form of a book-entry reference. Based on these, the data controller treats the data related to the fulfillment of the purchases and the details detailed below in order to fulfill only their tax and book keeping obligations. The legal basis for data processing is Article 6 (1) (c) GDPR.
The data managed in connection with the fulfillment of orders: date of order, name of the customer, address, delivery address (if different from billing address) phone number, e-mail address, name, quantity and purchase of ordered products.
The duration of the data processing: the order of the order, the name of the customer, the address, the address of the delivery (if different from the billing address), the name, quantity and purchase of the ordered products shall be eight years in accordance with Article 169 (2) of the Accounting Act treatment.
In case of a card payment, the bankcard and the card payment transaction are handled by CIB Bank Zrt.
In the case of bank card payments, the payer's ID, the amount, date and time of the transaction are forwarded to the data controller, which the data controller handles for eight years in accordance with Article 169 (2) of the Accounting Act.
In this case, the legal basis for the transfer of data is the voluntary and explicit written consent of the purchaser, ie the purchaser, in accordance with Article 169 (2) of the Accounting Act and GDPR. Article 6 (1) (c).
B. TREATMENT OF QUALITY CONDITIONS
The aim of the data management is to handle the quality objections raised by products purchased at www.bende.hu webshop.
In all cases, the data management is carried out simultaneously with the voluntary contribution of the concerned person, ie with the submission of the complaint, and with the provisions of section 17 / A of the Consumer Protection Act. (7) and Article 6 (1) (d) of the GDPR. (legal basis for data handling).
The quality of the data that is being processed relates to the quality complaints: the data number of the complaint by the data controller, the name and address of the consumer / buyer, the name of the consumer, the date of the purchase and the filing of the defect, the description of the defect, and the method of settling the objection.
Duration of the data handling: If the purchased product has been returned, the return certificates are returned to the Accounting Office. Article 169 (2), for a period of time, that is, eight, that is, eight years.
Copies of complaints and written replies to written complaints are contained in section 17 / A of the Consumer Protection Act. (7) of this Article, for a period of five years, in view of the fact that they can be checked by the competent authority at any time within the appointed time.
C. WEBSHOP REGISTRATION
The purpose of the data management is to register volunteer data by the registrant, which can be the name, address, address, email address, telephone number, login name and password and purchase details of the individual purchases (date, purchased product, purchase value), billing address, delivery address is handled by the data handler.
The legal basis for data handling is data management in each case by the volunteer's contribution and Eker. TV. 13 / A. (1) to (3) and Article 6 (1) (a) of the GDPR.
The range of managed data is: name, other address, address, email address, phone number, username and password for login, details of each purchase (date, time, purchased product, purchase value), billing address, shipping address.
Duration of data handling:
• for the profile information, half a year after the last login, if the concerned user does not place an order with the user account for the data controller.
• in the case of an order from the user account, in the case of accounting documents directly and indirectly supporting the accounting settlement, TV. Pursuant to Article 169 (2), at least eight years.
• if a payment card payment method is selected when the order is delivered, the payer's identifier, transaction amount, date and date are forwarded to the data controller, with respect to the accounting records directly and indirectly supporting the accounting settlement, TV. Under Article 169 (2), data shall be retained for at least eight years.
• In case of delivery of products, the recipient's name, address, order value will be forwarded to Magyar Posta Zrt. And to the courier service contracted to the data controller in order to comply with the order voluntarily submitted by the person concerned.
The legal basis for the transfer of data in each case is the voluntary contribution of the concerned person to the postal service in the case of Article 6 (1) (a) and (b) of the GDPR, or postal service. Article 54 (1).
D. DATA OF EMPLOYEES AND REPRESENTATIVES
The purpose of the data management is to collect the data of applicants for job vacancies advertised by the data controller for the purpose of selecting the right candidate and managing the data of the employees in order to fulfill the obligations of the data controller required by various tax and social security rules.
The legal basis for data handling is always based on the voluntary contribution of the applicant concerned. Handling of Employee Data: Based on Article 6 (1) (b) (c) GDPR. The employment relationship can be processed on the basis of an employment contract, in connection with the fulfillment of various tax and social security obligations, or based on a legitimate interest [for example, on workplace control].
The scope of the data processed: identity card, address card, driving license, tax card (tax card), TAJ card, documents proving previous jobs, certificates of employment, moral certificate, job suitability certificate, bank account number, email address, telephone number, marital status , number of children, and health records if they are related to some kind of care or record.
In the case of tenders submitted by the data controller, the information contained in this Privacy Statement and the general provisions of this Policy shall apply.
The data controller shall handle the data submitted for the job application only for the duration of the respective call for tenders, as set forth in the contributing declaration filled in by the applicant.
After the evaluation of the application, the data carrier containing the personal data of the unsuccessful applicants shall be returned by the data controller, upon request, within 90 days, or by the data handler, or in the absence of his consent to the use of his personal data for further applications. On the destruction (deletion) the controller records the record.
The retention period for the employment documents is 50 years.
E. OTHER DATA MANAGEMENT
On the basis of the court, public prosecutor's office, the investigating authority, the offense authority, the administrative authority, the National Data Protection and Data Protection Authority or the law, other bodies may request the data controller to provide information, transmit data or provide documentation.
In the above case, the data controller may issue the personal data to the competent authorities only to the extent and to the extent strictly necessary for the purpose of the request.
We hereby inform you that we are making camera recordings for 1084 Budapest, József körút 36. In our shop premises below, for persons and for security purposes only in rooms open to customers. The viewing angle of the cameras is directed exclusively at this target area. Recorded recordings are handed over to a third party only in a statutory case (eg police, labor safety authority). Fixed items are only suspected of offense or offense or in the case of an accident at work. (purpose of data management)
The legal basis for data handling: Act CXXXIII of 2005 on the rules of personal and property protection and private detective activity. (1) and (2) of the Companies Act and Article 6 (1) (f) of the GDPR.
Data processing duration: 3 business days after recording
III. THE RIGHTS OF THE INTERESTED PARTIES
We hereby wish to inform you of the rights you may be able to exercise in connection with our data management.
Right of access
You are entitled to receive feedback from the data controller about whether your personal data is being processed and, if such processing is in progress, you have the right to access your personal information and the following information. On this basis, it is entitled to be informed of the purposes of data management; the categories of personal data concerned, the recipients or recipients with whom or with which personal data are disclosed, the intended duration of the storage of personal data or, if this is not possible, the criteria for determining that period or requesting from the data controller personal data relating to you rectification, deletion or limitation of its handling and may object to the handling of such personal data; as well as having the right to lodge a complaint.
The data controller is required to provide you with a copy of the personal data subject to data handling. If you require further copies, the data controller may charge a reasonable fee based on administrative costs. If you have submitted your application electronically, the information should be provided in a widespread electronic format, unless you otherwise request it.
Right to rectify
You are entitled to request the data controller to correct inaccurate personal information on your request without undue delay. If it is justified by the scope of the data you are entitled to request the addition of incomplete personal data.
The right to cancel ("the right to forget")
You are entitled to request the data controller to delete your personal information without undue delay, and the data controller is obliged to delete your personal information without undue delay if one of the following reasons exists:
(a) personal data is no longer required for the purpose from which they have been collected or otherwise handled;
b) you withdraw the consent of the data controller and there is no other legal basis for the processing of data; this does not apply to the period when the data controller is obliged to keep the records.
c) You object to your data handling and have no prior legitimate reason for data handling
(d) the personal data has been unlawfully handled;
(e) the personal data are to be deleted in order to comply with the legal obligation imposed on the data controller in the Union or Member States' law;
(f) the collection of personal data for a person under the age of 16.
In this regard, we would like to remind you that in case the request for deletion is compulsory for one of the above reasons, the data controller will take all necessary steps to delete it as soon as possible and in full.
However, if data management is required for the following reasons, the cancellation request is compulsory on the basis of statutory compliance and not by individual decision of the data controller. These are the following:
• to exercise the right to freedom of expression and information;
• the fulfillment of an obligation under EU or Member State law for the processing of personal data for the data controller, or for the purpose of carrying out a task carried out in the exercise of public authority exercised in the public interest or on the data controller;
• where the conservation of the data concerned is justified by the public interest in the area of public health;
• for public interest archiving, for scientific and historical research purposes or for statistical purposes, if the right of cancellation would probably make it impossible or seriously compromise this data management; or
• advocating, enforcing or protecting legal claims.
Right to Restrict Data Management
You are entitled to request that the data controller restricts the data handling upon request if one of the following is true:
You dispute the accuracy of your personal data; in this case, the restriction applies to the length of time that the data controller can check the accuracy of personal data;
• Data handling is illegal and the data subject is opposed to the deletion of the data and instead asks to restrict their use;
• The data controller no longer needs personal data for data processing, but you require them to submit, enforce, or protect legal claims; or
• You have objected to data manipulation; in this case, the restriction applies to the period when it is not established whether the data controller's legitimate reasons prevail over your legitimate grounds.
Therefore, if your data is limited, such personal information may only be obtained from you or your Member State for the sole purpose of your consent, submission, enforcement or protection of legal or other rights of a natural or legal person deal.
If the limitation of data management is lifted, we will inform you in advance.
The data controller must inform all recipients who have previously communicated the data in connection with the correction or deletion of personal data or the limitation of data management, unless this would be disproportionate.
The right to data storage
You are entitled to receive personal information about you and made available by you to the data controller in a machine-readable widely-used machine-readable format and you are entitled to transfer this data to another data handler, but this is subject to your explicit consent He contributed.
IV. REMEDY OPPORTUNITIES
A. The right to protest
You are also entitled to object to the handling of your personal data provided that it is established that no public interest reason or any other statutory obligation imposed on the data controller requires data management, We hereby inform you that we do not handle any single data for direct marketing purposes.
The data controller shall examine the protest within the shortest time, but within 15 days of the submission of the request and make a decision and inform you in writing.
If the data controller establishes the validity of your protest, data management, including further data collection and transfer, will terminate and lock the data, and inform the protest and the measures taken on the basis of those to whom the personal data affected by the protest have been forwarded, and who are obliged to take action to enforce the right to protest.
If you disagree with the decision of the controller or if the data controller fails to comply with the deadline of 15 days, you may contact the court within 30 days of notification of the decision or the last day of the deadline.
The Data Handler can not delete your data if data management is required by law or other mandatory law. However, the data can not be transmitted to the data sender if the data controller agrees to the protest or the court has found the protest right.
B. Judicial enforcement
1. In the event of a breach of the data rights of the data subject, the data controller may turn to the court. The court proceeds out of court.
2. The data controller must demonstrate that data management is in compliance with the law.
3. The trial is a matter for the court. The lawsuit can be initiated at your own discretion before the court of your place of residence or residence.
4. A lawsuit may also be party to a lawsuit. The Authority may intervene for the sake of the merits of the matter concerned.
5. If the court upholds the request, the data controller is obliged to disclose the information, co