Privacy policy
FINES FINIUM STUDIO COOKIE RULES
What is a cookie file?
A cookie is a small file created when you visit a web page. The purpose of cookies is to improve the user experience of websites Fines Finium Stuido, of course, respects the protection of your personal information. Therefore, we are happy to share with you what types of cookies we use and how you can prevent them from being saved to your computer, and the consequences for you as a user of the website. Cookies are primarily processed by the servers or operators of the websites in question, and also by the operators of the advertising systems used on those websites. Cookies are processed for the time needed to use them, but the maximum is 1 year after the cookie was created.
We use three types of cookies on our sites:
1. Cookies are absolutely necessary
These cookie files are absolutely necessary for you to browse the site and to use special features of the site, such as accessing the secure part of the web pages. For example, they allow you to use a shopping cart or check the status of your order. Permanent cookies are generally not used in this category unless they are really needed.
2. Functional cookies
These cookies collect information about the user's behavior. For example, they allow us to remember your login information, to keep your information secure, and to ensure the consistency of our pages. These cookies will not be deleted after you have finished browsing the website.
3. Performance cookies
Performance cookies collect information about how you use websites. This allows us to understand how visitors use our websites and then improve the look, content and functionality of our pages.
4. Special, so-called. targeting cookies
Advertising cookies allow you to share and like it. In addition, information is sent by a number of other websites so that they can personalize their ads to best suit your interest.
Set cookies
Most web browsers support the management of cookies. When you set up your browser, you can manually delete, stop, or completely disable individual cookies. You can only allow cookies on certain websites. On our sites you can easily and freely block the processing of cookies through your browser. If you enable cookies in your browser, we assume that you accept the standard cookies used by our servers and websites.
Learn more at http://www.youronlinechoices.com/
PRIVACY POLICY
1. INTRODUCTION
Fines Finium Studio Design and Service Limited Liability Company (address: 1113 Budapest, Hamzsabégi út 60 / D / IV / 150., Company registration number 01-09-983203; tax number 23895632-1-43; "Service Provider") (the " hereinafter referred to as "Data Controller"), as a data controller, acknowledge that you are bound by the contents of this legal notice. The Data Controller undertakes to ensure that all data management related to its activities complies with the requirements set out in this Policy and applicable legislation.
The scope of this Privacy Policy and the Prospectus (the “Privacy Policy”) covers the data processing performed by the Data Controller.
REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) 27.), the following information is provided.
This Privacy / Privacy Policy and Notice also govern the privacy of the following pages:
The privacy / privacy policy and information is available at: http://ffstudio.hu/en/privacy-policy
The Data Controller reserves the right to change this information at any time. Of course, you will inform your audience in good time of any changes. If you have any questions regarding this communication, please write to us and we will answer your question. Amendments to the prospectus will take effect upon publication at the above address.
2. DATA MANAGER AND CONTACTS
Name: Fines Finium Studio Kft.
Headquarters: 1113 Budapest, Hamzsabégi út 60 / D / IV / 150.
Location: 9100 Tét, 33 Szabadság Street.
Office- Budapest: 1119 Budapest, Etele út 26/74.
Represents: Aggné Magyar Csilla, Managing Director
E-mail: Office (at) ffstudio.hu
Phone: + 36-20 / 508-0878
Website: www.ffstudio.hu
3. COMMON DATA MANAGEMENT
3.1. The Data Controller shall inform the data subjects that, due to his / her role, other data controllers are or may be involved in the performance of the task belonging to the Data Controller. In this context, joint processing of data under Article 26 of the GDPR Regulation will take place. For the purposes of this Article, where the purposes and means of data processing are jointly determined by two or more data controllers, they shall be considered as joint controllers.
The joint controllers shall determine in a transparent manner, by agreement between them, the allocation of their responsibilities for the fulfillment of their obligations under this Regulation, in particular as regards the exercise of their rights and the provision of information referred to in Articles 13 and 14, except and to the extent , if and to the extent that the responsibilities of data controllers are governed by Union or national law applicable to them.
The role of the joint controllers vis-à-vis the stakeholders and their relationship with them should be reflected in this agreement. Irrespective of the terms of the above agreement, the data subject may exercise his or her rights under this Regulation in respect of each controller.
3.1.1. SHARED DATA:
- Name of builder, owner, customer
- Address of builder, owner, customer
- Address of the site affected by the design, Mr.
- Phone number of builder, owner, customer
- E-mail address of the builder, owner, customer
3.1.2. DATA MANAGERS (PROFESSIONAL DESIGNERS, SUBCONTRACTORS):
Name: Árva Péter EV.
Headquarters: 1094 Budapest, Viola utca 48. II. em. 30.
Email: peter.arva(at)eromuvesz.hu
Phone: +36-30/700-5427
Name: DIMER Építőipari, Kereskedelmi és Szolgáltató Kft.
Headquarters: 2191 Bag, Állomás utca 2.
Represented by: Gábor László managing director
Email: gabor.laszlo(at)dimerkft.hu
Phone: +36-1/222-0468
Name: Fischer György EV.
Headquarters: 1119 Budapest, Csorbai utca 13. 2. em. 1. ajtó
E-mail: fandf(at)chello.hu
Phone: +36-30/954-2430
Name: Nagypál Géza EV.
Headquarters: 2030 Érd, Izabella utca 1.
E-mail: nagypalgeza(at)grandvill.hu
Phone: +36-30/951-5298
Name: Grand-Vill Mérnöki Iroda Kft.
Headquarters: 9789 Sé, Zsigmond király utca 4.
Branch: 2030 Érd, Izabella utca 1.
Represented by: Nagypál Géza managing director
E-mail: nagypalgeza(at)grandvill.hu
Phone: +36-30/951-5298
Name: FireCAD Kft.
Headquarters: 8200 Veszprém, Vécsey utca 4/C.
Represented by: Garabics Tibor managing director
E-mail: tervezes(at)firecad.hu
Phone: +36-20/511-1571
4. DEFINITIONS
4.1. "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); identifiable by a natural person who, directly or indirectly, in particular by reference to one or more factors such as name, number, position, online identification or to one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity of the natural person identified;
4.2. "Data management" means any combination of operations, whether automatic or not, performed on personal data or data files, such as collection, recording, systematization, classification, storage, transformation or alteration, retrieval, access, use, communication, distribution or any other means; making available, coordinating or linking, limiting, deleting or destroying;
4.3. "Controller" means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of data processing are determined by Union or Member State law, the controller or the specific criteria for designating the controller may be defined by Union or Member State law;
4.4. "Processor" means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
4.5. "Recipient" shall mean any natural or legal person, public authority, agency or any other body to whom or to whom personal data are disclosed, whether a third party or not. Public authorities which have access to personal data in the framework of a specific inquiry in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
4.6. "Consent of the data subject" means the voluntary, explicit and unambiguous expression of the will of the data subject, by which the data subject, by means of a statement or act unambiguously confirming his or her consent, signifies his or her consent to the processing of personal data concerning him or her;
4.7. "Data incident" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
5. PRINCIPLES FOR THE MANAGEMENT OF PERSONAL DATA
5.1. its administration must be conducted in a lawful and fair manner and in a manner that is transparent to the data subject ('legality, due process and transparency');
5.2. collected for specified, explicit and legitimate purposes and not furthered in a way incompatible with those purposes; further processing of data for archiving purposes in the public interest, for scientific and historical research or for statistical purposes ("purpose limitation") shall not be considered incompatible with the original purpose, in accordance with Article 89 (1);
5.3. they must be appropriate and relevant to the purposes for which the data are processed and must be limited to what is necessary ('data-saving');
5.4. they must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data which are inaccurate for the purposes for which they are processed are erased or rectified without delay ("accuracy");
5.5. it must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period only if they are processed for archiving in the public interest, for scientific and historical research purposes or for statistical purposes in accordance with Article 89 (1). subject to the implementation of appropriate technical and organizational measures to protect its freedoms ("limited storage");
5.6. shall be handled in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, through the use of appropriate technical or organizational measures ("integrity and confidentiality").
5.7. The controller is responsible for compliance with the above and must be able to justify such compliance ("accountability").
5.8. both in determining the manner of data management and in the course of data management, the Data Controller shall implement appropriate technical and organizational measures, such as pseudonymization, for the effective implementation of the above principles, the fulfillment of obligations, the incorporation of legal guarantees, etc. and all these are regulated and documented in detail. In practice, this mindset is facilitated by impact assessment, risk analysis, and privacy by design ("Privacy by design") used in employee education, data protection awareness, and implementation and / or periodic review of each data management.
5.9. personal data will retain this quality during data management as long as the relationship with the data subject can be restored. The data subject can be restored if the Data Controller has the technical conditions necessary for the restoration.
Based on the principles listed above, the Data Controller shall pay particular attention to the protection of the personal data of minors and children under the age of 16 who are incapacitated for action and children. Their statement requires the consent of their legal representative, except for those parts of the service where the statement is intended for mass data processing in everyday life and does not require special consideration.
The Data Controller shall process personal data only for specified purposes, in order to exercise its rights and fulfill its obligations. The Data Controller declares that at all stages of its processing the data are fit for purpose and that the data are collected and handled fairly. The Data Controller declares that it handles only such personal data as is necessary for the purpose of the data management, is suitable for the purpose and only to the extent and for the time necessary to achieve the purpose.
The Data Controller declares that it will only process personal data with the informed consent. The Data Controller shall duly inform the data subject prior to the commencement of data management that data processing is consent or obligatory.
The data subject shall be informed, in a clear, comprehensible and detailed manner, of all facts relating to the processing of the data, including in particular the purpose and legal basis of the data processing, the data subject and the duration of the data processing. it handles it for the purposes of fulfilling a legal obligation to which the controller is subject, or to enforcing a legitimate interest of a third party, or who has access to the data. The information shall also cover the data subject's rights and remedies.
The Data Controller shall ensure the accuracy, completeness and up-to-date nature of the data during the data management and ensure that the data subject can be identified only for the time necessary for the purpose of data management.
The Data Controller shall process the personal data in a lawful and fair manner and in a manner that is transparent to the data subject. Infotv. Pursuant to Article 2 para. (2) of the Infotv. The Decree shall be applied together with the following addition specified in Section 4 para. (5):
'The processing of personal data shall be considered to be fair and lawful if the person seeking the information of the data subject visits the data subject's place of residence or place of residence in order to ensure his or her freedom of expression, goal. No personal request may be made on a public holiday on the basis of the Labor Code. ”
The Data Controller does not verify the personal data provided to him. The accuracy of the data provided is the sole responsibility of the person providing it (the Data Subject). By entering any e-mail address of the Affected Person, you are also responsible for using the service from the e-mail address you provide only.
With respect to this liability, any liability in connection with accesses to a specified email address shall be the sole responsibility of the Person who has registered the email address.
You may use the www.ffstudio.com site without providing your personal information, and as such the use of the site is not subject to the general privacy policy.
Data generated while browsing the Website are in no way stored or managed by the Data Controller in a way that is specific to the individual concerned.
6. DATA MANAGEMENT
6.1. SOME DATA MANAGEMENT BY THE SERVICE PROVIDER (DATA MANAGER)
The Service Provider will provide personal data on the voluntary consent of (I) stakeholders; and (II) handle certain statutory regulations (such as Act XCII of 2003 on Taxation or Act CXVII of 1995 on Personal Income Tax), as detailed below.
The Service Provider draws the attention of those who disclose data to them, that if they do not provide their personal data, it is the duty of the data provider to obtain the consent of the data subject.
The Service Provider informs its clients that it may contact the Service Provider for the purpose of providing information, communicating, transferring or making available documents on the basis of the authorization of a court, prosecutor, investigating authority, violation authority, administrative authority, data protection commissioner or other authority. The Service Provider will provide personal data to the authorities, provided the authority has indicated the exact purpose and scope of the data, only to the extent and to the extent necessary to fulfill the purpose of the request.
6.2. DATA HANDLED DURING USE OF THE WEBSITE
You may use www.ffstudio.com without your personal information, and as such the use of this website is not subject to the general privacy policy.
Data generated while browsing the Website are in no way stored or managed by the Data Controller in a way that is specific to the individual concerned.
6.3. COOKIE MANAGEMENT OF THE WEBSITE www.ffstudio.com
The operator of the www.ffstudio.hu website provides a small data package on the user's computer for personalized service. places and reads cookies, but does not use personal data to process cookies.
Legal basis for data management: Eker tv. §§ 13 (3) and (4), the statutory provisions of Article 5 (3) of Directive 2002/58 / EC, and the Ehtv. §155 (4), the consent of the data subject is requested and recorded at the time of first accessing the websites.
More information about cookies can be found at: https://www.ffstudio.hu/adatvedelem
The user can delete the cookie from his / her own computer or disable the use of cookies in his / her browser. Cookies are usually managed in the browser's Tools / Settings menu under Privacy settings, called a cookie or cookie.
6.4. REMARKETING ACTIVITY DATA MANAGEMENT
The Data Controller informs the Stakeholders that the Facebook remarketing code has been implemented on the website www.ffstudio.hu. The IP address of visitors to our site is recorded by Facebook and offers ads on the Facebook message board for 11 days after the visit.
Purpose of Data Management: The Data Controller uses the Facebook remarketing pixel to increase the effectiveness of Facebook ads, to build a remarketing list. This way, when you visit the Website, you can place ads on third-party websites, such as Facebook.
Stakeholders: Any natural person who orders on the Controller's website.
Legal basis for data processing: the data subject's consent is in accordance with Article 6 (1) (a) of the Regulation and Eker tv. Based on.
Duration of data management: By default, up to 11 days after the visit or by deletion by the data subject.
Description of activity and process involved in data management:
By using the Website, the Visitor consents to the said codes being stored on your computer and accessible to the Data Controller. Codes are generally stored for 11 days, but you can use your browser to set up and block code activity. However, please note that in the latter case, you may not be able to use all the features of the website without using the codes. You can read more about Facebook Remarketing at: https://www.facebook.com/business/help/651294705016616
6.5. HANDLING CUSTOMER DATA CONCERNING INTEREST AND QUOTATION
Purpose of data management: answering inquiries / quotes, keeping in touch.
Legal basis for data processing: consent of the data subject (Article 6 (1) (a) GDPR).
Scope of managed data: personal information (name, address, telephone number, fax, e-mail, building address, topographical number) provided during quotation requests and inquiries, by telephone or online.
Stakeholders: All stakeholders have been contacted by the controller through the website's contact form or through other online channels over the phone.
Duration of data processing: 5 years or until the request for cancellation is addressed to the data controller concerned.
Data transfer: -
Data processing: -
6.6. HANDLING CUSTOMER DATA CONCERNING CONTRACTING AND BILLING
Purpose of data management: ordering the service, serving it, documenting the purchase and payment, and fulfilling the accounting obligation.
Legal basis for data management: consent of the data subject - by contract (Article 6 (1) (a) GDPR) and legal obligation (Article 6 (1) (c) of the Regulation, CXXVII of 2007 on Value Added Tax) . 159 (1) and Act C of 2000 on Accounting).
Managed Data: personal customer information (name, address, phone number, email, bank account number, billing address, ID number, mother's name, date and place of birth, tax number, NSA number, real estate address, topographical number)
Stakeholders: All stakeholders with Fines Finium Studio Kft.
Duration of data management: the invoices issued are in accordance with St. Pursuant to Article 169 (2), it must be kept for 8 years from the date of issue of the invoice. In addition to the statutory requirement, our company processes personal data for a period of + 2 years due to the statute of limitations and the conduct of individual tax authority investigations.
Data transfer: Németh Numerus Tax Advisory Ltd. - billing
Data processing: as contractual data
6.7. TREATMENT OF CUSTOMER DATA REQUIRED IN CONNECTION WITH ORDERED SERVICES
Purpose of data management: In connection with the performance of the ordered service:
(Use of ETDR and E-Diary electronic systems, in Authority representations)
Legal basis for data processing: consent of the data subject by contract and power of attorney (Article 6 (1) (a) of the GDPR) and legal authorization (Article 169 (2) of the Accounting Act).
Managed data: personal customer information (name, address, phone number, email, bank account number, billing address, ID number, mother's name, place and date of birth, tax number, NIP number, real estate address, geographic address) number)
Stakeholders: All stakeholders with Fines Finium Studio Kft.
Duration of data management: 8 years.
Data transfer: Lechner Knowledge Center operated by Territorial, Architectural and Informatics Nonprofit Ltd. - ETDR, E-Diary electronic systems, competent Building Authority, Chief Architect's Office, other competent authorities, with the authorization of the person concerned in connection with the ordered service. transmission of necessary data, such as name, address, real estate address, topographical number of the builder.
Data processing: design documentation and technical specifications
6.8. DATA MANAGEMENT CONCERNING THE VERIFICATION OF THE CONTRIBUTION
Type of personal data processed: IP address, e-mail address, date of consent
Purpose of Data Management: During the registration, ordering, newsletter sign-up process, the IT system will store the IT data related to the consent for later verification.
Stakeholders: Any natural person who subscribes to the Data Controller's website, orders, subscribes to a newsletter.
Legal basis for data management: pursuant to a legal obligation (Article 6 (1) (c) of the GDPR), Article 7 (1) of the GDPR Regulation requires this obligation.
Period of data management: Due to legal requirements, consent must be verified at a later date, so the duration of data storage is stored for a period of time after termination of data management.
6.9. PRESENCE IN COMMUNITY SITES
The Data Manager is available on the Facebook / Instagram community portal. The Data Controller communicates with data subjects through the social networking site only, and so the purpose of the scope of the data being processed becomes relevant only when the data subject seeks data processing through the social networking site.
The type of personal data handled: name of the public concerned, public photo, public email address, message sent by the affected social network, rating by the affected person or the result of other actions.
Purpose of data management: sharing, publishing and marketing the content of the website on the social network. You can also use the social networking site to keep up to date with the latest promotions.
Stakeholders: Individuals who voluntarily follow, share, or like the Data Controller community pages or content displayed on them.
Legal basis for data processing: consent of the data subject (Article 6 (1) (a) of the GDPR Regulation, Infotv. Section 5 para. Section 6 (5). The data subject voluntarily contributes to the Data Controller by following the terms and conditions of the Controller. By using an exemplary definition, the subscriber can subscribe to the feed posted on the Facebook / Instagram post by clicking on the "like" link on the page, thereby contributing to the publisher's news and offers on his / her wall and the "dislike" You can unsubscribe by clicking the '/' dislike 'link and delete the unwanted feeds in the message wall using the message wall settings.
Duration of data processing: at the request of the data subject until erasure.
Information on the data management of the given social networking site can be obtained from the affected person.
6:10. EXTERNAL LINKS AND REFERENCES
Our website may contain many links (links, links) that lead to the pages of other service providers. The Data Controller is not responsible for the data and information protection practices of these service providers. These websites include:
6:11. OTHER DATA MANAGEMENTS
Data handling not listed in this brochure will be provided at the time of data collection. We inform our clients that, under the authority of a court, prosecutor, investigating authority, offense authority, administrative authority, National Data Protection and Freedom of Information Authority or other legal entities, they may seek information, provide data, transfer or make available documents. controller. The Data Controller shall provide personal data to authorities, provided that the authority has indicated the exact purpose and scope of the data, only to the extent and to the extent necessary for the fulfillment of the purpose of the request.
7. USE OF THE DATA PROCESSOR
In some cases, it may be necessary for the Data Controller to use data processors, which means that your personal data recorded in this privacy statement will be transferred to the data processor affected by the service.
The data processors shall carry out the personal data only for the technical tasks according to the instructions of the Data Controller, such as: storing, evaluating, analyzing, systematizing, selecting, archiving, performing and securing technical and other organizational-administrative tasks, operating the website, complaint handling.
The data are retained by data processors for the same period as the Data Controller, after which they are deleted.
The Data Controller hereby declares that all data processors are carefully selected, emphasizes and expects compliance with the requirements of EU and Hungarian law which are strictly necessary for the processing of personal data. The Data Controller has the right to verify compliance with the data protection and security requirements.
7.1. SPACE-SERVICE
Data processing activities: Hosting services
Data processor name and contact information:
Trust-IT Kft.
Headquarters address: 1203 Budapest, Közműhelytelep utca 28/A.
Tax number: 13341802-2-43
Company Registration Number: Cg. 01-09-730323
Name of the court of registration: Fővárosi Törvényszék Cégbírósága
Represented by: Bíró Dániel, managing director
- Fact of data management, scope of data processed: All personal data provided by the data subject.
- Stakeholders: All stakeholders who use the site.
- Purpose of data management: To make the website accessible and to operate it properly.
- Duration of data processing, time limit for deletion of data: The data management shall continue until the termination of the agreement between the data controller and the hosting provider or the request of the data subject to delete the data from the hosting provider.
- Legal basis for data processing: User consent, Infotv. Sections 5 (1), 6 (1) (a) and CVIII of 2001 on certain aspects of electronic commerce and information society services. 13 / A. (3).
7.2. POSTAL DELIVERY
- Data processing activity: postal delivery
- Data processor name and contact information:
Magyar Posta Zrt.
Headquarters: 1138 Budapest, Dunavirág u. 2-6.
Tax number: 10901232-2-44
Company Registration Number: Cg. 01-10-042463
Name of the court of registration: Fővárosi Törvényszék Cégbírósága
Website: www.posta.hu
Fact of data management, scope of data processed: Name and address of the data subject
Stakeholders: Fines Finium Studio Kft
Purpose of data management: To deliver the consignment to the data subject
Duration of data management: https://www.posta.hu/adatkezelesi_tajekoztato
Until the end of the calendar year following the date of receipt of the postal item, that is to say, postal delivery, unless Posta tv. the time limit is different, or the person to whom the service is provided or to the addressee of the postal service has a different provision.
However, the sender as well as the recipient may request that their data be further processed.
7.3. INVOICING
Data processor activity: storage of billing data
Data processor name and contact information:
Német Numerus Adótanácsadó Kft.
Headquarters: 1146 Budapest, Dózsa György út 11. fszt. 2.
Company Registration Number: Cg. 01-09-197083
Tax number: 25054707-2-42
Email: konyveles (at) nnnbt (point) eu
- Fact of data management, scope of data processed: Name, address, telephone number, e-mail address of the data subject
- Stakeholders: Fines Finium Studio Kft
- Purpose of data management: billing
- Duration of data management: 8 + 2 years
7.4. ETDR AND E-LOG ELECTRONIC SYSTEMS
Data processor activity: identification of the data subject
Data processor name and contact information:
Lechner Tudásközpont Területi, Építészeti és Informatikai Nonprofit Kft.
Headquarters: 1111 Budapest, Budafoki út 59. E/3. épület
Company Registration Number: Cg. 01-09-996479
Tax number: 24225221-2-43
Website: https://www. lechnerkozpont.hu
Email: info(kukac)lechnerkozpont.hu
Phone: +36 (1) 279-2640, +36 (1) 279-2610
- Fact of data management, scope of data managed: name, address, telephone number, e-mail address, bank account number, billing address, identity card number, mother's name, place and date of birth, tax number, NIS number, address of construction property, topographical number
- Stakeholders: Fines Finium Studio Kft
- Purpose of Data Management: Fulfillment of Contract (Simplified Notification of Planned Building or Construction Permit Procedure)
- Duration of data management: http://lechnerkozpont.hu/doc/adatkezelesi-tajekoztato/adatkezelesi-tajek...
8. TRANSMISSION OF DATA
Data Controller transfers data to the following third parties in addition to the data processors listed in this Privacy Policy.
8.1. DESIGN LIABILITY INSURANCE
The Data Controller shall inform the data subjects that pursuant to Article 353/2016. (XI. 18.) Korm. Based on this, in some cases it is necessary to transfer the personal data of the persons concerned to the insurer in order to be able to issue a certificate of coverage.
Insurer details:
Name: CIG Pannónia Első Magyar Általános Biztosító Zrt.
Headquarters: 1033 Budapest, Flórián tér 1.
Website: www.cigpannonia.hu
Email: ugyfelszolgalat@cig.eu
Scope of data transmitted: name of constructor, address, address of site
Legal basis for the transfer: legal obligation (Article 6 (1) (c) GDPR)
9. CUSTOMER RELATIONS AND OTHER DATA MANAGEMENT
9.1. Should you have any questions or problems in using our data management services, you may contact the data controller in the ways specified on the website (telephone, e-mail, social networking sites, etc.).
9.2. Data manager for incoming emails, messages, phone, Facebook, etc. You will delete any information you provide, along with your contact name and email address, as well as any other personally identifiable information you provide, no later than 2 years from the date of disclosure.
9.3. Data handling not listed in this brochure will be provided at the time of data collection.
9.4. The Service Provider is obliged to provide information, provide information, provide data and provide documents upon exceptional request of the authorities or upon request of other authorities on the basis of legal authority.
9.5. In these cases, the Service Provider will provide the requester with personal data only to the extent and to the extent necessary to fulfill the purpose of the request, provided that the exact purpose and scope of the data have been indicated.
10. COMPLAINT HANDLING
10.1. Fact of data collection, scope of data processed and purpose of data management:
Personal Data Purpose of data management
Surname and first name Identification, contact.
Email Address Contact.
Phone Number Contact.
Billing Name and Address Identification, addressing quality concerns, issues, and issues with the service you are ordering.
10.2. Stakeholders: All stakeholders who use the site and complain about the quality of the site.
10.3. Duration of data processing, time limit for deletion of data: Copies of the record of objections, transcripts and replies to the objection raised in the Consumer Protection Act 1997 CLV. 17 / A. (7) shall be retained for 5 years.
10.4. Identity of potential data controllers entitled to access the data, addressees of the personal data: The personal data may be managed by the data controller in compliance with the above principles.
10.5. Disclosure of data subject rights:
The data subject may request from the controller access, rectification, erasure or restriction of the processing of personal data concerning him or her
and may object to the processing of such personal data; and
the data subject has the right to data portability and to withdraw the consent at any time.
10.6. You may initiate access, deletion, alteration or restriction of personal data, data portability, or objection to data processing in the following ways:
- by post at 1113 Budapest, Hamzsabégi út 60 / D / IV / 150. address
- by e-mail to the office@ffstudio.hu,
- by phone at + 36-20 / 508-0878.
10.7. Legal basis for the data processing: consent of the data subject, Article 6 (1) (a), Infotv. Section 5 para. (1) and the CLV 1997 on Consumer Protection. 17 / A. (7).
10.8. We inform you that
the provision of personal data is based on a contractual obligation.
the processing of personal data is a prerequisite for the conclusion of the contract.
is required to provide personal information in order to process your complaint.
failure to provide us with the information will result in us not being able to process your complaint.
11. RIGHTS OF STAKEHOLDERS
11.1. RIGHT OF ACCESS
You have the right to receive feedback from the controller that your personal data is being processed and, if so, to have access to the personal data and the following information:
the purposes of data management;
the categories of personal data concerned;
the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third-country recipients or international organizations;
the envisaged period for which the personal data will be stored;
the right to rectification, erasure or restriction of data management and the right to object;
the right to lodge a complaint to the supervisory authority;
information on data sources;
the fact that automated decision-making, including profiling, and intelligible information about the logic used and the significance and likely consequences for the data subject of such data management.
11.2. RIGHT OF CORRECTION
You have the right, upon request, to rectify any inaccurate personal data relating to him or her without undue delay. Given the purpose of your data processing, you have the right to request that any personal information that is incomplete be completed, including by way of a supplementary statement.
11.3. RIGHT TO DELETE
You have the right, upon request, to delete personal data relating to you without undue delay, and you are obliged to delete personal data relating to you without undue delay, subject to the conditions set out below:
personal data are no longer needed for the purpose for which they were collected or otherwise processed;
the data subject withdraws his consent as the basis for the processing and there is no other legal basis for the processing;
the data subject protests against the data processing and there is no overriding legitimate reason for the data processing;
unlawful processing of personal data;
personal data must be deleted in order to comply with a legal obligation under Union or Member State law applicable to the controller;
personal data was collected in connection with the provision of information society services.
Deletion of data cannot be initiated if data management is required:
for the exercise of the right to freedom of expression and information;
to fulfill an obligation under Union or Member State law applicable to the controller for the processing of personal data or to carry out a task in the public interest or in the exercise of official authority vested in the controller;
in the field of public health or for archival, scientific and historical research or statistical purposes in the public interest;
or to make, enforce, or defend legal claims.
11.4. THE RIGHT TO FORGET
If the controller discloses personal data and is required to delete it, it shall, taking into account the technology available and the cost of implementation, take reasonable steps, including technical measures, to inform the controllers that you have requested the personal data in question. links or the duplicate or duplicate of this personal information.
11.5. RIGHT TO LIMIT DATA PROCESSING
You have the right, at your request, to limit the data management if any of the following conditions are met:
You dispute the accuracy of your personal data, in which case the limitation applies to the period of time that allows the controller to verify the accuracy of your personal data;
the data processing is unlawful and you object to the deletion of the data and instead request a restriction on their use;
the data controller no longer needs personal data for the purposes of data processing, but you request it for the purpose of making, enforcing or defending legal claims;
You have objected to the data management; in this case, the limitation applies to the period until it is determined whether the data controller's legitimate reasons take precedence over your legitimate reasons.
Where processing is subject to restrictions, personal data may be processed, with the exception of storage, only with the consent of the data subject, or for the purpose of making, enforcing or defending legal claims or protecting other natural or legal persons or an important public or Union interest.
11.6. DATA RIGHT LAW
You have the right to receive personal data relating to him which he has made available to a data controller in a structured, widely used, machine-readable format and to transmit such data to another data controller without being hindered by the data controller whose provided personal information (...)
11.7. RIGHT TO OBJECT
The data subject shall have the right at any time to object to the processing of his or her personal data in the public interest or in the exercise of his or her authority, or to too. In the event of a protest, the Data Controller may not further process the personal data unless it is justified by overriding legitimate reasons, which take precedence over the interests, rights and freedoms of the data subject, or which are related to the filing, enforcement or protection of legal claims.
11.8. DISPUTE ON DIRECT BUSINESS PURCHASE
If your personal data is being processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for this purpose, including profiling, if it is related to direct marketing. If you object to the processing of personal data for the purpose of direct marketing, personal data may no longer be processed for this purpose.
11.9. AUTOMATED DECISION MAKING IN INDIVIDUAL CASES INCLUDING PROFILING
You have the right not to be subject to any decision based solely on automated data management, including profiling, that would have legal effect or be significantly affected by it.
The preceding paragraph shall not apply if the decision:
Necessary for the conclusion or performance of a contract between you and the controller;
it is made possible by Union or national law applicable to the controller, which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; obsession
It is based on your explicit consent.
12. DEADLINE FOR ACTION
The Data Controller shall inform the data subject without undue delay, but in any event within one month of receipt of the request, in accordance with Articles 15 to 22 of GDPR. Measures taken following an application under Article.
Where necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. The Data Controller shall inform the data subject about the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request. If the data subject has filed the application by electronic means, the information shall be provided by electronic means unless the data subject requests otherwise.
If the Data Controller does not act on the data subject's request, it shall inform the data subject without delay, but no later than one month after receipt of the request, of the reasons for the non-action and of the data subject's recourse to a supervisory authority.
The Controller shall provide the requested information and information free of charge. Where the data subject's request is manifestly unfounded or, in particular, because of its repetitive character, the controller may charge a reasonable fee, or refuse to act on the request, having regard to the administrative costs of providing the information or information requested or taking the action requested.
Unless it proves impossible or requires a disproportionate effort, the Data Controller shall inform all recipients of any rectification, erasure or restriction on the processing of personal data with or to whom the personal data have been communicated. At the request of the data subject, the Data Controller shall inform those recipients.
The Data Controller shall provide the data subject with a copy of the personal data being processed. For the additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. If the data subject has submitted the request by electronic means, the information will be provided in electronic format, unless otherwise requested by the data subject.
13. DATA STORAGE
The Data Controller shall store plans and contracts containing the personal data of the data subject in digital or printed form at the Data Controller's headquarters and site, on a computer, server, or corporate laptop.
14. SECURITY OF DATA MANAGEMENT
The controller and the processor shall take appropriate technical and organizational measures, taking into account the state of the art and technology and the costs of its implementation, as well as the nature, scope, circumstances and purposes of the processing and the varying likelihood and severity of the rights and freedoms of natural persons. to guarantee a level of data security appropriate to the degree of risk, including, where appropriate:
pseudonymisation and encryption of personal data;
ensuring the continued confidentiality, integrity, availability and resilience of systems and services used to process personal data;
in the event of a physical or technical incident, the ability to restore access to, and availability of, personal data in a timely manner;
a procedure for periodically testing, evaluating and evaluating the effectiveness of technical and organizational measures taken to ensure security of data processing.
The Controller shall protect the data by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction, damage or inaccessibility due to changes in the technology used.
Unless permitted by law, the Data Controller shall ensure that the data stored, unless permitted by law, are not directly linked to and attributed to the data subject in order to protect electronically managed data files in its various registers.
The Data Controller retains it during data management
confidentiality: protects the information so that only authorized users have access to it;
integrity: protects the accuracy and completeness of the information and the method of processing;
Availability: Ensures that when an authorized user needs it, they can truly access the information they need and have the tools to do so.
The IT system and network of Data Controller and its data processing partners are protected from computer-supported fraud, espionage, sabotage, vandalism, fire and flood, as well as from computer viruses, hacking and denial of service attacks. The operator maintains security through server-level and application-level security procedures.
Users are advised that electronic messages transmitted over the Internet, regardless of protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that lead to fraudulent activity, contract disputes, or disclosure. To protect against such threats, Data Controller shall take all precautionary measures which may be required of it.
It monitors systems to record any security inconsistencies and provide evidence for each security incident. System monitoring also allows you to check the effectiveness of the precautions you apply.
15. INFORMATION TO THE INTERESTED PARTIES ON THE DATA PROTECTION INCIDENT
Where the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject without undue delay of the data protection incident.
The information provided to the data subject shall clearly and unambiguously state the nature of the data protection incident and the name and contact details of the data protection officer or other contact person providing further information;
a description of the likely consequences of a privacy incident; a description of the measures taken or planned by the controller to remedy the privacy incident, including, where appropriate, measures to mitigate any adverse consequences that may result from the privacy incident.
The data subject need not be informed if any of the following conditions are met:
the controller has implemented appropriate technical and organizational security measures and has been applied to the data affected by the data security incident, in particular measures such as the use of encryption which render unauthorized persons unauthorized data;
the controller has taken further measures following the data protection incident to ensure that the high risk to the data subject's rights and freedoms is no longer likely to materialize;
information would require a disproportionate effort. In such cases, the data subjects shall be informed through publicly available information or similar measures shall be taken to ensure that the data subjects are provided with equally effective information.
If the data controller has not yet informed the data subject about the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to present a high risk, may order the data subject to be informed.
16. COMPENSATION AND DAMAGES
Any person who has suffered material or non-pecuniary damage as a result of a violation of the Data Protection Regulation shall be entitled to compensation from the Data Controller or the Data Processor for the damage suffered.
The Data Controller shall only be liable for any damage caused by the data processing if he or she has not complied with the statutory obligations specifically imposed on the data processors, or if the Data Controller's lawful instructions have been disregarded or acted against.
If several controllers or processors, or both controllers and processors, are involved in the same data processing and are responsible for the damage caused by the data processing, each data controller or processor shall be jointly and severally liable for the entire damage.
The Data Controller and the Data Processor shall be released from liability if they prove that they are not liable in any way for the event giving rise to the damage.
17. NOTIFICATION OF PRIVACY INCIDENS TO THE AUTHORITY
The data controller shall notify the data protection incident to the supervisory authority competent pursuant to Article 55 without undue delay and, if possible, no later than 72 hours after becoming aware of the data incident, unless the data protection incident is likely to endanger the rights of natural persons. and your freedoms. If the notification is not made within 72 hours, the reasons for the delay shall be included.
18. COMPLAINT POSSIBILITY
Complaints about possible violations of the data controller can be made to the National Data Protection and Freedom of Information Authority:
Nemzeti Adatvédelmi és Információszabadság Hatóság
1125 Budapest, Szilágyi Erzsébet fasor 22/C.
Mailing address: 1530 Budapest, Postafiók: 5.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
Email: ugyfelszolgalat@naih.hu
Website: http://www.naih.hu
19. AMENDMENT TO THE DATA PROCESSING INFORMATION SHEET
The Data Controller reserves the right to modify this Privacy Policy in a manner that does not affect the purpose and legal basis of the data management. By using this website after the change comes into effect, you accept the modified privacy notice.
If the Data Controller intends to further process the data collected for purposes other than the purpose for which they were collected, it will inform you of the purpose of the data processing and the following information:
the length of time for which the personal data will be stored or, where this is not possible, the criteria for determining the duration;
your right to request from the Data Controller access to, rectification, erasure or restriction of your personal data and to object to the processing of your personal data in the case of legitimate interest processing, rights;
in the case of consent-based data processing, that you may withdraw your consent at any time,
the right to lodge a complaint to the supervisory authority;
whether the provision of personal data is based on a legal or contractual obligation or a precondition for entering into a contract, and whether you are required to provide personal data, and the potential consequences of failure to provide such information;
the fact of automated decision making (if applicable), including profiling, and at least in these cases, understandable logic and the significance and expected consequences of such data management for you.
The data management can only start after this, if the legal basis of the data management is consent, in addition to the information you have to give your consent to the data management.
20. CONCLUSION
During the preparation of this prospectus we have observed the following legal acts:
REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) 27.)
CXII of 2011 Act on Information Self-Determination and Freedom of Information (hereinafter: Infotv.)
CVIII of 2001 Act I.13. - On Certain Issues of Electronic Commerce Services and Information Society Services (Mainly Section 13 / A)
XLVII of 2008 law - prohibiting unfair commercial practices against consumers;
XLVIII of 2008 Law - Basic Conditions and Certain Limitations of Economic Advertising Activities (in particular Section 6)
XC of 2005 Law on Freedom of Electronic Information
Act C of 2003 on Electronic Communications (specifically §155)
16/2011. s. Opinion on EASA / IAB Recommendation on Good Practice for Online Behavioral Advertising
Recommendation of the National Authority for Data Protection and Freedom of Information on Prior Information Information Privacy Requirements
Budapest, 2019.06.20.
Fines Finium Studio Kft.
Aggné Magyar Csilla
managing director
