Content:

  1. Introduction
  2. Definitions
  3. Data and duties of the data controller
  4. Data protection impact assessment
  5. Tasks of the data processor
  6. Scope of processed personal data
  7. Data management principles
  8. Purpose, method and legal basis of data management
  9. Data security, the security of data management
  10. Lawfulness of data management
  11. The physical storage locations of the data
  12. Data processing, data transfer, the circle of those familiar with the data
  13. Your rights and remedies
  14. Responsibility
  15. Other provisions

 

 

  1. Introduction

MMG Autó- és Domotechnika Kft. (7100 Szekszárd, Palánki út 4.), hereinafter, service provider, data controlleror MMG) as a data controller, recognizes the content of this legal notice as binding on itself. It undertakes to ensure that all data processing related to its activities meets the requirements set out in these regulations and in the applicable national legislation, as well as in the legal acts of the European Union.

The data protection guidelines arising in relation to the data management of  MMG are continuously available at https://mindenamipluss.hu/adatvedelem.

MMG reserves the right to change this information at any time. Of course, you will notify your audience of any changes in good time.

MMG is committed to protecting the personal data of its customers and partners, and considers it of utmost importance to respect its customers’ right to self-determination of information. MMG treats personal data confidentially and takes all security, technical and organizational measures that guarantee data security.

MMG describes its data management practices below.

  1. Definitions

data subject: any natural person identified or – directly or indirectly – identified on the basis of personal data;

personal data: data that can be associated with the data subject – in particular the data subject’s name, identification mark, and one or more pieces of information characteristic of the data subject’s physical, physiological, mental, economic, cultural or social identity – as well as the conclusion that can be drawn about the data subject;

consent: the voluntary and decisive declaration of the data subject’s will, which is based on adequate information, and with which he gives his unequivocal consent to the processing of his personal data – in full or covering certain operations;

data controller: the natural or legal person or organization without legal personality who, or which independently or together with others determines the purpose of data management, makes and implements decisions regarding data management (including the device used), or has them implemented by the data processor;

data management: regardless of the procedure used, any operation performed on the data or the set of operations, including, in particular, collection, recording, recording, organization, storage, change, use, query, transmission, disclosure, coordination or connection, locking, deletion and destruction, and preventing further use of the data, taking photographs, audio or video recordings, and recording physical characteristics suitable for identifying the person (e.g. fingerprint or palm print, DNA sample, iris image);

data transfer: making the data available to a specific third party;

disclosure: making the data available to anyone;

data deletion: rendering the data unrecognizable in such a way that its recovery is no longer possible;

data processing: performing technical tasks related to data management operations, regardless of the method and tool used to perform the operations, as well as the place of application, provided that the technical task is performed on the data;

data processor: the natural or legal person or organization without legal personality who, or on the basis of which contract – including contracts concluded pursuant to the provisions of the law – processes the data;

data protection incident: unlawful handling or processing of personal data, including in particular unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage.

profiling: any form of automated processing of personal data in which personal data is used to evaluate certain personal characteristics of a natural person, in particular characteristics related to work performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movement used to analyze or predict.

aliasing: processing of personal data in such a way that, without the use of additional information, it is no longer possible to determine which specific natural person the personal data refers to, provided that such additional information is stored separately and provided by technical and organizational measures, that this personal data cannot be linked to identified or identifiable natural persons

protest: the statement of the data subject objecting to the processing of their personal data and requesting the termination of data processing or the deletion of processed data

data marking: providing the data with an identification mark for the purpose of distinguishing it

data blocking: providing the data with an identification mark for the purpose of limiting its further processing permanently or for a specified period of time

data destruction: complete physical destruction of the data carrier containing the data

recipient: the natural or legal person, public authority, agency or any other body to whom the personal data is communicated, regardless of whether it is a third party. Those public bodies that have access to personal data in accordance with EU or Member State law within the framework of a 2016.6.4.L 119/33 Official Journal of the European Union HU individual investigation are not considered recipients, the aforementioned data must be handled by these public bodies, to comply with the applicable data protection rules in accordance with the purpose of data management

data file: the totality of the data managed in one register

registration system: the file of personal data divided in any way – centralized, decentralized or according to functional or geographical aspects – which is accessible based on specific criteria

third party: a natural or legal person or an organization without legal personality who is not the same as the data subject, the data controller or the data processor

EEA state: a member state of the European Union and another state that is a party to the Agreement on the European Economic Area, as well as the state whose citizen is the European Union and its member states, as well as a state that is not a party to the Agreement on the European Economic Area on the basis of an international treaty on the European Economic Area state party to the agreement

third country: any state that is not an EEA state

genetic data: any personal data relating to the inherited or acquired genetic characteristics of a natural person, which carries unique information about the physiology or health status of that person, and which primarily results from the analysis of a biological sample taken from said natural person

biometric data: any personal data relating to the physical, physiological or behavioral characteristics of a natural person obtained through specific technical procedures that enable or confirm the unique identification of a natural person, such as facial image or dactyloscopic data

health data: personal data relating to the physical or mental state of health of a natural person, including data relating to the health services provided to the natural person, which carries information about the state of health of the natural person

 

  1. Data and tasks of the data controller

If you would like to contact our Company, you can contact the data manager at sales@mmgszek.hu and +36 30 3496971.

MMG deletes all e-mails it receives, together with personal data, no later than 5 years after the date of data communication.

Name: MMG Autó- és Domotechnikai Kft.

Headquarters: 7100 Szekszárd, Palánki út 4.

Location: 7100 Szekszárd, Palánki út 4.

Company registration number: 17-09-007877

Tax number: 22654841-2-17

Phone number: +36 30 3496971

E-mail: sales@mmgszek.hu

Designation of the data protection officer:

The data manager and the data processor appoint a data protection officer in all cases when:

  • data management is carried out by public authorities or other bodies performing public duties, with the exception of courts acting in their judicial responsibilities
  • the main activities of the data manager or the data processor include data management operations which, due to their nature, scope and/or goals, require regular and systematic, large-scale monitoring of the data subjects
  • the main activities of the data controller or the data processor include the processing of a large number of data related to the special categories of personal data according to Article 9 and the decisions regarding the determination of criminal liability and criminal offenses referred to in Article 10.

The data protection officer must be appointed on the basis of professional competence and, in particular, expert-level knowledge of data protection law and practice, as well as the ability to perform the tasks referred to in Article 39.

The data protection officer can be an employee of the data controller or data processor, or he can perform his duties within the framework of a service contract.

The data manager or data processor publishes the name and contact details of the data protection officer and communicates them to the supervisory authority.

Name of the data protection officer : Barnabás Szauer

Phone number: +36 30 3496971

Legal status of the data protection officer:

The data manager and the data processor ensure that the data protection officer is involved in all matters related to the protection of personal data in an appropriate manner and in a timely manner. The data controller and the data processor support the data protection officer in the performance of his duties by providing him with the resources necessary for the performance of these duties, access to personal data and data management operations, and maintaining the expert level knowledge of the data protection officer. The data manager and the data processor ensure that the data protection officer does not accept instructions from anyone regarding the performance of his duties. The data controller or the data processor may not dismiss or impose sanctions on the data protection officer in connection with the performance of his duties.

Duties of the data protection officer:

The data protection officer performs at least the following tasks:

  • provides information and professional advice to the data controller or the data processor, as well as to the employees performing data management in relation to their obligations according to this regulation and other EU or Member State data protection provisions
  • checks compliance with this regulation and other EU or Member State data protection provisions, as well as the internal rules of the data manager or data processor related to the protection of personal data, including the assignment of tasks, awareness raising and training of personnel involved in data management operations, and related audits too
  • upon request, provides professional advice regarding the data protection impact assessment, as well as monitors the completion of the impact assessment in accordance with Article 35
  • cooperates with the supervisory authority
  • serves as a point of contact for the supervisory authority in matters related to data management, as well as consults with it on any other issues as appropriate.

The task of the data controller:

Taking into account the nature, scope, circumstances and purposes of the data management and the varying probability and severity of the risk to the rights and freedoms of natural persons, the data controller implements appropriate technical and organizational measures in order to ensure and prove that the personal data is handled in accordance with this regulation.

Built-in and default data protection:

The data controller takes into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data processing, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons, both when determining the method of data processing and during data processing. implements appropriate technical and organizational measures, the purpose of which is, on the one hand, to implement the data protection principles, and, on the other hand, to incorporate the guarantees necessary to fulfill the requirements contained in this regulation and to protect the rights of the data subjects into the data management process.

  1. Data protection impact assessment

If a type of data processing, taking into account its nature, scope, circumstances and purposes, is likely to involve a high risk for the rights and freedoms of a natural person, the data controller shall, prior to data processing, carry out an impact assessment on how the planned data processing operations affect the protection of personal data . The data controller is obliged to seek the professional advice of the data protection officer when carrying out the data protection impact assessment.

The data protection impact assessment must be carried out in particular in the following cases:

  • a methodical and extensive evaluation of certain personal characteristics concerning natural persons, which is based on automated data management and on which decisions with legal effect regarding the natural person or similarly significantly affecting the natural person are based
  • large-scale, methodical surveillance of public places
  • special categories of personal data, or the processing of a large number of personal data related to the establishment of criminal liability

The impact assessment covers at least:

  • for the methodical description of the planned data management operations and the description of the purposes of the data management, including the legitimate interest that the data controller wishes to assert in the given case
  • taking into account the purposes of the data management, to examine the necessity and proportionality of the data management operations
  • to examine risks affecting the rights and freedoms of the data subjects
  • to present the measures aimed at managing risks, including guarantees, security measures and mechanisms for the protection of personal data and the verification of compliance with this regulation, taking into account the rights and legitimate interests of the data subjects and individuals

As necessary, but at least in the event of a change in the risk posed by the data management operations, the data controller conducts an audit to assess whether the processing of personal data is carried out in accordance with the data protection impact assessment.

Preliminary consultation:

if the data protection impact assessment is mandatory and it establishes that the data management is likely to involve a high risk in the absence of measures taken by the data controller to mitigate the risk, the data controller consults with the supervisory authority before processing personal data.

If, in the opinion of the supervisory authority, the planned data management would violate this regulation, the supervisory authority shall advise the data controller and, where appropriate, the data processor in writing within 8 weeks of receiving the request for consultation at the latest, and may also exercise the powers referred to in Article 58. This deadline can be extended by 6 weeks. The supervisory authority shall inform the data controller or, where appropriate, the data processor of the extension and the reasons for the delay within 1 month of receiving the request.

During the consultation with the supervisory authority, the data controller informs the supervisory authority:

  • where applicable, the duties of the data controller, joint data controllers and data processors involved in data management, especially in the case of data management within a business group
  • on the purpose and methods of planned data management
  • on the measures and guarantees taken to protect the rights and freedoms of the data subjects pursuant to this regulation
  • where applicable, the contact details of the data protection officer
  • on the data protection impact assessment
  • any other information requested by the supervisory authority

 

 

 

 

  1. Tasks of the data processor

Data processor:

If the data management is carried out by someone else on behalf of the data controller, the data controller may only use data processors who provide adequate guarantees for the implementation of appropriate technical and organizational measures ensuring compliance with the requirements of this regulation for the data management and the protection of the rights of the data subjects.

Our company has not appointed a data processor.

 

  1. Scope of processed personal data

 

  1. Personal data to be provided during registration:
  • Name
  • E-mail
  • Tax number

 

  1. Technical data

MMG selects and operates the IT tools used in the provision of the service for the management of personal data in such a way that the managed data:

  • accessible to those authorized to do so (availability);
  • its authenticity and authentication are ensured (authenticity of data management);
  • its immutability can be verified (data integrity);
  • be protected against unauthorized access (data confidentiality).

MMG protects the data with appropriate measures against unauthorized access, change, transmission, disclosure, deletion or destruction, as well as against accidental destruction.

MMG ensures the protection of the security of data management with technical, organizational and organizational measures that provide a level of protection corresponding to the risks associated with data management.

During data management, MMG keeps:

  • confidentiality: protects the information so that only those authorized to do so can access it;
  • integrity: protects the accuracy and completeness of the information and the method of processing;
  • availability: it ensures that when the authorized user needs it, he can really access the desired information and that the related tools are available.

 

  1. Cookies

 

  1. It’s the job of cookies
  • collect information about visitors and their devices;
  • they note the individual settings of the visitors, which will be used, e.g. online
  • when using transactions, so you don’t have to type them in again; facilitate the use of the website;
  • they provide a quality user experience.

In order to provide customized service, a small data package, so-called it places a cookie and reads it back during the next visit. If the browser returns a previously saved cookie, the cookie management service provider has the opportunity to connect the user’s current visit with previous ones, but only with regard to its own content. Legal basis for data management: consent of the data subject. Scope of managed data: ID number, date, time, and previously visited page. Duration of data management: until the end of the session

  1. Session cookies are absolutely necessary

The purpose of these cookies is to enable visitors to fully and smoothly browse the https://mmgszek.hu website, use its functions and the services available there. The validity period of this type of cookie lasts until the end of the session (browsing), when the browser is closed, this type of cookie is automatically deleted from the computer or other device used for browsing.

  • Cookies placed by third parties (analytics)

The https://mmgszek.hu website also uses Google Analytics cookies as a third party. By using the statistical service Google Analytics, https://mmgszek.hu  collects information about how visitors use the website. The data is used for the purpose of developing the website and improving the user experience. These cookies also remain on the visitor’s computer or other device used for browsing, in their browser, until they expire, or until the visitor deletes them.

  1. Data related to online ordering
  • Name
  • Title
  • Phone number
  • E-mail

Legal basis for data management: the voluntary consent of the person concerned. Duration of data management: 72 hours from the date of the order, but no more than 90 days from the date of placing the order. Printed orders are stored on file and then destroyed annually using a document shredder.

  1. Data included in the invoice issued based on the order

– Name

– Title

– Phone number

– Email

– Tax number

 

Legal basis for data management: statutory requirement. Duration of data management: 5 years from the date of issue. The printed invoice will be stored on file, and destroyed after 5 years in accordance with the regulations, using a document shredder.

  1. Data related to online administration
  • Name
  • Title
  • Phone number
  • E-mail

Legal basis for data management: the voluntary consent of the person concerned. Duration of data management: 72 hours from the date of the order, but no more than 90 days from the date of placing the order.

  1. Data related to the newsletter
  • E-mail

You can register for MMG’s newsletter on the website https://mmgszek.hu . The purpose of data management is to send e-mail newsletters containing economic advertising to interested parties, to provide information on current information, special offers, and to keep in touch. The legal basis for data management: the voluntary consent of the person concerned, Eker. TV. 13/A. § a and paragraph 6.(5) of Grt.

The withdrawal of consent to the transmission of messages and the deletion or modification of personal data can be requested at the following contact details:

  • by clicking on the “Unsubscribe” link in the footer of the newsletters,
  • by entering the user profile on the website https://mmgszek.hu ,
  • via e-mail at sales@mmgszek.hu
  • by post at 1119. Budapest, Hadak útja 11 (warehouse 6).

 

 

  1. Data management principles

 

  • legality, due process and transparency:

personal data must be handled legally, fairly, and transparently for the data subject

  • purposefulness:

personal data should only be collected for specific, clear and legitimate purposes, and they should not be handled in a way that is incompatible with these purposes; in accordance with Article 89 (1), further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes, or for statistical purposes is not considered incompatible with the original purpose

  • data saving:

personal data must be appropriate and relevant in terms of the purposes of data management, and must be limited to what is necessary (when we no longer use a specific data, it must be deleted, the fact of deletion must be recorded – data disposal)

  • accuracy:

personal data must be accurate and, if necessary, up-to-date, all reasonable measures must be taken to ensure that inaccurate personal data for the purposes of data management are immediately deleted or corrected

  • limited storage capacity:

personal data must be stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may be stored for a longer period only if the personal data will be processed in accordance with Article 89 (1) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the data subjects and taking into account the implementation of the appropriate technical and organizational measures required to protect his freedoms

  • integrity and confidentiality:

the processing of personal data must be carried out in such a way that the appropriate security of personal data is ensured by the application of appropriate technical or organizational measures, including protection against unauthorized or illegal processing of data, accidental loss, destruction or damage

  • Accountability:

the data controller is responsible for complying with the principles of handling personal data, and must be able to prove this compliance

 

 

  1. Purpose, method and legal basis of data management

General data management guidelines:

The data management of the activities of MMG is based on voluntary consent and legal authorization. In the case of data processing based on voluntary consent, the data subjects may withdraw their consent at any stage of the data processing.

In some cases, the management, storage, and transmission of a range of the provided data is made mandatory by law, of which we notify our customers separately.

We draw the attention of data providers to MMG that if they do not provide their own personal data, the data provider is obliged to obtain the consent of the data subject.

Conditions for data management and consent to data management:

If the data management is based on consent, the data controller must be able to prove that the data subject has consented to the processing of his personal data.

If the data subject gives his consent in the context of a written statement that also applies to other matters, the request for consent must be presented in a way that is clearly distinguishable from these other matters, in an understandable and easily accessible form, with clear and simple language.

The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal. Before giving consent, the data subject must be informed of this. It should be possible to withdraw consent in the same way as to give it.

Management of special categories of personal data:

Processing of personal data referring to racial or ethnic origin, political opinion, religious or worldview beliefs or trade union membership, as well as genetic and biometric data aimed at the unique identification of natural persons, health data and data concerning the sexual life or sexual orientation of natural persons is prohibited!

The above statement does not apply if:

  • the data subject has given his express consent to the processing of said personal data for one or more specific purposes
  • data processing is necessary to fulfill the obligations of the data controller or the data subject arising from the legal regulations governing employment, social security and social protection and to exercise specific rights
  • data processing is necessary to protect the vital interests of the data subject or other natural person, if the data subject is unable to give consent due to physical or legal incapacity
  • data processing takes place within the framework of the legal activities of a political, worldview, religious or trade union foundation, association or any other non-profit organization with appropriate guarantees
  • data management refers to personal data that the data subject has expressly made public
  • data processing is necessary for the presentation, enforcement and defense of legal claims or when the courts are acting in their judicial responsibilities
  • data management is necessary due to significant public interest
  • data processing is necessary for preventive health or occupational health purposes, to assess the employee’s work abilities, to establish a medical diagnosis, to provide health or social care or treatment, or to manage health or social systems and services
  • data processing is necessary for public health purposes, such as protection against serious health threats that spread across borders or ensuring the high quality and safety of healthcare, medicines and medical devices
  • data management is necessary for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes

Data management that does not require identification:

If the purposes for which the data controller processes the personal data do not or no longer require the identification of the data subject by the data controller, the data controller is not obliged to keep, obtain or process additional information in order to identify the data subject simply to comply with this regulation.

Information to be made available if personal data is collected from the data subject:

If the personal data concerning the data subject is collected from the data subject, the data controller shall provide the data subject with all of the following information at the time of obtaining the personal data:

  • the identity and contact details of the data controller and the data controller’s representative (if any).
  • the contact details of the data protection officer, if any
  • the purpose of the planned processing of personal data, as well as the legal basis for data processing
  • when the data management affects the legitimate interests of a third party, the legitimate interests of the data controller or a third party
  • where applicable, recipients of personal data and categories of recipients, if any
  • where appropriate, the fact that the data controller wishes to transfer the personal data to a third country or international organization, and the existence or absence of the Commission’s compliance decision

In order to ensure fair and transparent data management, the data controller informs the data subject of the following additional information at the time of obtaining the personal data:

  • on the duration of storage of personal data
  • on the data subject’s right to request from the data controller access to personal data relating to him, their correction, deletion, or restriction of processing, and to object to the processing of such personal data, as well as the data subject’s right to data portability
  • in the case of data processing based on consent, the right to withdraw consent at any time, which does not affect the legality of data processing carried out based on consent before the withdrawal
  • on the right to submit a complaint to the supervisory authority
  • about whether the provision of personal data is based on legislation or a contractual obligation, or whether it is a prerequisite for the conclusion of a contract, as well as whether the data subject is obliged to provide personal data, and what possible consequences the failure to provide data may have
  • the fact of automated decision-making, including profiling, as well as at least understandable information on the logic used in these cases and the significance of such data management and the expected consequences for the data subject

Information to be made available that the personal data was not obtained from the data subject:

If the personal data was not obtained from the data subject, the data controller provides the data subject with the following information:

  • the identity and contact details of the data controller and the data controller’s representative (if any).
  • contact details of the data protection officer (if any)
  • the purpose of the planned processing of personal data, as well as the legal basis for data processing
  • categories of personal data concerned
  • recipients of personal data and categories of recipients (if any)
  • where appropriate, the fact that the data controller wishes to forward the personal data to a recipient in a third country or to an international organization, and the fact of the Commission’s compliance decision or its absence

 

Its basic data management principles are in line with the current legislation on data protection, and in particular with the following:

  • year CXII. law – on the right to self-determination of information and freedom of information (Infotv.);
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) – on the protection of natural persons with regard to the processing of personal data and the free flow of such data, and the repeal of Regulation 95/46/EC about its location (General Data Protection Regulation, GDPR);
  • Act V – on the Civil Code (Ptk.); Act C of 2000 – on accounting (Accounting Act);
  • year LIII. Act – on the prevention and prevention of money laundering and terrorist financing (Pmt.);
  • year CCXXXVII. Act – on credit institutions and financial enterprises (Hpt.).

 

 

  1. Data security, the security of data management

The data controller and the data processor implement appropriate technical and organizational measures, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons in order to guarantee a level of data security commensurate with the degree of risk, including among other things where appropriate:

  • pseudonymization and encryption of personal data
  • ensuring the continuous and confidential nature, integrity, availability and resilience of the systems and services used to manage personal data
  • in the event of a physical or technical incident, the ability to restore access to personal data and the availability of data in a timely manner
  • a procedure for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures taken to guarantee the security of data management

When determining the appropriate level of security, the risks arising from data management must be specifically taken into account, especially those resulting from the innocent or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise managed.

A data controller, including a data processor, may use adherence to an approved code of conduct or an approved certification mechanism as part of demonstrating that it meets the specified requirements.

The data controller takes the data processing measures to ensure that the data controller or natural persons acting under the control of the data processor and having access to personal data can only process said data in accordance with the instructions of the data controller, unless they are required to deviate from this by EU or Member State law .

Notification of the data protection incident to the supervisory authority:

The data protection incident shall be reported by the data controller to the competent supervisory authority pursuant to Article 55 without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is likely to pose no risk to the rights of the natural person and freedoms. If the notification is not made within 72 hours, the reasons justifying the delay must also be attached. After becoming aware of the data protection incident, the data processor shall notify the data controller without undue delay.

In reporting a data protection incident, at least:

  • the nature of the data protection incident must be described, including – if possible – the categories and approximate number of affected persons, as well as the categories and approximate number of data affected by the incident
  • the name and contact details of the data protection officer or other contact person providing additional information must be provided
  • the likely consequences of the data protection incident must be described
  • the measures taken or planned by the data controller to remedy the data protection incident must be described, including, in the given case, the measures aimed at mitigating any adverse consequences resulting from the data protection incident

If and if it is not possible to provide the information at the same time, it can be provided later in parts without further undue delay. The data controller keeps records of data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it.

Informing the person concerned about the incident:

If the data protection incident likely involves a high risk for the rights and freedoms of natural persons, the data controller shall inform the data subject of the data protection incident without undue delay.

In the information provided to the data subject, the nature of the data protection incident must be clearly and comprehensibly described, and at least the following information must be provided:

  • the name and contact details of the data protection officer or other contact person providing additional information must be provided
  • the likely consequences of the data protection incident must be described
  • the measures taken or planned by the data controller to remedy the data protection incident must be described, including, where applicable, measures aimed at mitigating any adverse consequences resulting from the data protection incident.

The data subject need not be informed of the data protection incident if any of the following conditions are met:

  • the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures that render the data unintelligible to persons not authorized to access personal data
  • after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject reported in connection with the data protection incident is unlikely to materialize in the future
  • providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.

 

 

 

  1. Lawfulness of data management

The processing of personal data is legal only if and to the extent that at least one of the following is fulfilled:

  • the data subject has given his consent to the processing of his personal data for one or more specific purposes
  • data processing is necessary to fulfill a contract in which the data subject is one of the parties, or it is necessary to take steps at the request of the data subject prior to the conclusion of the contract
  • data management is necessary to fulfill the legal obligation of the data controller
  • data processing is necessary to protect the vital interests of the data subject or another natural person
  • data processing is in the public interest or is necessary for the execution of a task carried out in the context of the exercise of a public authority conferred on the data controller
  • data processing is necessary to enforce the legitimate interests of the data controller or a third party, unless this interest is overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, especially if the data subject is a child.

 

 

  1. The physical storage locations of the data

Your personal data (that is, the data that can be linked to you) can be processed by us in the following way: on the one hand, in connection with maintaining the Internet connection, technical data related to the computer, browser program, Internet address, and visited pages are automatically generated in our computer system, on the other hand, you can also provide your name, contact information or other data if you wish to contact us personally when using the website.

Technically recorded data during the operation of the system: the data of the computer of the concerned entrant, which are generated during the voting and which are recorded by the https://mmgszek.hu  system as an automatic result of the technical processes. The data that is recorded automatically is automatically logged by the system upon entry or exit without a separate declaration or action by the person concerned. This data cannot be combined with other personal user data, except in cases made mandatory by law. Only MMG has access to the data.

Documents printed on paper containing personal data are stored in the file organizer set up on site.

  1. Data transmission, data processing, the circle of those familiar with the data

– Sejben Zsolt Viktor ev. – web page manager

Our above partners comply with the requirements required and imposed by the currently valid data protection legislation.

  1. Your rights and remedies

The data subject can request information about the management of his personal data, and can request the correction of his personal data, or – with the exception of mandatory data management – deletion or withdrawal, he can exercise his right to data portability and protest as indicated when the data was collected, or at the above contact details of the data controller.

  1. Right to information

MMG takes appropriate measures in order to provide data subjects with all the information mentioned in Articles 13 and 14 of the GDPR and Articles 15-22 regarding the handling of personal data. and provide each piece of information according to Article 34 in a concise, transparent, comprehensible and easily accessible form, clearly and comprehensibly worded.

  1. The data subject’s right of access

The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to access the personal data and the following information: the purposes of the data processing; categories of personal data concerned; the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations; the planned period of storage of personal data; the right to rectification, deletion or limitation of data processing and the right to protest; the right to submit a complaint to the supervisory authority; information about data sources; the fact of automated decision-making, including profiling, as well as comprehensible information regarding the applied logic and the significance of such data management and the expected consequences for the data subject. The data controller shall provide the information within a maximum of one month from the date of submission of the request.

  1. Right to rectification

The data subject may request the correction of inaccurate personal data concerning him/her managed by MMG and the addition of incomplete data.

  1. Right to erasure

If one of the following reasons exists, the data subject has the right to request that MMG delete the personal data relating to him without undue delay:

  • personal data are no longer needed for the purpose for which they were collected or otherwise processed;
  • the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;
  • the data subject objects to data processing and there is no overriding legal reason for data processing;
  • personal data has been unlawfully processed;
  • the personal data must be deleted in order to fulfill the legal obligation prescribed by the EU or Member State law applicable to the data controller;
  • the collection of personal data took place in connection with the offering of services related to the information society.

Data deletion cannot be initiated if data management is necessary: ​​for the purpose of exercising the right to freedom of expression and information; for the purpose of fulfilling the obligation according to the EU or Member State law applicable to the data controller, which prescribes the processing of personal data, or for the execution of a task performed in the public interest or in the context of the exercise of public authority conferred on the data controller; affecting the field of public health, or for archival, scientific and historical research purposes or for statistical purposes, on the basis of public interest; or to present, assert or defend legal claims.

  1. The right to restrict data processing

At the request of the data subject, MMG restricts data processing if one of the following conditions is met:

  • the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the verification of the accuracy of the personal data;
  • the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of its use;
  • the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims; obsession
  • the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.

If data management is subject to restrictions, personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.

  1. Right to data portability

The data subject has the right to receive the personal data concerning him/her provided to the data controller in a segmented, widely used, machine-readable format, and to transmit this data to another data controller.

  1. Right to protest

The data subject has the right to protest at any time for reasons related to his own situation against the processing of his personal data necessary for the performance of a task carried out in the public interest or within the framework of the exercise of public authority conferred on the data controller, or for the enforcement of the legitimate interests of the data controller or a third party, including profiling based on the aforementioned provisions too. In the event of a protest, the data controller may no longer process the personal data, unless it is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are related to the submission, enforcement or defense of legal claims.

  1. Automated decision-making in individual cases, including profiling

The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have a legal effect on him or affect him to a similar extent.

It does not apply if the decision:

  • necessary in order to conclude or fulfill the contract between the data subject and the data controller
  • is made possible by EU or Member State law applicable to the data controller, which also establishes appropriate measures to protect the rights and freedoms and legitimate interests of the data subject, or
  • based on the express consent of the data subject

 

 

 

  1. Right of withdrawal

The data subject has the right to withdraw his consent at any time.

  1. Right to go to court

In the event of a violation of their rights, the data subject may apply to the court against the data controller. The court acts out of sequence in the case.

  1. Data protection official procedure

You can file a complaint with the National Data Protection and Freedom of Information Authority:

Name: National Data Protection and Freedom of Information Authority

Address: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, Pf. 9.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
E-mail: ugyfelszolgalat@naih.hu
Website:  http://www.naih.hu/

 

  1. Responsibility

 

The information on the website has been posted in good faith, the Service Provider assumes no responsibility for the accuracy and completeness of the information.

 

Neither the Service Provider, nor its employees, nor its agents shall be liable for any losses, damages, or costs (including, without limitation, any lost profits, indirect, incidental, or consequential losses) that may arise from accessing or using the website. The user may use the website solely at his own risk and accepts that the Service Provider shall not be liable for material or non-material damages arising during use, in addition to liability for breach of contract caused by intentional, gross negligence or criminal acts, as well as damage to life, limb, or health.

 

The service provider excludes all responsibility for the behavior of website users. The User is fully and exclusively responsible for his own conduct, in such cases the Service Provider fully cooperates with the acting authorities in order to detect legal violations.

 

The pages of the service may contain connection points (links) that lead to the pages of other service providers. The Service Provider assumes no responsibility for the data protection practices and other activities of these service providers.

 

The service provider does not assume responsibility for any operational or content errors or deficiencies that arise directly, indirectly, or randomly when visiting the website, nor does it assume responsibility for any errors resulting from entering incorrect data.

 

Due to the global nature of the Internet, the User accepts that, when using the website, he acts in consideration of the provisions of the relevant national legislation. If any activity related to the use of the website is not permitted according to the law of the User’s country, the User is solely responsible for the use.

 

If the User notices objectionable content on the website, he must report it to the Service Provider immediately. If, in the course of its good faith procedure, the Service Provider finds the indication to be well-founded, it is entitled to immediately delete or modify the information.

 

 

  1. Other provisions

We provide information on data management not listed in this information when the data is collected.

We inform our customers that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the National Data Protection and Freedom of Information Authority, the Hungarian National Bank, or other bodies based on the authorization of the law, provide information, communicate data, transfer documents, or they can contact the data controller to make it available.

MMG will only release personal data to the authorities – if the authority has specified the exact purpose and scope of the data – to the extent and to the extent that is absolutely necessary to fulfill the purpose of the request.

 

Szekszárd, 01.03.2021.