- DATA OF THE SERVICE PROVIDER AS DATA CONTROLLER
Company name of the Service Provider: SIPOS Dental Laboratory Ltd.
The registered office of the Service Provider: 9700 Szombathely, Árpád út 13.
Tax number of the Service Provider: 22649579-1-18.
Telephone contact details of the Service Provider: +36 70 317 38 26.
- DEFINITIONS OF TERMS
The terms used in this notice shall be construed in accordance with the definitions set out in the interpretative provisions of Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information (hereinafter referred to as the Info Act) as follows.
Personal data: data which can be associated with the data subject, in particular the name, the identification mark and one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity, and the inference which can be drawn from the data concerning the data subject;
Data subject: any natural person (in the case of this notice, the User) who is identified or can be identified, directly or indirectly, on the basis of personal data;
Consent: a voluntary and explicit expression of the data subject's wishes, based on appropriate information, by which he or she gives his or her unambiguous consent to the processing of personal data concerning him or her, either in full or in relation to specific operations;
Data processing: any operation or set of operations which is performed upon data, regardless of the procedure used, in particular any collection, recording, recording, organisation, storage, alteration, use, retrieval, disclosure, transmission, alignment or combination, blocking, erasure or destruction of data, prevention of their further use, taking of photographs, sound recordings or images and physical features which can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans);
Data Controller: the natural or legal person or unincorporated body which, alone or jointly with others, determines the purposes for which the data are processed, takes and implements decisions regarding the processing (including the means used) or implements them through a processor (in the case of this notice, the Service Provider);
Transfer: making data available to a specified third party;
Disclosure: making the data available to anyone;
Data erasure: rendering data unrecognisable in such a way that it is no longer possible to recover it;
Data marking: the marking of data with an identification mark to distinguish it;
Data blocking: the marking of data with an identifier in order to limit its further processing permanently or for a limited period of time;
Data processing: the performance of technical tasks related to data processing operations, irrespective of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
Data processor: a natural or legal person or unincorporated body which processes data on the basis of a contract with the controller, including a contract concluded pursuant to a legal provision;
- DATA MANAGEMENT PRINCIPLE
The Service Provider shall process the personal data recorded in accordance with the data protection legislation in force at the time, in particular the Info Act, and in accordance with this information.
- LEGAL BASIS FOR PROCESSING
The collection and processing of personal data in connection with the operation of the website and its services is based on the voluntary consent of the data subject.
The User gives his/her consent by using the website service (registration).
The Service Provider shall be entitled to send the User a newsletter or other advertising mail, provided that the User has given his/her prior, clear, explicit and voluntary consent to this by providing the relevant data at the time of registration. The Service Provider shall not be obliged to verify that the data provided by the User at the time of registration or otherwise when giving his consent are true and correct.
The User may withdraw his/her voluntary consent referred to in the previous point at any time. In this case, the Service Provider shall not send the User any more newsletters or other advertising mailings after the withdrawal, and shall delete the User's data from the data of the users subscribed to the newsletter.
Unless otherwise provided by law, the Service Provider may process the personal data collected for the purpose of fulfilling a legal obligation (in particular, accounting obligation, contractual obligation with the User) or for the purpose of asserting its own or a third party's legitimate interest, if the assertion of such interest is proportionate to the restriction of the right to the protection of personal data, without further specific consent and even after the withdrawal of the User's consent.
- THE SCOPE OF THE DATA PROCESSED
The Service Provider shall process the following personal data of the User during and after the performance of the service provided by the Service Provider, based on the User's voluntary consent: surname, first name, e-mail address.
The User is solely responsible for the truthfulness and accuracy of the personal data.
- THE PURPOSE OF THE PROCESSING
The purpose of the processing of the User's personal data is to send the newsletter and advertising mail referred to in point IV and to fulfil the Service Provider's other legal obligations. The Service Provider shall not disclose the User's personal data to unauthorized third parties.
- DURATION OF DATA PROCESSING, MODIFICATION, ERASURE, OBJECTION TO DATA PROCESSING
The Service Provider shall process personal data processed in connection with the use of the services until the purpose of the data processing is fulfilled.
The personal data provided during registration may be modified by the User at any time after accessing the website.
The User may request the deletion of his/her personal data by sending an e-mail to email@example.com. The Service Provider shall also delete the User's personal data without the data subject's request, if the processing is unlawful, if the purpose of the processing has ceased to exist, or if the statutory period for storing the data has expired, or if the court or the National Authority for Data Protection and Freedom of Information has ordered it, or if the processing is incomplete or incorrect - and this situation cannot be remedied lawfully - provided that the deletion is not excluded by law.
Instead of deleting the personal data, the Service Provider shall block the personal data if the User so requests or if, based on the information available to it, it can be assumed that deletion would harm the legitimate interests of the User. The blocked personal data shall be processed by the Service Provider only for as long as the data processing purpose that precludes the deletion of the personal data exists. Following the withdrawal of the User's consent, the Service Provider may continue to process personal data concerning the data subject in order to fulfil its legal obligations (in particular, accounting obligations).
The User may object to the processing of his/her personal data by sending an e-mail to firstname.lastname@example.org,
- if the processing or transfer of personal data is necessary solely for the performance of a legal obligation to which the Service Provider is subject or for the purposes of the legitimate interests pursued by the controller, the recipient or a third party, except in the case of so-called mandatory processing;
- if the personal data are used or disclosed for direct marketing, public opinion polling or scientific research purposes; and
- in any other case specified by law.
The controller shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, decide whether the objection is justified and inform the applicant in writing of its decision.
If the controller establishes that the data subject's objection is justified, the controller shall terminate the processing, including further collection and further transfer, and block the data, and notify the objection and the action taken on the basis of the objection to all those to whom the personal data subject of the objection has previously disclosed the personal data subject and who are obliged to take measures to enforce the right to object.
If the data subject disagrees with the decision of the controller or if the controller fails to comply with the 15-day time limit, the data subject may, within 30 days of the notification of the decision or the last day of the time limit, have recourse to the courts. The court shall act out of turn.
If the data subject does not receive the data necessary to exercise his or her rights because he or she objects, he or she may, within 15 days of the notification, take legal action against the controller in order to obtain access to the data. The controller may also take the data subject to court.
If the controller fails to give notice, the recipient may request clarification from the controller of the circumstances surrounding the failure to disclose the data, which the controller shall provide within 8 days of the receipt of the recipient's request for such clarification. In the event of a request for clarification, the data subject may bring an action against the controller before a court within 15 days of the date on which the clarification was provided, but no later than the time limit for the provision of clarification. The data controller may also bring legal proceedings against the data subject.
The controller may not delete the data of the data subject if the processing is required by law. However, the data may not be transferred to the data recipient if the controller has consented to the objection or if the court has ruled that the objection is justified.
- REQUEST FOR INFORMATION
The User has the right to request information at any time about the personal data concerning him/her processed by the Service Provider in connection with the services of the website by sending an e-mail to email@example.com or by +36 70 317 38 26 phone number. Upon the User's request, the Service Provider shall provide information on the data concerning the User processed by the Service Provider in connection with the given service, their source, the purpose, legal basis and duration of data processing, the name and address of the data processor, the legal basis and recipient of the data transfer, and the data processing activities. The Service Provider shall provide the information in writing in an intelligible form and within the shortest possible time from the date of the request, but not later than 30 days from the date of the request, upon the data subject's request. The information shall be provided free of charge. The Service Provider shall consider a request received from an e-mail address previously provided to the Service Provider as a request received from the User. In the case of requests from other e-mail addresses and requests in writing, the User may submit a request only if he has duly proven his capacity as a User.
- ENFORCEMENT OPTIONS
The User may exercise his/her rights under the Info Act and Act IV of 1959 (Civil Code) before the courts, and may also seek the assistance of the National Authority for Data Protection and Freedom of Information in any matter related to personal data (1125 Budapest Szilágyi Erzsébet fasor 22/C, postal address: 1530 Budapest, Pf. 5., firstname.lastname@example.org, (+36) 1 391 1400, www.naih.hu).