Data Protection Policy
1. Introduction
The company Printec BB Kft. (hereinafter referred to as “Data Controller”) pays much attention to the protection of personal data, the fulfillment of obligatory legal regulations as well as safe and fair data handling during its activities.
Information about the Data Controller:
Company name: Printec BB Kft.
Trade Register No.: Cg 20-09-064438
Registered office: 8800 Nagykanizsa, Magyar u. 193-195.
Tax ID No.: 11960214-2-20
Personal data made available are handled by the Data Controller according to the effective Hungarian and European legal regulations and ethical standards at all times. Technical and organizational measures which are necessary for adequately safe data handling are taken by the Data Controller in each and every case.
This policy has been drawn up on the basis of the following effective legal regulations:
– Act CVIII of 2001 on certain aspects of electronic commerce and information society services
– Act CXIII of 2011on informational self-determination and freedom of information
– Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC
The Data Controller undertakes to observe this policy unilaterally and requests its customers to accept the provisions thereof. The Data Controller reserves the right to make changes to this Data Protection Policy in which case the modified contents will be released by it.
2. Interpretative provisions
Personal data: data which can be associated with any specific (identified or identifiable) natural person (hereinafter referred to as “Data Subject”) and the consequence which can be drawn from the data which is related to the Data Subject. Personal data shall maintain this quality during data handling as long as its relation to the Data Subject can be restored. The person can be considered in particular as identifiable if he or she can be – directly or indirectly – identified on the basis of the name, identification number and one or more factors which are typical of his or her physical, physiological, mental, economic, cultural or social identity.
Consent: voluntary and definite expression of the will of the Data Subject which is based on adequate information and through which the Data Subject gives his or her unambiguous consent to handling personal data related to him or her in full or with respect to certain operations.
Objection: the declaration made by the Data Subject through which he or she objects to handling his or her personal data and requests for cessation of data handling and deletion of data which have been handled, respectively.
Data controller: a natural or legal person and an organization having no legal personality, respectively who or which determines the purpose of data handling independently or along with other ones, makes decisions about data handling (equipment to be used included) and carries out these decisions or has the Data Processor carry them out.
Data handling: any operation or the totality of operations performed with respect to the data, irrespective of the procedure applied, thus, in particular collection, acquisition, recording, systematization, storage, modification, use, retrieval, transfer, publication, harmonization or linking, blocking, erasure and destruction of data as well as preventing data from continued use, taking photographs, making sound or picture records as well as recording the physical characteristics which are suitable for identifying the person.
Data transfer: making data available to the specified third party.
Publication: making data available to anyone.
Data deletion: making data unrecognizable in a manner which makes their restoration impossible at a later date.
Data labeling: assigning identification labeling to the data for the differentiation thereof.
Blocking of data: assigning identification labeling to the data for the final or fixed-term restriction of further handling thereof.
Data destruction: complete physical destruction of the data carrier containing the data.
Data processing: performance of technical tasks related to the operations of data handling, irrespective of the method and equipment which are used for carrying out the operations and also of the place of application, provided that they are performed with respect to technical data.
Data processor: a natural or legal person and an organization having no legal personality, respectively who or which carries out data processing according to contract, the contract signed in accordance with the provision of the legal regulation also included.
Data pool: the totality of data processed within one register.
Third party: a natural or legal person and an organization having no legal personality, respectively who or which is not identical with the data subject, the data controller or the data processor.
EEA country: a member state of the European Union and another country which is a party to the Agreement on the European Economic Area, further a country the citizen of which has a
legal status which is identical with that of the citizens of the European Union and its member states as well as the citizens of the countries which are parties to the Agreement on the European Economic Area.
Third country: all the countries which are no EEA countries.
Data protection incident: unlawful handling or processing of personal data, thus, in particular unauthorized access, modification, transfer, publication, erasure or destruction as well as accidental destruction and damage.
3. Basic principles of data processing
Personal data can be processed if the data subject consents to it or it may be ordered by the law or a decree of the local government (the latter on the basis of the authorization by the law, within the scope specified by the same).
Personal data can only be processed for a specific purpose, in order to exercise a right and fulfill a duty. Data processing shall meet this purpose in each phase thereof.
Only personal data which are indispensable for the accomplishment of the purpose of data processing and which are suitable for achieving the goal can be processed, only to the extent and for the time which are necessary for the accomplishment of the purpose.
Personal data can be transferred and different data processing actions can be linked if the data subject consents to them or they are allowed under the law and if the conditions of data processing are fulfilled for every piece of personal data.
Personal data can be transferred from the country to a data controller or data processor in a third country – irrespective of the data carrier or the method of data transfer – if the data subject consents to it expressly or it is allowed under the law and adequate level of protection for personal data is provided in the third country during handling or processing the data handed over.
In case of mandatory data processing, purpose and conditions as well as the range thereof and the possibility to become acquainted with data to be processed, duration of data processing as well as the identity of the data controller are determined by the law which orders data processing or a decree by the local government.
Publication of personal data can be legislated for public interest, by indicating the range of data expressly. In all other cases the consent by the data subject to the publication, in case of special category data his or her written consent, are necessary. When in doubt, it should be assumed that the data subject has not given his or her consent.
The consent by the data subject shall be regarded as given with respect to data which are communicated by him or her during a public appearance or handed over by him or her for the purpose of publication.
In a procedure which has been initiated upon the data subject’s request, his or her consent to processing his or her necessary data shall be assumed and the data subject must be reminded of this fact.
The data subject can give his or her consent also within the frames of a contract which is made with the Data Controller in writing for fulfilling the contents thereof. In this case, the contract shall contain all information which the data subject should know with respect to processing personal data, thus, in particular data to be processed, duration of data processing, purpose of use, transfer of data and engaging the services of a data processor, respectively. The contract shall contain unambiguously and unmistakably that the data subject consents through his or her signature to processing his or her data according to the contract.
The right which is related to the protection of personal data and the personal rights of the data subject cannot be violated – unless the law makes an exemption from it – by other interests related to data processing, the publicity of data of general interest also included.
4. The fundamentals of data processing
Processing of personal data shall always rest on the law or voluntary consent. In certain cases, data processing rests on another legal basis or Article 6 of the regulation, for want of consent.
For its activities, the Data Controller uses its own employees and engages the assistance and services of the following data processors:
– GLS Hungary Zrt.
Registered office: 2351 Alsónémedi, GLS Európa utca 2. Trade Register No.: 13-09-111755 Tax ID No: 12369410-2-44
The range of data transferred: name of the ordering company, delivery address, name, quantity and price of the product, name, telephone number and email address of the representative of the company in charge of receipt
The purpose of data transfer: order fulfillment, invoicing
– DHL Express Magyarország Kft.
Registered office: 1185 Budapest, BUD Nemzetközi Repülőtér 302. ép. Trade Register No.: 01-09-060665 Tax ID No.: 10210798-2-44
The range of data transferred: name of the ordering company, delivery address, name, quantity and price of the product, name, telephone number and email address of the representative of the company in charge of receipt
The purpose of data transfer: order fulfillment, invoicing
– Rynoline Pénzügyi és Számviteli Kft.
Registered office: 8800 Nagykanizsa, 8800 Nagykanizsa, Fő út 10. A. ép. 1. em. 2.
Trade Register No.: 20-09-061606 Tax ID No.: 11346090-2-20 The range of data transferred: as defined in the Accounting Act The purpose of data transfer: as defined in the Accounting Act
The data of the visitors to the website:
When the website operated by the Data Controller is visited, it shall not record the user’s IP address or other personal data thereof.
The HTML code of the website which is operated by the Data Controller may contain independent references arriving from an external server and pointing to an external server for the purpose of web analytics measurements. The measurement covers tracking of conversions too. The web analytics provider does not process personal data, only data related to browsing,
which data are not suitable for identifying individuals.
5. The security of data processing
The Data Controller protects the data, in particular from unauthorized access, modification, transfer, publication, erasure or destruction as well as accidental destruction and damage. The Data Controller shall provide along with the operators of the server for the security of data through technical and organizational measures which provide the level of protection which meets the risks occurring in the course of data processing.
6. The rights of the data subjects
The data subject can request the Data Controller for information about processing his or her personal data, for correction or erasure thereof – with the exception of data processing ordered by a legal regulation – in writing by post (8800 Nagykanizsa, Magyar u. 193-195) or via email (info&printec.hu).
Upon request of the data subject, Data Controller shall give him or her information about his or her data which are processed by the Data Controller, the purpose of data processing, the legislative basis and duration thereof, the name, address (registered office) of the data processor and the data processor’s activities in connection with data processing. Further, it shall give him or her information about those who receive or have received the data and also about the purpose of it.
The Data Controller shall give information in a minimum of time counting from the submission of the request, yet, within 25 days at the latest in writing, in a way which everyone can understand and free of charge.
The Data Controller shall correct personal data which are not true.
The Data Controller shall erase personal data if they are processed unlawfully, if the data subject makes a request for it and if personal data are incomplete or false and this condition cannot be corrected by right, provided that erasure is not excluded by law. Further, when the purpose of data processing does not exist anymore, the deadline – required by law – for storing the data expired or it was ordered by the court or the Data Protection Commissioner.
The Data Controller shall inform the data subject and all those it had transferred the data to for data processing about the correction and erasure. Notification is dispensable if it does not violate the legitimate interest of the data subject with respect to the purpose of data processing.
The data subject shall have the right to object to processing his or her personal data if processing (transfer) of personal data is only needed for enforcing the right or legitimate interest of the data controller or the recipient of data, unless data processing is required by law, use or transfer of personal data take place for the purposes of direct marketing, public opinion polling or scientific research. Enforcement of the right to object is otherwise made possible by law.
The Data Controller shall examine – by deferring data processing at the same time – the objection in a minimum of time counting from the submission of the request, yet, within 15 days at the latest and inform the applicant about the results thereof in writing. Where the objection is justifiable, the Data Controller must stop data processing – further data acquisition and data
transfer included – and block the data. Further, it shall inform all those about the objection and the measure taken due to the objection who the data which are affected by the objection were transferred to previously and who are obliged to take measures for the interest of the enforcement of the right of objection.
The data subject shall have the right to apply to the court or the Data Protection Authorities against the data controller if his or her rights are violated. The possibility of legal remedy or a complaint can be enforced through:
– Nemzeti Adatvédelmi és Információszabadság Hatóság (National Authority for Data Protection and Freedom of Information), 1125 Budapest, Szilágyi Erzsébet fasor 22/c. Telephone: 06-1-391-1400. Email: ugyfelszolgalat@naih.hu. Web: naih.hu
Nagykanizsa, 19 March 2018