The Data Controller Modul-Trans Tervező és Kereskedelmi Kft. The purpose of this Data Management Notice is to clearly and in detail inform visitors to the https://www.modultrans.hu/ website operated by the Data Controller and visitors to the Facebook page (“Data Subject”) of all the facts related to the management of their personal data, the data management rights and remedies.
The purpose of this Data Management Information is also that before data management begins, the Data Controller clearly and in detail informs customers and partners who enter into an assignment contract with the Data Controller regarding the management of their personal data about all the facts related to the management of their personal data, the rights and remedies related to data management. This Data Management Information Form is an inseparable annex to the assignment contract.
This Data Management Information also contains the internal rules and measures applicable to the Data Controller, which ensures that its data management complies with the legislation specified in point 3, so it also qualifies as the data management regulations of the Data Controller regarding the handling of the personal data of the Data Subjects.
This Data Management information is published by the Data Controller on its website.
For the purposes of this Data Management Information:
“personal data”: any information relating to an identified or identifiable natural person (“data subject”); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
“data management”: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying;
“data controller”: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;
“data processor”: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
“recipient”: the natural or legal person, public authority, agency or any other body to whom the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
1. Data of the data controller
Name: Modul-Trans Tervező és Kereskedelmi Kft.
Tax number: 11171359-2-10
Location: H-3300 Eger, Nagy-Eged u. 14.
E-mail: modultrans@modultrans.hu
2. Persons authorized to process data
a.) Data of the storage service provider used during data management:
Company name: MediaCenter Hungary Kft
Postal address: 6001 Kecskemét, Pf. 588.
Headquarters address: 6000 Kecskemét, Sosztakovics u. 3. II/6
Phone: 76 / 575-023 (weekdays 8 a.m. to 5 p.m.)
3. The main legislation on data management and their abbreviations
• Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”)
• CXII of 2011 on the right to information self-determination and freedom of information. Act (“Infotv.”)
• CVIII of 2001 on certain issues of services related to the information society. law (“Eker tv.”)
4. Basic principles of data management (quality policy)
4.1. Fairness, legality and transparency
The Data Controller carries out the data management operations specified in this Notice (including the recording and management of data) in a fair manner, in accordance with the legal regulations for the management of personal data, in a transparent manner for the Data Subject.
4.2. Bound to a goal
The Data Controller collects, manages and uses personal data exclusively for the purposes set out in this Notice, and forwards them to this Notice only in order to achieve these purposes, as well as in accordance with the legal regulations on the handling of personal data in force at all times. The processed personal data can only be seen by the persons involved in the realization of the goals.
4.3. Data saving
The Data Controller only asks the Data Subject to provide such personal data that are appropriate, relevant and absolutely necessary in terms of the purpose of the data management, and without which it would not be able to provide its services or not in accordance with its commitments.
4.4. Accuracy
The Data Subjects are responsible for ensuring that the data provided on the website is true, accurate and up-to-date. In addition, it is also the responsibility and obligation of the Data Subject to obtain the consent of the Data Subject in advance if he does not provide his own personal data.
If the Data Subject informs the Data Controller that his/her data does not correspond to reality, the Data Controller shall immediately ensure that these data are deleted or corrected in accordance with the provisions of this Notice.
4.5. Limited storage capacity
The Data Controller ensures that personal data is stored in a form that allows identification of the Data Subject only for the time necessary to achieve the goals of personal data management. The data controller therefore determines the duration of data storage according to this principle.
4.6. Data security
The data controller takes all necessary measures to ensure the safe, damage-free handling of both paper-based and electronically stored data and the construction and operation of the necessary data management systems. The data controller ensures that no unauthorized person can access, disclose, forward, modify, or delete the processed data. The data manager will do everything possible to ensure that the data is not accidentally damaged or destroyed. The Data Controller also imposes the above commitment on the data processors used in the course of its data management activities.
As part of this, it uses virus and firewall protection on computers and ensures the physical protection of data and data storage devices. Computers and databases are password-protected, so personal data can only be viewed by those who have been authorized to do so. Electronic data is backed up.
5. Contact via the Website/Facebook
Purpose of data management: information, contact, answering questions
Legal basis for data management: consent of the data subject – Article 6 (1) point a) GDPR.
In the case of sending messages on the Website, you give your consent by ticking the checkbox before sending the message. In the case of sending messages on Facebook, by sending the message, the Data Subject consents to the Data Controller getting to know the public personal data (name, profile picture) provided in the Facebook profile. You can withdraw your consent at any time, without giving reasons, by e-mail or in a paper-based application. In case of withdrawal of consent, your personal data will be deleted (see: point 12.3).
Categories of stakeholders: customers sending messages
Scope of processed data: name, email address, subject, message, public data in Facebook profile
Who can access it? Only the Data Controller
Duration of data management: The messages will be deleted within 30 days after the response message is sent (unless there is another data management purpose).
Data transfer: We inform the Data Subjects that the personal data provided during contact may be forwarded to Dóra Czeinder, an individual entrepreneur, based on a cooperation agreement with the Data Controller (Headquarters and mailing address: 1156 Budapest, Sárfű utca 3. 9/27., Tax number: 66078177-1-27 , Registration number: 31509316), if the Data Subject requests an offer or information regarding Facebook and Google AdWords advertising management services.
Purpose of data transfer: provision of services that meet the Data Subject’s needs, work organization, capacity sharing
Legal basis for data transfer: consent of the data subject – Article 6 (1) point a) GDPR
Range of forwarded data: name, email address, subject, message
Possible consequences of failure to provide data: the Data Subject cannot ask questions or request an offer via the Website.
6. Data management related to service orders and service provision
Purpose of data management: fulfillment of tasks related to website creation, search engine optimization, contact with the Client in the case of a telephone number and e-mail address
Legal basis for data management: necessary for the performance of a contract – GDPR Article 6 (1) point b), Eker tv. 13/A. §-the
Categories of stakeholders: customers who enter into an assignment contract
Scope of processed data: client name, registered office, tax number, registration number, e-mail address, telephone number of the contact person, access data for the hosting of the website to be managed, MySQL database access, Google Analytics access, Google Search Console access
Who can access it? Only the Data Controller
Duration of data management: For 5 years after the termination of the contract. The email address of the contact person will be deleted after the termination of the contract.
Possible consequences of failure to provide data: the Data Subject cannot enter into an assignment contract with the Data Controller.
7. Issue of an invoice
Purpose of data management: issuance of an accounting document
Legal basis for data management: necessary for the performance of a contract – GDPR Article 6 (1) point b), necessary for the fulfillment of a legal obligation – GDPR Article 6 (1) point c), Act XCII of 2003 on taxation. § 45 of the Act, Account tv. 169. (2) of §
Categories of stakeholders: customers placing orders via the website
Range of processed data: billing name, billing address (county, settlement name, zip code, street name, house number, floor, door, bell), payment method, issue, performance, payment date, product name, net and gross price of products, order total (net , gross, VAT amount).
Who can access it? Only the Data Controller
Duration of data management: Account no. TV. Eight years in accordance with Section 169 (2).
Data transfer: The invoices are forwarded to the accountant.
Possible consequences of failure to provide data: the Data Subject cannot receive a personal invoice.
8. Data processing arising during the Data Controller’s activities
Purpose of data processing: FTP and MySQL data of website storage, access to website administration interface, processing of content and image elements, determination of relevant keywords during search engine optimization, measurement of website performance with Google Analytics and Google Search Console services, Facebook page
Legal basis for data processing: necessary for the performance of a contract – GDPR Article 6 (1) point b).
Categories of stakeholders: clients who enter into an assignment contract, as well as visitors to the website and Facebook page of these clients, and customers.
Range of processed data: visitor and traffic data of the website and Facebook page of the customers who entered into the commission contract, purchase data of the target audience, and visitor behavior data. These statistical data and traffic analytics cannot be directly or indirectly identified or linked to natural persons.
Who can access it? Only the Data Controller
Duration of data management: Until the termination of the commission contract.
Additional data processor: We inform the Data Subjects that, based on the cooperation agreement with the Data Controller, for Dóra Czeiner, an individual entrepreneur (Headquarters and mailing address: 1156 Budapest, Sárfű utca 3. 9/27., Tax number: 66078177-1-27, Registration number: 31509316) are forwarded if the Data Controller replaces or participates in the performance of its activities.
9. Management of quality objections
Purpose of data management: management of quality objections arising in connection with the services provided by the Data Controller.
Legal basis for data management: necessary for the performance of a contract – GDPR Article 6 (1) point b), necessary for the fulfillment of a legal obligation – GDPR Article 6 (1) point c), CLV of 1997 on consumer protection. Act 17/A. § (3)-(7).
Categories of stakeholders: customer submitting a complaint or objection
Scope of processed data: the unique identification number of the complaint, the name and address of the consumer, the place and time of the complaint, the method of the complaint, the list of documents, documents and other evidence submitted by the consumer, the description of the complaint, the place and time of recording the report and the recorder name, signature and, in case of return, product data.
Who can access it? Only the Data Controller
Duration of data management: With regard to the records of complaints and copies of responses to written complaints, Fgytv. 17/A. five years based on § (7).
Data transmission: None.
Possible consequences of failure to provide data: the Data Subject cannot exercise his consumer rights.
10. Information about cookies
A cookie is an alphanumeric information package with variable content sent by the web server, which is recorded on the User’s computer and stored for a predetermined validity period. The use of cookies provides an opportunity to query some of the User’s data, as well as to monitor their Internet usage.
Functional cookies (session cookies)
These cookies are responsible for the display and functionality of the Website and are intended for one session. By disabling them, some functions of the Website may not be available or may be limited.
The purpose of using the above cookies is to ensure the functionality of the Website, to measure page visits and to create traffic analytics by collecting anonymized visitor data. Based on these data, the Data Subject cannot be identified either directly or indirectly.
Disable cookies
You can delete or disable the use of cookies in your internet browser in the data protection settings of that browser. You can find help for this at the following links:
https://support.google.com/chrome/answer/95647?hl=en
https://support.mozilla.org/hu/kb/weboldalak-altal-ellyezett-sutik-torlese-szamito
https://support.microsoft.com/hu-hu/help/278835/how-to-delete-cookie-files-in-internet-explorer
Users who do not want Google Analytics to create a report on their visit can install the Google Analytics blocking browser extension. This add-on instructs the Google Analytics JavaScript scripts (ga.js, analytics.js, and dc.js) not to send visit information to Google.
If you wish to opt-out of Analytics web activity, visit the Google Analytics opt-out page and install the add-on for your browser. For more information on installing and uninstalling the extension, see the help for your browser.
11. Rights of data subjects
11.1. Access right
The Data Subject has the right to request information from the Data Controller about the management of their personal data, in particular the purpose and legal basis of the data management, personal data processed, the identity of the data processor, and the right to file a complaint.
The Data Controller provides the information free of charge to the Data Subject. If the Data Subject’s request is clearly unfounded or – especially due to its repetitive nature – excessive, the Data Controller is entitled to request a reasonable reimbursement (in the case of paper-based information: HUF 10/sheet).
The application can be submitted electronically or by post, the rules for this are contained in point 13.
The Data Controller will respond to the submitted request in an understandable form as soon as possible, but no later than 25 days after the submission of the request.
11.2. Right to rectification
The Data Subject may request the correction of their personal data if they do not correspond to reality. You are also entitled to request the addition of incomplete personal data.
After receiving the request, the Data Controller will examine the legitimacy of the request as soon as possible. If the Data Controller does not find the User’s request well-founded and refuses to fulfill it, it will notify the Data Subject in writing of the rejection and the reasons for it together with the legal remedy within 25 days of receiving the request.
11.3. Right to erasure
The Data Controller deletes personal data concerning the Data Subject if:data management is illegal;
• the Data Subject withdraws his consent to the processing of personal data, and there is no other legal basis for data processing;
• the User’s personal data is incomplete or incorrect, and this state cannot legally be remedied, provided that deletion is not precluded by law;
• the purpose of data management has ceased;
• it was ordered by a court or the National Data Protection and Freedom of Information Authority.
The deletion requested by the Data Subject may only refer to the deletion of data processed on the basis of his consent, so it does not affect the scope of data affected by mandatory data processing mandated by law. In addition, the Data Controller is entitled to process the Data Subject’s personal data even after the Data Subject’s deletion request, if processing the Data Subject’s data is necessary for the purpose of fulfilling the Data Controller’s contract, fulfilling its legal obligations or asserting its legitimate interests.
The application must be submitted in accordance with the provisions of point 13.
11.4. The right to restrict data processing
At the Data Subject’s request, the Data Controller limits data processing in the following cases:
a.) the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the data controller to check the accuracy of the personal data;
b.) the data management is illegal and the data subject opposes the deletion of the data and instead requests the limitation of their use;
c.) the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims; obsession
d.) the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.
The application must be submitted in accordance with the provisions of point 13.
11.5. Right to data portability
The Data Subject has the right to receive the personal data provided to the Data Controller in a machine-readable format, or for the Data Controller to forward this data to another data controller designated by him, if the data processing is based on the data subject’s consent or a contract (GDPR Article 6 (1) a) and point b).
The application must be submitted in accordance with the provisions of point 13.
11.6. Right to protest
The Data Subject may object to the processing of his/her personal data if the processing or forwarding of the personal data is necessary solely for the enforcement of the legitimate interests of the Data Controller or a third party in relation to the Data Controller (except in the case of mandatory data processing).
The Data Subject may submit his objection request to the Data Controller in accordance with the provisions of point 13.
If the Data Controller finds the Data Subject’s objection to be well-founded, it will delete the personal data immediately.
12. Remedies
In the case of unlawful data processing, as well as rejection of a request for information, correction, deletion, restriction, data portability, objection, the Data Subject to the National Data Protection and Freedom of Information Authority (Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; Postal address: 1530 Budapest, Pf.: 5; Email address: ugyfelszolgalat [at] naih.hu) or you can apply to the court of your place of residence or residence.
13. Rules related to the request sent by the Data Subject to the Data Controller
The Data Subject must send the requests indicated in this Notice, as well as the withdrawal of consent to data management, in writing to the following address:
Email: modultrans@modultrans.hu
Postal address: 3300 Eger, Nagy-Eged u. 14.
The Data Controller examines the requests received without delay and fulfills the request within 25 days of receiving the request at the latest, or if the Data Controller does not find the Data Subject’s request to be well-founded and refuses to fulfill it, then the rejection and the reasons for it, together with the legal remedy, will be provided within 25 days after the receipt of the request. informs the Contact in writing within days. The Data Controller sends a written notification to the Data Subject only if the request is rejected, with the exception of 11.1. requests contained in point.
The request sent by e-mail is considered authentic by the Data Controller only if it comes from an e-mail address already provided by the Data Subject and treated as personal data. The Data Controller is entitled to request additional data in order to identify the Data Subject in the event that doubts arise as to whether the person requesting the data is really the Data Subject.
14. Procedure in the event of a data protection incident
Data protection incident: accidental or illegal destruction, loss, alteration, unauthorized disclosure of personal data, or unauthorized access to it.
If you become aware of a data protection incident as defined above in connection with your personal data managed by the Data Controller, please report it immediately to the contact details indicated in point 9. The Data Controller investigates a data protection incident immediately and reports it to the National Data Protection and Freedom of Information Authority no later than 72 hours after becoming aware of it, unless the data protection incident is likely to pose no risk to the rights and freedoms of the data subjects, and takes measures to remedy the incident. The Data Controller keeps a record of data protection incidents.
Acceptance and modification of the Data Protection Information
By using the Website, the Data Subjects accept the contents of this Data Management Notice.
The Data Controller is entitled to unilaterally modify this Privacy Policy. The amended Privacy Notice will be published on the Website.
Effective: May 25, 2018.