
Delete cookies
By using our website, you agree to our use of cookies. Learn more
DATA PROCESSING INFORMATION
ON THE RIGHTS OF THE NATURAL DATA SUBJECT
FOR THE PROCESSING OF HIS/HER PERSONAL DATA
INTRODUCTION
CHAPTER I – DESCRIPTION OF THE CONTROLLER
CHAPTER II – DESCRIPTION OF THE DATA PROCESSORS
CHAPTER III – DATA PROCESSING RELATED TO EMPLOYMENT
CHAPTER IV – DATA PROCESSING RELATED TO CONTRACT
CHAPTER V – DATA PROCESSING BASED ON LEGAL OBLIGATION
CHAPTER VI – OVERVIEW OF THE RIGHTS OF THE DATA SUBJECT
CHAPTER VII – DETAILED INFORMATON ON THE RIGHTS OF THE DATA SUBJECTS
CHAPTER VIII – SUBMISSION OF THE REQUEST OF THE DATA SUBJECT, ACTIONS OF THE CONTROLLER
INTRODUCTION
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: Regulation) lays down that the controller takes appropriate actions in order to render each information on the processing of data for the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, furthermore the controller promotes the execution of the rights of the data subject.
The obligation for information for the data subject is laid down in the Act CXII of 2011 about the right of information self-determination and information freedom, as well.
The information described below should serve as the fulfilment of our legal obligation referred to above.
The information should be published on the website of the Company or should be sent for the data subject upon his/her request.
CHAPTER I
DESCRIPTION OF THE CONTROLLER
Issuer of this information and controller, as well:
Trade name: MERICO Components Zrt
Registered office: 9081 Győrújbarát, Kisbaráti major
Trade register number: Cg.08-10-001826
Tax number: 11701743-2-08.
Represented by: Mak Enrico Chief Executive Officer
Phone: +36-96-543-783
Fax: +36-96-543-784
E-mail address: enrico.mak@merico.net
Website: www. merico.hu
(hereinafter: Company)
CHAPTER II
DESCRIPTION OF DATA PROCESSORS
Data processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Article 4 paragraph 8 of the Regulation).
For the employment of the data processor no prior consent of the data subject is required, but the data subject must be informed. Consequently, we render the information below:
For the maintenance and management of its website our Company employs a data processor, which provides the IT services (web hosting) and thereby it manages the personal data provided on the homepage – for the duration of our contract made by it – it is responsible for the storing of personal data on the server.
This data processor is described below:
Trade name: Abakusz Kft.
Registered office: 9023-Győr, Attila utca 24
Trade register number: 08-09-004296
Tax number:11136413-2-08
Represented by: Mr. Miklós Budai
Phone:+36-96-550-212
Fax: +36-96-550-231
E-mail address:info@abakusz.hu
Website: www.abakusz.hu
In order to perform its tax and accountancy obligations our Company employs an external service provider by a contract on bookkeeping services, which manages also the data of natural persons being either as contracting parties or disbursers, in order to fulfil the tax and accountancy responsibilities of our Company.
This data processor is described below:
Trade name: ICT Europa Finance Kft.
Registered office:1117-Budapest, Fehérvári út 50-52
Trade register number: 01-09-935243
Tax number:12457124-2-43
Represented by: Mr. György Lovász
Phone:+36-1-3344279
These data processors receive the personal data necessary for the delivery of the ordered product from our Company (name, address, phone number of the data subject), and according to these data the product will be delivered.
These services providers are:
The Hungarian Post Office
Carrier service
Trade name: DPD Hungária Kft.
Registered office:1158-Budapest, Késmárk u. 14 B.ép.
Trade register number: 01-09-888141
Tax number:13034283-2-42
Represented by: Mr. Szabolcs Czifrik
Phone: +36-1-5016200
On behalf of our Company this data processor – for the duration of the contract made with it – carries out camera monitoring at work and the associated processing.
Name of the service provider: "Megoldás" Kft.
Trade name: "Megoldás" Kft.
Registered office: 1046-Budapest, Podmaniczky u. 57. 2.em. 14
Trade register number:01-09-196903
Tax number: 22468091-2-08
Represented by: Mr. Csaba Pákozdi
Phone: +36-30-9299135
CHAPTER III
DATA PROCESSING RELATED TO EMPLOYMENT
(1) In terms of the employees solely such data may be requested and recorded, and such job-related medical eligibility examinations may be carried out which are necessary for the establishment, maintenance or termination of employment and for the provision of social-welfare benefits, provided that these examinations do not infringe the individual rights of the employee.
(2) By reason of the enforcement of the legal interests of the Company as employer (Article 6 paragraph (1) clause f) of the Regulation) the following data of the employee are managed for the purpose of the establishment, performance or termination of the employment:
and any data recorded by geographical positioning systems.
(3) Data concerning illness and trade union membership are managed by the employer only in order to meet any right or obligation defined by the Labour Code.
(4) Recipients of the personal data are: head of the employer, exerciser of the powers of the employer, employees and data processors of the Company responsible for labour duties.
(5) The owners of the Company can have access only to the personal data of the senior officials.
(6) Duration of the storing of personal data: 3 years of the termination of employment.
(7) The data subject must be informed prior to the commencement of the data processing that the data processing is based on the Labour Code and the enforcement of the legitimate interests of the employer.
(1) For the employee only such eligibility examination may be applied which is provided for by a rule for employment, or which is required to exercise a right or to meet an obligation defined by a rule for employment. Prior to the examinations the employees must be informed in detail among others what skills and capacities the eligibility examination is focused on, and by what means and method the examination takes place. If the examination is provided for by law, then the employees must be informed on the title of the law and the exact paragraph of the law, as well.
(2) The employer can make the employees fill in the test sheets concerning the eligibility and preparedness for work either before the establishment of employment or during the existence thereof.
(3) Test sheets clearly in relation with employment aimed at a more efficient provision and organization of the workflows may be completed by a larger group of employees only for the searching of psychological or personality features, provided that the data coming to surface during the assessment cannot be connected to either particular employee, that is the processing of the data takes place anonymously.
(4) Range of the personal data eligible for processing: fact of the eligibility for the given job, the associated terms and conditions.
(5) Legal basis for the data processing: legitimate interest of the employer.
(6) Purpose of the processing of personal data: the establishment, maintenance of employment, occupation of a job.
(7) Recipients and categories of recipients of the personal data are: The result of the examination can be made known for the examined employees and the professional who carried out the examination. The employer can have access only to information whether the examined person is suitable for the job or not, and what conditions should be provided for that. The details of the examination and the entire documentation thereof remain, however, hidden for the employer.
(8) Duration of the processing of the personal data: 3 years of the termination of employment.
(1) Range of the data which can be processed: name, date and place of birth of the natural person, mother’s name, address, data for mail delivery, photo, phone number, email address, notes (if any) made by the employer about the applicant.
(2) Purpose of the processing of personal data: to evaluate the application, to conclude a contract of employment with the selected person. The person concerned should be informed if the employer has selected other than him/her for the job.
(3) Legal basis for the data processing: consent of the data subject.
(4) Recipients of the personal data and the categories of the recipients: manager authorized to exercise the rights of employer at the Company, employees responsible for labour duties.
(5) Duration of the storing of personal data: Until the application is evaluated. The personal data of applicants who have not been selected must be erased. Data must be also erased for persons, who have withdrawn from the application.
(6) The employer can keep the applications only if the explicit, clear and voluntary consent of the data subject is in place, provided that the employer needs this keeping in order to achieve its purpose of data processing in compliance with the laws. The said consent must be requested from the applicants as soon as the application procedure is closed.
(1) If the Company makes an email box available for the employee, this email address and box can be used by the employee solely for the purpose of his/her job in order that the employees could communicate with each other via this box, or they could exchange mail with customers, other persons or entities.
(2) The employee is not authorized to use the email box for private purposes, personal mail cannot be stored there.
(3) The employer is authorized to control the full contents and the use of the email box on a regular basis – every 3 month – and this time the legal basis of data processing is the legitimate interest of the employer. The control aims at the checking of the observance of the employer’s instruction for the use of the email box, as well as at the checking of the obligations of the employee (articles 8 and 52 of the Labour Code).
(4) The control may be carried out by the head of the employer or the exerciser of the rights of the employer.
(5) If it is not excluded by the conditions of the control, it must be ensured that the employee be there at the control.
(6) Prior to the control the employee must be informed on by what interest of the employer the control takes place, who is authorized to carry out the control on part of the employer, - according to what rules the control can take place (observation of the gradualism) and what is the course of the procedure, - what rights and remedies are available for the employee for the data processing in connection with the control of the email box.
(7) During the control gradualism is to be applied, therefore it must be stated primarily from the address and the subject matter of the email, that it is connected with a task of the job of the employee rather than private. The contents of non-private emails may be examined by the employer without restriction.
(8) If contrary to the provisions of these instructions it can be found that the employee has used the email box for private use, the employee must be requested to erase the personal data without delay. In the absence of the employee or in case of the failure of his/her cooperation the personal data will be erased by the employer. Due to any use of the email box contrary to these instructions the employer has the power to apply legal consequences of the labour law against the employee.
(9) As to the data processing associated with the control of the email box the employee may have the rights described in the chapter about his/her rights concerned.
(1) Computers, laptops, tablets made available by the Company for the employee for the purpose of working can be used by the employee solely for the duties of his/her job, the private use of these are prohibited by the Company, the employee is not authorized to process or store any of his/her personal data or correspondence on these data carriers. For the control of these data carriers by the employer and for the legal consequences thereof the provisions under clause 1.4 above are otherwise governing.
(1) The employee is authorized to view websites only, which are in relation with the tasks of his/her job, the internet use at work for private purpose is prohibited by the employer.
(2) It is the Company, which is the authorized entity of the internet registrations carried out on behalf of the Company as a task of a job, and during registration an ID and password referring to the Company must be applied. If personal data must be also provided for the registration, the erasure of these must be initiated by the Company as soon as the employment is terminated.
(3) The internet use of the employee at work can be controlled by the employer, for which and for its legal consequences the provisions in clause 1.4 are governing.
(1) The employer does not allow the private use of company mobile phones, mobile phones can be used only for purposes in relation with the work, and the employer is authorized to check the call numbers and data of any outgoing calls and the data stored on the mobile phones.
(2) The employee is obliged to notify the employer if he/she has used the company mobile phone for private purpose. In this case the checking can be carried out so that the employer requests detailed call records from the phone service provider, by requesting the employee to make the called number unrecognizable on the document in the case of private calls. The employer may provide for that the costs of private calls be borne by the employee.
(3) Otherwise, the provisions in clause 1.4 are governing for the control and its legal consequences.
(1) The legal basis for the use of a GPS system is the legitimate interest of the employer, aiming at the organization of work, logistics, the control of the fulfilment of the obligations of the employee.
(2) Processed data: registration number of the motor vehicle, driven route, distance, duration of the motor vehicle use.
(3) The control can be made only during working hours and the geographical location of the employees cannot be checked beyond the working hours. Otherwise the provisions in clause 1.4 are governing for the control by the employer and for its legal consequences.
(1) Our company uses an electronic monitoring system at its registered office, site (excluding offices) in order to safeguard human life, physical integrity, personal freedom, trade secrets and for security, which ensures video-, audio-, or video- and audio recordings, and on the basis of these the behaviour of the person concerned can be deemed personal data, too, which is recorded by the camera.
(2) The legal basis for this data processing is the enforcement of the legitimate interests of the employer and the consent of the data subject.
(3) As to the fact of the use of an electronic monitoring system in the given area a clear sign as information should be installed on a well visible place in a well eligible manner in order to promote the orientation of third parties who wish to appear in the area. The information sign should be rendered for each camera. This information comprises also information on the fact of the monitoring pursued by the electronic security system, as well as on the purpose of the recording and storing of the video- and audio recordings recorded by the system including personal data, on the legal basis of the data processing, the location of the storing of the recordings, the duration of storing, the identity of the user (operator) of the system, the range of persons authorized to know the data, and on the provisions about the rights of the data subjects and the order of the enforcement thereof.
(4) Any video- and audio recordings about the third parties entering the monitored area (customers, visitors, guests) may be made and processed only subject to their consent. This consent can be rendered also by implied conduct. The implied conduct includes in particular if the natural person staying there enters the monitored area in spite of the information sign describing the use of the electronic monitoring system placed there.
(5) The records made can be kept not longer than 3 (three) working days if they are not used any more. The term use is defined so that the video-, audio, or video- and audio recordings as well as any other personal data are intended for use as evidence at a judicial or other official proceedings.
(6) Those whose right or legitimate interest is affected by the recording of the video-, audio-, or video- and audio data may request within three working days of the recording of the video-, audio-, or video- and audio data, that these data be not destructed or erased by the controller thereof.
(7) It is not allowed to install any electronic monitoring system in premises, where the monitoring may infringe the human dignity, in particular in dressing rooms, shower rooms, water closets or for instance in medical rooms, and in the waiting room connected thereto, as well as in premises which serve as a room for relaxation for the employees at work.
(8) If nobody is allowed to stay lawfully in the area of the working place – in particular beyond working hours and on bank holidays – then the full territory of the working place (such as the dressing rooms, water closets, premises serving for relaxation) can be monitored.
(9) The data recorded by the electronic monitoring system may be viewed in addition to those authorized thereto by law by the processing staff, the head of the employer and his/her deputy, as well as the head of the working place of the monitored area in order to detect any infringements and to control the operation of the system.
CHAPTER IV
DATA PROCESSING RELATED TO CONTRACT
(1) For the purpose of the execution, fulfilment, termination of a contract or rendering of any contractual discount the Company – on the basis of the fulfilment of the contract – processes the data of natural persons entering into contract with it as buyers or suppliers, including name, birth name, date of birth, mother’s name, address, tax ID, tax number, number of the sole trader’s licence and the certificate of licensed traditional small-scale producers, number of the identity card, address, registered office, site, phone number, email address, website, bank account number, buyer number (customer number, purchase order number), online ID (list of buyers, suppliers, list of regular customers). This data processing is deemed lawful even if the data processing is necessary to take actions upon request of the data subject prior to the conclusion of the contract. Recipients of the personal data are: employees responsible for the tasks of customer service at the Company, employees for bookkeeping and taxation, and data processors. Duration of the processing of personal data: 5 years as of the termination of the contract.
(2) The data subject must be informed prior to the commencement of the data processing that the data processing is based on the legal title “performance of contract”, this information can be rendered also in the contract.
(3) The data subject must be notified that his or her personal data have been forwarded to the controller.
(1) Personal data eligible for processing: name, address, phone number, email address, online ID of the natural person.
(2) Purpose of the processing of personal data: performance of the contract concluded with the legal entity partner of the Company, business communication, its legal basis: consent of the data subject.
(3) Recipients of the personal data, and categories of recipients: employees responsible for the customer service for the Company.
(4) Duration of the storing of personal data: 5 years as of the termination of the business relationship, or the termination of the capacity of the data subject as representative.
(1) Cookies are short data files placed by the visited homepage on the computer of the user. Cookies are intended to facilitate and to make more comfortable the given infocommunication, internet service. They have several types, but they can be classified in two large groups in general. The one is the temporary cookies which are placed on the data carrier of the user by the homepage only during a given operation (e.g. during the security identification of an internet banking), and the other is the permanent cookie (e.g. language setting of a homepage), which remains on the computer as long as it is erased by the user. By virtue of the directives of the European Commission cookies may be placed on the data carrier of the user only with the consent of the user [unless they are absolutely necessary for the use of the given service].
(2) For cookies not requiring the consent of the user information must be rendered when the homepage is visited for the first time. It is not necessary to display the full text of the information for cookies on the homepage, it is enough that the operators of the homepage give a brief summary of the essence of the information, by referring to the access details of the full information via a link.
(3) For cookies requiring a consent the information can connect also to the first visit of the homepage if the data processing associated with the use of cookies begins already by the visiting of the site. If the use of the cookie is connected to the use of the function explicitly requested by the user, then the information can also be displayed in relation with the use of this function. It is not necessary in this case either to display the full text of the information for cookies on the homepage, it is enough to give a brief summary of the essence of the information, by referring to the access details of the full information via a link.
(1) As it is a usual internet practice, our Company also uses cookies on its website. The cookie is a small file containing a row of characters, which appears on the computer of the visitor, when he/she visits a given website. When he/she visits this website again, the website is able to recognize the browser of the visitor due to the cookies. The cookies can store settings of the user (e.g. selected language) and other information, as well. They collect among others information on the visitor and his/her data carrier, they will remember the individual settings of the visitor, they can be used for example when the online shopping baskets are used. In general the cookies facilitate the use of the website, they promote that the website be a real web adventure and efficient source of information for the users, furthermore they enable the operator of the website to control the operation of the site, to prevent any misuse and to provide the undisturbed services at a high level on the site.
(2) During the use of the website the homepage of our Company records and processes the following data about the visitor and the data carrier used by him/her for browsing:
• the IP address used by the visitor,
• the type of the browser,
• features of the operating system of the data carrier used for browsing (language set),
• time of the visit,
• the visited (sub)site, function or service.
(3) The acceptance and approval of the use of cookies are not obligatory. You can reset the settings of your browser in order that it refuses all cookies or report if the system is just sending a cookie. Although the majority of the browsers automatically accept cookies as default, but these can be changed in general in order that the automatic acceptance be prevented and the option of selection be offered at each time.
For the cookie settings of the most popular browsers, please see the links below:
• Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu
• Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn
• Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11
• Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
• Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9
• Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8
• Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq
• Safari: https://support.apple.com/hu-hu/HT201265
Beyond all the above you should remember, however, that certain website functions or services may not function correctly without cookies.
(4) The cookies used on the website themselves are not suitable for the identification of the person of the user.
(5) Cookies used on the website of the Company:
These cookies are necessary in order that visitors can browser on the website, use the functions thereof and the services accessible through the website smoothly and fully, including but not limited to the remembering the operations, which were carried out by the visitor on the given site during a given visit. The duration of the data processing of these cookies applies solely to the current visit of the visitor, and as soon as the operation is finished or the browser is closed, this type of the cookies is automatically erased from the computer.
Processed data range: AVChatUserId, JSESSIONID, portal_referer.
Legal basis for this data processing is article 13/A section (3) of the Act CVIII of 2001 about certain issues of electronic commercial services and the information social services (Hung. abbr.: Elkertv.)
Purpose of the data processing: to ensure the proper operation of the homepage.
These enable the Company to remember the selections made by the user in relation with the homepage. Prior to the use and during the use of the service the visitor may prohibit this data processing at any time. These data cannot be connected with the identification data of the user and they cannot be disclosed to any third parties without the consent of the user.
2.1. Cookies to promote the use:
Legal basis for the data processing is the consent of the visitor.
Purpose of the data processing: To increase the effectiveness of the service, to improve the user’s adventure, to make the use of the homepage more comfortable.
Duration of the data processing: 6 months.
2.2. Cookies to provide performance:
For more details on Google Analytics cookies – see:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
For more details on Google AdWords cookies - see:
https://support.google.com/adwords/answer/2407785?hl=hu
(1) The Company operates a Facebook site in order to make its products, services known and more popular.
(2) Questions published on the Facebook site of the Company are no official complaints.
(3) Personal data published by visitors on the Facebook site of the Company are not processed by the Company.
(4) For visitors the Terms and Conditions for Data Protection and Service of Facebook are applicable.
(5) In case of the publication of any illegal or infringing contents the Company is authorized to exclude the data subject from the members without prior notice or it can delete his/her remarks.
(6) The Company is not liable for any data contents and remarks published by Facebook users, which are contrary to the law. The Company is not liable for any error, breakdown arising from the operation of the Facebook, or for any problem resulting from the alteration of the operation of the system.
CHAPTER V
DATA PROCESSING BASED ON LEGAL OBLIGATIONS
(1) By title of the fulfilment of a legal obligation the Company processes the legally required data of natural persons coming into contact with it as buyers and suppliers, in order to meet its taxation and accountancy responsibilities defined by law (bookkeeping, taxation). The processed data include, in accordance with articles 169 and 202 of the Act CXXVII of 2017 about value added tax, in particular: tax number, name, address, taxation status; according to article 167 of the Act C. of 2000 about accountancy: name, address, description of the person or entity who or which ordered the business transaction, signature of the person making the remittance and the person confirming the execution of the order as well as of the controller subject to the entity; signature of the receiver on the documents of the inventory movements and the cash-flow, signature of the person paying in on the counter-receipts; according to the Act CXVII of 1995 about personal income tax (hereinafter: Szja.): number of the sole trader’s license, number of the certificate of the licensed traditional small-scale producer, tax ID.
(2) Duration of the storing of personal data is 8 years of the termination of the legal relations serving as legal basis.
(3) Recipients of the personal data are: employees and data processors of the Company responsible for bookkeeping, payroll calculation and social security matters.
(1) By virtue of the fulfilment of a legal obligation the Company processes the personal data provided for by tax laws of those data subjects – employees, their family members, workers, persons receiving other benefits – with whom it has relations as disbursers (Act 2017:CL about the order of taxation (hereinafter: Art.) article 7 section 31) in order to fulfil the legally defined obligations for the payment of taxes and contributions (assessment of taxes, tax advance payments, contributions, payroll calculation, social security and pension administration). The range of the processed data is defined in article 50 of Art, in particular: the data for natural identification of natural persons (including the former name and title), gender, nationality, tax ID of the natural person, his/her social security number. If this is combined with legal consequences by the laws, the Company may process the data of the employees concerning health care (§ 40 Szja.) and the membership of a trade union (§ 47 section (2)b/ Szja.) in order to fulfil the obligations of the payment of taxes and contributions (payroll calculation, social security administration).
(2) Duration of the storing of personal data is 8 years of the termination of the legal relations serving as legal basis.
(3) Recipients of the personal data are: employees and data processors of the Company responsible for taxation, payroll calculation, social security matters (disbursement).
CHAPTER VI
OVERVIEW OF THE RIGHTS OF THE DATA SUBJECT
In this chapter we give a brief overview of the rights of the data subject for the purpose of transparency, the detailed information on the exercise of which is described in the next chapter.
Right to have prior information
The data subject is authorized to receive information on the facts and information related to the data processing prior to the commencement of the data processing.
(Articles 13 and 14 of the Regulation)
For more information on the detailed rules see next chapter.
Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the related information defined in the Regulation.
(Article 15 of the Regulation).
For more information on the detailed rules see next chapter.
Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
(Article 16 of the Regulation).
Right to erasure (‘right to be forgotten’)
(Article 17 of the Regulation)
For more information on the detailed rules see next chapter.
Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where the conditions defined in the Regulation apply.
(Article 18 of the Regulation)
For more information on the detailed rules see next chapter.
Notification obligation regarding rectification or erasure of personal data or restriction of processing
The controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.
(Article 19 of the Regulation)
Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
(Article 20 of the Regulation)
For more information on the detailed rules see next chapter.
Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point e) (the data processing is of public interest or it is necessary to carry out a task in the framework of the exercise of a licence of public power delegated to the controller) or f) (the processing is required to enforce the legitimate interests of the controller or a third party) of Article 6(1) of the Regulation.
(Article 21 of the Regulation)
For more information on the detailed rules see next chapter.
Automated individual decision-making, including profiling
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
(Article 22 of the Regulation)
For more information on the detailed rules see next chapter.
Restrictions
Union or Member State law to which the data controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22.
(Article 23 of the Regulation)
For more information on the detailed rules see next chapter.
Communication of a personal data breach to the data subject
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
(Article 34 of the Regulation)
For more information on the detailed rules see next chapter.
Right to lodge a complaint with a supervisory authority (right to official remedy)
The data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
(Article 77 of the Regulation)
For more information on the detailed rules see next chapter.
Right to an effective judicial remedy against a supervisory authority
Each natural or legal person shall have the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them, or where the supervisory does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged.
(Article 78 of the Regulation)
For more information on the detailed rules see next chapter.
Right to an effective judicial remedy against a controller or processor
Each data subject shall have the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.
(Article 79 of the Regulation)
For more information on the detailed rules see next chapter.
CHAPTER VII
DETAILED INFORMATION ON THE RIGHTS OF THE DATA SUBJECT
Right to have prior information
The data subject is authorized to receive information on the facts and information related to the data processing prior to the commencement of the data processing.
(Article 13 of the Regulation)
(Article 14 of the Regulation)
Right of access by the data subject
(Article 15 of the Regulation)
Right to erasure (‘right to be forgotten’)
(Article 17 of the Regulation)
Right to restriction of processing
(Article 18 of the Regulation)
Right to data portability
(Article 20 of the Regulation)
Right to object
(Article 21 of the Regulation)
Automated individual decision-making, including profiling
(Article 22 of the Regulation)
Restrictions
(Article 23 of the Regulation)
Communication of a personal data breach to the data subject
(Article 34 of the Regulation)
Right to lodge a complaint with a supervisory authority
(Article 77 of the Regulation)
Right to an effective judicial remedy against a supervisory authority
(Article 78 of the Regulation)
Right to an effective judicial remedy against a controller or processor
(Article 79 of the Regulation)
CHAPTER VIII
LODGING OF THE REQUEST OF THE DATA SUBJECT,
ACTIONS OF THE CONTROLLER
It is the responsibility of the controller to prove whether the request has a clearly unjustified or exaggerated nature.
Győrújbarát, 23 May 2018