Privacy Policy

Data management information on the processing of personal data

2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter: GDPR) 13. and Pursuant to Articles 14, Citovar Kft. provide the following information to data subjects regarding the processing of personal data.

1. The Data Controller and the Data Protection Officer

Data Controller Information

Citovar Kft.
Headquarters: 2316 Tököl, Dobó Katica u. 52. (Hungary)
Phone number: +36 20 44 23 004
Central e-mail address: info@citovar.hu
Central website address: www.citovar.eu

Details of the Data Protection Officer

Name: Pallagi Z altán
Postal address: 2316 Tököl, Dobó Katica u. 52.
Phone: +36 20 44 23 004
E-mail: info@citovar.hu

2. Legislation underlying data management

The following legislation applies to data processing:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46 (“the General Data Protection Regulation”) GDPR, the current text of the legislation is available at the following link: http: //eur-lex.europa.eu/legal-content/EN/TXT/? uri = uriserv: OJ.L_.2016.11 … )
  • Act CXII of 2011 on the right to information self-determination and freedom of information. Act (hereinafter: Infotv., the current text of the legislation is available via the following link: http://njt.hu/cgi_bin/njt_doc.cgi?docid=139257.338504 )

According to the GDPR, ” personal data ” means:

any information relating to an identified or identifiable natural person (“data subject”); identify a natural person who, directly or indirectly, in particular by reference to one or more factors such as name, number, location, online identifier or physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable.

3. Data management data

3.1 Personal data processed

purpose of treatment:can be found in Annex 1
legal basis for data processing:can be found in Annex 1
storage time:can be found in Annex 1
list or categories: can be found in Annex 1
source:can be found in Annex 1

As set out in the Annex , the provision of data is, as a general rule, at the discretion of the data subject. Where the provision of personal data in the Annex is based on law or a contractual obligation or is a precondition for the conclusion of a contract, the data subject shall provide personal data in the above cases, failure to do so may result in the following legal consequences:

  • request for data in order to use a service: refusal to provide a service
  • data request for security purposes: access restriction, exclusion
  • request for data for the purpose of concluding a contract: failure to conclude a contract

3.2 Information about automated decision making or profiling

Does the Data Controller use this? Does not apply.

3.3 If there is a Recipient

Definition of ” Consignee “:

any natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities that may have access to personal data in the framework of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing.

Name of consignees: 1. can be found in Annex
Purpose of communication: 1. can be found in Annex

3.4 Who has access to your personal information?

As a general rule, the personal data of the data subject may be disclosed to the employees of the Data Controller in order to perform their duties. Thus, for example, the data processing staff of the Data Controller will get to know the personal data of the data subject in order to manage the case or the HR staff member will be able to prepare the employment contract.

The Data Controller shall take appropriate information security measures to ensure that the personal data of the data subject are protected against, inter alia, unauthorized access or unauthorized access.

against changing. For example, access to personal information stored on servers is logged, so you can always check who, when, what personal information. The Data Controller shall take appropriate organizational measures to ensure that personal data cannot be made available to an indefinite number of persons.

3.5 Transfer of data to a third country or international organization

Name of third country or international organization: not relevant

EU Commission decision on conformity or, failing that, guarantees: not relevant

Binding company rule: not relevant

Derogations for special situations: not relevant

3.6 Data security measures

The Data Controller stores the personal data provided by the data subject at the Data Controller’s registered office or registered office. In order to process the personal data of the data subject, the Data Controller uses the data processing service indicated at the Recipients (point 3.3).

The Data Controller shall take appropriate information security measures to ensure that the personal data of the data subject are protected against, inter alia, unauthorized access or alteration. For example, access to personal information stored on servers is logged, so you can always check who, when, what personal information. The Data Controller shall take appropriate organizational measures to ensure that personal data cannot be made available to an indefinite number of persons.

4. Your rights

4.1 The GDPR 15. The data subject may request access to personal data concerning him or her in accordance with Article

  • The data subject has the right to receive feedback from the Data Controller as to whether the processing of his / her personal data is in progress and, if such data processing is in progress, he / she has the right to access the personal data and the following information:

    (a) the purposes of the processing;
    (b) the categories of personal data concerned;
    (c) the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third country recipients or international organizations;
    (d) where applicable, the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
    (e) the right of the data subject to request the controller to rectify, erase or restrict the processing of personal data concerning him or her and to object to the processing of such personal data;
    (f) the right to lodge a complaint with a supervisory authority;
    (g) if the data were not collected from the data subject, all available information on their source;
    (h) the fact of automated decision-making, including profiling, and at least in such cases, comprehensible information on the logic used and the significance of such data processing for the data subject.
  • Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate guarantees required by law for the transfer.
  • The Data Controller shall make a copy of the personal data subject to data processing available to the data subject. The Data Controller may charge a reasonable fee based on administrative costs for additional copies requested by the data subject. Where the data subject has submitted the request by electronic means, the information shall be provided in a widely used electronic format, unless the data subject requests otherwise. The right to request a copy shall not adversely affect the rights and freedoms of others.

4.2 The GDPR 16. Pursuant to Article 1 of the Article, the data subject has the right to request the rectification of personal data concerning him / her.

Upon the request of the data subject, the Data Controller is obliged to correct inaccurate personal data concerning him / her without undue delay. Taking into account the purpose of the data processing, the data subject has the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement.

4.3 The GDPR 17. Pursuant to Article 1, the data subject has the right to request the Data Controller to have his or her personal data broken as follows:

  • The data subject has the right to request the deletion of personal data concerning him or her, and the data controller is obliged to delete the personal data concerning him or her without undue delay if one of the following reasons exists:

    (a) personal data are no longer required for the purpose for which they were collected or otherwise processed;

    (b) the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing;

    (c) the data subject objects to the data processing in the public interest, in the exercise of a public authority or in the legitimate interest of the controller (third party), and there is no overriding legitimate reason for the data processing or the data subject objects to the data processing for direct business acquisition;

    (d) personal data have been processed unlawfully;

    e) personal data must be deleted in order to fulfill a legal obligation provided for in the applicable EU or Member State law (Hungarian law);

    (f) personal data have been collected in connection with the provision of information society services.
  • Where the controller has disclosed personal data and is required to delete it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that the the data subject has requested that the links to the personal data in question or a copy or duplicate of such personal data be deleted.
  • The right of the data subject to be deleted may only be restricted if the following exceptions are set out in the GDPR, ie further retention of personal data is considered lawful if the above reasons are met,

    (a) the exercise of the right to freedom of expression and information, or

    (b) if compliance with a legal obligation (ie in the case of an activity recorded in the Data Protection Register as a legal basis for a period corresponding to the purpose of the data processing), or

    (c) when carrying out a task carried out in the public interest, or

    (d) because of the exercise of official authority vested in the controller, or

    (e) if, in the public interest,

    (f) for archiving purposes in the public interest, or

    (g) for the purposes of scientific and historical research or statistics, or

    h) if necessary for the submission, enforcement or defense of legal claims.

4.4 The GDPR 18. Pursuant to Article 1, the data subject is entitled to request the Data Controller to restrict the processing of personal data concerning him or her as follows:

  • The data subject has the right, at the request of the Data Controller, to restrict the data processing if one of the following is met:

    (a) the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period which allows the Data Controller to verify the accuracy of the personal data;

    (b) the processing is unlawful and the data subject opposes the erasure of the data and instead requests that their use be restricted;

    c) the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims; obsession

    (d) the data subject has objected to the processing in the public interest, in the exercise of official authority or in the legitimate interest of the controller (third party); in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the data subject.
  • Where the processing is subject to a restriction on the basis of the above, such personal data, with the exception of storage, shall be subject to the consent of the data subject or to the protection, defense or protection of the rights of another natural or legal person can be treated.
  • The Data Controller shall, at the request of the data subject at whose request the data processing has been restricted pursuant to paragraph 1, inform him or her in advance of the lifting of the data processing restriction.

4.5 The GDPR 21. The data subject has the right to object to the processing of personal data concerning him or her by the Data Controller as follows:

  • The data subject has the right to object at any time, for reasons related to his or her situation, to the processing of his or her personal data in the public interest, in the exercise of public authority or in the legitimate interest of the controller (third party), including profiling. In this case, the Data Controller may not further process the personal data, unless the Data Controller demonstrates that the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which are necessary to bring, enforce or protect legal claims. are related.
  • Where personal data are processed for the purpose of direct business acquisition, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for that purpose, including profiling, in so far as it relates to direct business acquisition. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for that purpose.
  • The right of objection shall be expressly brought to the attention of the data subject at the latest at the time of his or her first contact, and the relevant information shall be displayed clearly and separately from any other information.
  • In connection with the use of information society services and by way of derogation from Directive 2002/58 / EC, the data subject may also exercise the right to object by automated means based on technical specifications.
  • Where personal data are processed for scientific and historical research or statistical purposes, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her situation, unless the processing is necessary for the performance of a task carried out in the public interest.

4.6 The GDPR 20. The data subject is entitled to the portability of personal data concerning him or her in accordance with Article

  • The data subject shall have the right to receive personal data concerning him or her made available to a controller in a structured, widely used machine-readable format and to transfer such data to another controller without being hindered by the controller whose provided personal data if:

    (a) if the legal basis for the processing is the consent of the data subject or the performance of a contract concluded with the data subject

    b) and the data processing is automated.
  • When exercising the right to data portability, the data subject shall have the right, if technically feasible, to request the direct transfer of personal data between data controllers.
  • The exercise of the right to data portability shall not infringe the right of erasure. The right to carry data shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • The right to data portability must not adversely affect the rights and freedoms of others.

4.7 The GDPR 7. Pursuant to Article 3 (3), the data subject shall have the right to withdraw his or her consent to the processing of his or her personal data at any time as follows:

The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the data processing prior to withdrawal. You have the right to withdraw your consent as easily as you give it.

5. The right of appeal of the person concerned is a complaint to a supervisory authority before a court

In the event of unlawful data processing experienced by the data subject, you may initiate a civil lawsuit against the Data Controller. The court has jurisdiction to hear the case. The lawsuit may also be instituted before the court of the place of residence at the option of the person concerned (you can view the list and contact details of the courts through the following link: http://birosag.hu/torvenyszekek ).

Without prejudice to other administrative or judicial remedies, any data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which he or she has his or her habitual residence, place of employment or suspected infringement, if the processing of personal data concerning him or her this Regulation.

In Hungary, the competent supervisory authority:

National Data Protection and Freedom of Information Authority (NAIH)
address: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c
postal address: 1530 Budapest, Pf .: 5 e-mail: ugyfelszolgalat@naih.hu
phone: +36 (1) 391-1400
fax: +36 (1) 391-1410 website: www.naih.hu

Annex 1

Purpose of data managementCategories of data managedDuration of data managementLegal basis for data managementData sourceRecipient (if any) Purpose of communication (if any)
Newsletter subscription e-mail address until cancellationVoluntary contribution   
Sending messages through the website name, email address1 + 1 monthVoluntary contribution