Data Processing Policy
THE RIGHTS OF NATURAL PERSONS CONCERNED
 PERSONAL DATA SHOULD BE TAKEN INTO ACCOUNT
 
 
TABLE OF CONTENTS

 

INTRODUCTION

CHAPTER I - THE DATABASE TITLE

  1. CHAPTER - DATABASE DOCUMENTS
  2. Finance on Call IT Service Provider

III. SECURITY OF DATA MANAGEMENT LEGISLATION

  1. Data management based on the consent of the person concerned
  2. Data management based on the fulfillment of a legal obligation
  3. Facilitating the Rights of the Rights

ARC. CHAPTER II - VISITOR'S DATA MANAGEMENT ON THE FINANCIAL ON CALL - INFORMATION FOR THE APPLICATION OF COOKIE

CHAPTER V - INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED

 


 

 

 

 

 

INTRODUCTION

 

REGULATION (EU) No 2016/67 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL ("the Regulation"), concerning the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation 95/46 / that the Data Controller shall take appropriate measures to provide the data subject with the personal data management information in a concise, transparent, comprehensible and easily accessible form, in a clear and unambiguous manner, and that the Data Controller shall facilitate the exercise of the rights of the data subject. 

 

The obligation to inform the data subject in advance of the information on the right to information self-determination and the freedom of information in CXII. law also provides.

 

By following the information provided below, we comply with this statutory obligation.

 

The information must be disclosed on the Finance on Call website or sent to the person concerned at its request.

 

CHAPTER I

THE DATABASE TITLE

 

The publisher of this information, at the same time the Data Manager:

Brand Name: Finance on Call

Registered office:

|||UNTRANSLATED_CONTENT_START|||Cégjegyzékszám:|||UNTRANSLATED_CONTENT_END|||

Tax ID No.:

Representative: Gyula Szarvas

Phone: +36309772648

Fax: [de]

E-mail address: info @ Finance on Call

Website: www.Finance on Call

(hereinafter referred to as Finance on Call)

 

CHAPTER II

DATA PROCESSING TITLE

 

Data Processor: afor a natural or legal person, public authority, agency or any other body that manages personal data on behalf of the data controller; (Regulation Article 4 8)

 

The use of the data processor does not require the prior consent of the data subject, but it is necessary to inform him / her. Accordingly, we provide the following information:

 

  1. Finance on Call IT Service Provider

 

Finance on Call uses a data processor to maintain and manage its website, which provides IT services (hosting services) and manages the personal information provided on the website, for the duration of our contract, with the personal data stored on the server.

 

This data processor is named as follows:

Company Name: FRIK Kft.

Head office: 2040 Budaörs Puskás Tivadar utca 3.

Company registration number: 13 09 118073

Tax number: 14209790-2-13

Representative: Tamás Fehér

Phone: +36-30 / 610-1027

E-mail address: info@frik.hu

Website: www.frik.hu

 

  1. Postal Services, Delivery, Sending Shipment

 

These processors receive from Finance on Call the personal information necessary for the delivery of the ordered product (name, address, telephone number) and use it to deliver the product.

 

These providers are:

 

"Magyar Posta Zrt"

 

Flat rate

Company name:

Registered office:

|||UNTRANSLATED_CONTENT_START|||Cégjegyzékszám:|||UNTRANSLATED_CONTENT_END|||

Tax ID No.:

Represented by:

Phone number:

 

 

CHAPTER III

INSURANCE OF LEGALITY OF DATA MANAGEMENT

 

  1. Data management based on the consent of the person concerned

 

(1) If the Finance on Call wishes to perform a data-based data management agreement, the consent of the person concerned for handling his or her personal data shall be requested with the content and information contained in the data request form specified in the data management policy.

 

(2 Hit is also a matter of concern when the person concerned displays a check box when viewing the Finance on Call website and applies technical information regarding the use of information society services, as well as any other statement or action that is relevant to the relevant context. contributes to the planned management of your personal data. Silence, the foreground square or non-action is therefore not a consent. 

 

  1. Contribution shall cover all data management activities for the same purpose or purposes. If data management serves multiple purposes at a time, the consent must be given for all data management purposes.

 

  1. If the consent of the party concerned is provided in the context of a written statement that applies to other matters, such as the conclusion of a contract of sale or service, the request for consent must be presented in a clearly distinct manner from these other cases, in a clear and easily accessible form, with simple language. Any part of such a declaration containing the consent of the person concerned that violates the Decree shall not have binding force.

 

(5) Finance on Call may not conclude a contract for the performance of a contract to provide personal data that is not required for performance of the contract.

 

(6) The withdrawal of consent should be allowed in the same simple way as the granting of the consent.

 

(7) If the personal data has been collected with the consent of the data subject, the data controller may handle the data recorded without the need for a different legal provision for the fulfillment of the legal obligation that he or she may have, without further special consent and withdrawal of the consent of the person concerned.

 

  1. Data management based on the fulfillment of a legal obligation

 

 

(1) In the case of data processing based on a legal obligation, the provisions of the applicable law shall govern the scope of the manageable data, the purpose of data management, the length of the data storage, and the addressees.

(2) Data management based on the fulfillment of a legal obligation is independent of the consent of the party concerned, as data management is defined by law. In this case, the data controller must be informed prior to the processing of the data that the data is compulsory and that the data subject must be clearly and thoroughly informed about all the facts related to his or her data management, including the data and legal basis of data management, data handling and data processing , the duration of the data handling, if the personal data of the person concerned is handled by the data controller on the basis of the legal obligation that he or she is responsible for, and on who can know the data. The information should also include the rights and remedies available to the data subject in question. In the case of mandatory data handling, information may also be disclosed by making public the reference to the legal provisions containing the foregoing information.

 

  1. Facilitating the Rights of the Rights

 

You must ensure that you exercise your rights in all of the data management of Finance on Call.

 

 

CHAPTER IV

VISITOR'S DATA MANAGEMENT ON THE FINANCIAL ON CALL - APPLICATION OF COOKIE

 

  1. A visitors to the website should be informed about the use of cookies and to do sois technically essential except session cookies - your contribution should be sought.

 

  1. General information about cookies

 

2.1. Cookie is a data that the visited website sends to the visitor's browser (variable name value) to store it and later the same website can fill its contents. Cookies can be valid, valid until the browser closes, but for an unlimited period of time.  Later on, all HTTP (S) requests will also send this information to the server. This changes the data on the user's machine.

 

2.2. The essence of the cookie is that by the very nature of the web site services you need to designate a user (eg entering the page) and can handle it accordingly. The danger lies in the fact that this user is not always aware of and may be able to follow the user from the web site operator or other service provider whose content is built in the page (e.g. Facebook, Google Analytics), creating a profile, and in that case the cookie content can be considered as personal information.

 

2.3. Types of Cookies:

2.3.1. Technically indispensable session (s): without which the page simply would not work functionally, they would be used to identify the user, it needs to be handled if you have entered what you did in the basket, etc. This typically stores a session-id; other data is stored on the server, making it safer. There is a security aspect when the session cookie value is not well generated, there is a risk of session hijacking, so it is imperative that these values ​​are generated properly. Other terminology is called a session cookie for each cookie that is deleted at the time of exit from the browser (a session is a browser usage from start to exit).

2.3.2. Cooking Cookies: So you name cookies that comment on the user's choices, such as how you want the user to see the page. These types of cookies are essentially the setting data stored in the cookie.

2.3.3. Cooking Cookies: Although they do not have much to do with 'performance', they usually call cookies that gather information about the user's behavior, time spent, and clicks on the site they visit. These are typically third party applications (e.g. Google Analytics, AdWords, or Yandex.ru cookies). They are suitable for profiling from the visitor.

Learn more about Google Analytics cookies here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

To learn more about Google AdWords cookies:

https://support.google.com/adwords/answer/2407785?hl=hu

 

2.4. Accepting or enabling cookies is optional.  You can reset your browser settings to reject all cookies or to indicate when a cookie is just being sent.  Most browsers accept cookies automatically as default, but they can usually be changed to prevent automatic acceptance and offer options every time.

See the links below for the most popular browser cookie settings• Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu• Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn• Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11• Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7• Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9• Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8• Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq• Safari: https://support.apple.com/hu-hu/HT201265

However, we also note that certain site features or services may not function properly without cookies.

 

Third  Information on the Cookies on the Finance on Call website, or of the data generated during the visit

 

3.1. During the visit, the Finance on Call website may use the web site to record and manage the following information about the visitor and the device you are browsing:• the IP address used by the visitor,• browser type,• features of the operating system of the device used for browsing (configured language)• visit date,• the visited (sub) page, feature or service.

Click

 

These data are kept for up to 90 days and can be used primarily to test security incidents.

 

3.2. Cookies on the website

 

3.2.1. Technically indispensable session cookies

The purpose of data management is to ensure the proper functioning of the website. These cookies are needed for visitors to browse the web site, seamlessly and fully utilize its features, services available through the web site, including - in particular - comment on the actions made by a visitor on those pages or the login user during a visit. The duration of this cookie's data management is limited to the visitor's current visit, this type of cookies will automatically be deleted from your computer when the session is completed or when the browser is closed.

 

The legal basis for this data management is the 2001 Electronic Commerce Services and certain Information Society Services. CVIII. Act (Dedicated) 13 / A. Paragraph (3), according to which a the provider may treat the personal data necessary for the provision of the service in order to provide the service technically indispensable. If the other conditions are identical, the service provider must choose and always operate the tools used to provide the information society service in such a way that personal data is processed only if it is strictly necessary for the provision of the service and for the fulfillment of other purposes set out in this Act required, but in this case also to the extent and time required.

 

3.2.1. Cooking Cookies:

 

They note the user's choices, for example, in what form the user wants to see the page. These types of cookies are essentially the setting data stored in the cookie.

The legal basis for data handling is the visitor's consent.

The purpose of data management is: THE increase service efficiency, increase user experience, make the site more comfortable.

This data is rather on the user's computer, the web site only accesses and recognizes the visitor (s). 

 

3.2.2. Cooking Cookies:

Collect information about the user's behavior, time spent, and clicks on the site you visit. These are typically third party applications (e.g. Google Analytics, AdWords).

Legal Basis for Data Management: Contribution of the Contributor.

The aim of the data management is to analyze the website and send the promotional offers.

 

 

 

CHAPTER V

INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED

 

  1. The rights of the person concerned briefly summarized:
  2. To promote transparent communication, communication and the exercise of the relevant case law
  3. Right to prior information - where personal data are collected from the data subject
  4. Information to the person concerned and information to be made available if personal data are not obtained from the data controller
  5. Right of access to the subject
  6. A right to rectification
  7. A right of cancellation ("right to forgetting")
  8. Right to Restrict Data Management
  9. A the obligation to notify or erase personal data or to restrict the processing of data
  10. Right to data storage
  11. A right to protest
  12. Automated decision-making in individual cases, including profiling
  13. Restrictions
  14. Informing the person concerned about the privacy incident
  15. A the right to complain to a supervisory authority (right to an administrative remedy)
  16. A effective judicial remedies against the supervisory authority
  17. Right to an effective remedy against data controller or data processor

 

  1. Rights of the data subject in detail:

 

  1. To promote transparent communication, communication and the exercise of the relevant case law

 

1.1. The data controller shall provide the data subject with all information and information on the management of personal data in a concise, transparent, comprehensible and easily accessible form, in a clear and unambiguous manner, in particular for any information addressed to children. The information shall be provided in writing or otherwise, including, where appropriate, the electronic path. Oral information may be provided at the request of the person concerned, provided that the identity of the person concerned has been verified otherwise.

1.2. The data controller must facilitate the exercise of the rights of the data subject.

 

1.3. The data controller shall inform the data subject of undue delay, but in any event within one month of the receipt of the request, of the measures taken on his or her application for the exercise of his rights. This time limit may be extended by two additional months under the terms of the Regulation. to which the person concerned should be informed.

 

1.4. If the data controller fails to take measures in response to his request, he shall inform the data subject without delay and within one month of the receipt of the request for reasons of non-action and whether he or she may file a complaint with a supervisory authority and exercise his right of judicial redress.

 

1.5. The data controller provides information and action about the information and rights of the user free of charge, but fees may be charged in the cases described in the Regulation.

 

The detailed rules are set out in Article 12 of the Regulation.

 

  1. Right to prior information - if the personal data is collected from the person concerned

 

2.1. The person concerned has the right to be informed about the facts and information related to data management prior to commencing the processing of data.  In this context, the person concerned should be informed:

(a) the identity and contact details of the data controller and his representative,

  1. b) contact details of the Data Protection Officer (if any),

(c) the purpose of the planned treatment of personal data and the legal basis for data processing,

  1. d) in the case of data handling based on the validation of a legitimate interest, on the legitimate interests of the data controller or third party,

(e) the addressees of personal data with whom personal data are communicated, and the categories of recipients, if any;

(e) where applicable, the fact that the data controller wishes to transmit personal data to a third country or an international organization.

 

2.2. In order to ensure fair and transparent data management, the data controller must inform the data subject of the following additional information:

(a) the duration of the storage of personal data or, where this is not possible, the criteria for determining that period;

(b) the right of the data subject to request the data controller to access, correct, delete or restrict the personal data relating to the data subject, and object to the handling of such personal data and the right to the data concerned to be covered;

(c) in the case of data handling based on the consent of the party concerned, the right to withdraw the consent at any time without prejudice to the lawfulness of the data processing carried out on the basis of the consent prior to the withdrawal;

(d) the right to lodge a complaint addressed to the supervisory authority;

  1. e) whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for the conclusion of a contract and whether the data subject is obliged to provide personal data and the possible consequences of the lack of data provision;

(f) the existence of automated decision-making, including profiling, and at least in such cases the logic employed and information about the significance of such data management and the likely consequences for the data subject.

 

2.3. If the data controller wishes to perform further data processing for personal purposes other than the purpose of their collection, he / she must inform the person concerned of this different purpose and any relevant additional information prior to further processing.

 

 The detailed rules for the right of prior information are contained in Article 13 of the Regulation.

 

  1. Information to the person concerned and information to be made available if personal data are not obtained from the data controller

 

3.1. If the data controller has not obtained the personal data from the data subject, the data controller shall be kept by the data controller within no more than one month after the personal data has been obtained; where personal data are used for contact with the data subject, at least when contacting the person concerned; or if it is expected to communicate with other addressees, it must notify the facts and information referred to in paragraph 2 above, the categories of personal data concerned, the source of personal data and, where applicable, the fact that the data publicly available sources.

 

3.2. Further rules are set out in Section 2 (Right to Advance Advice).

 

Detailed rules for this information are contained in Article 14 of the Regulation.

 

  1. Right of access to the subject

 

4.1. The person concerned has the right to be informed by the data controller about whether his personal data is being processed and, if such data is being processed, he has the right to personal information and to the 2-3. You will receive access to related information in this section. (Article 15 of the Regulation).

 

4.2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the corresponding guarantees provided for in Article 46 of the Regulation.

 

4.3. The data controller shall provide the data subject with a copy of the personal data subject to data handling. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. 

 

Detailed rules for the right of access to the subject are set out in Article 15 of the Order.

 

  1. A right to rectification

 

5.1. The data subject shall have the right to rectify any inaccurate personal data that he or she is entitled upon request by the Data Controller without undue delay.

 

5.2. Taking into account the purpose of data management, the person concerned has the right to request the addition of incomplete personal data, including by means of a supplementary statement.

 

These rules are set out in Article 16 of the Regulation.

 

  1. A right of cancellation ("right to forgetting")

 

6.1. The data subject shall have the right to delete the personal data relating to him without undue delay, and the data controller shall be required to delete the personal data of the data subject without undue delay if

(a) personal data is no longer required for the purpose from which they have been collected or otherwise handled;

(b) the party concerned withdraws the consent of the data controller and does not have any other legal basis for data processing;

  1. c) the person concerned objects to his or her data handling and has no prior legitimate reason for data handling,

(d) the personal data has been unlawfully handled;

(e) the personal data are to be deleted in order to comply with the legal obligation imposed on the data controller in the Union or Member States' law;

(f) the provision of information society-related services offered directly to children for the collection of personal data.

 

6.2. The right to cancel can not be enforced if data management is required

(a) to exercise the right to freedom of expression and information;

(b) the performance of a task under the law of the Union or of a Member State applicable to the data controller, or to carry out a task carried out in the exercise of public authority exercised in the public interest or on the data controller;

(c) public interest in the field of public health;

(d) for purposes of public interest archiving, for scientific and historical research purposes or for statistical purposes, provided that the right to cancel would be likely to render impossible or seriously undermine this data management; or

  1. e) filing, enforcing or protecting legal claims.

 

Detailed rules on the right to cancel are set out in Article 17 of the Regulation.

 

7th Right to Restrict Data Management

 

7.1. In the case of limitation of data processing, such personal data may only be managed with the consent of the person concerned, with the exception of storage, with the submission, validation or protection of legal claims or in the protection of the rights of a natural or legal person, or in the public interest of the Union or of a Member State.

 

7.2. The data subject shall have the right to request that the Data Controller restricts the processing of data if one of the following conditions is met:

(a) the person concerned disputes the accuracy of the personal data; in this case, the restriction concerns the period of time that the Data Controller may check the accuracy of the personal data;

(b) data manipulation is unlawful and the data subject is opposed to the deletion of the data and, instead, requests that they be restricted;

  1. c) the Data Controller no longer needs personal data for data processing, but the data subject requires them to submit, enforce, or protect legal claims; or

(d) the person concerned objected to the data handling; in that case, the restriction applies to the period during which it is established that the legitimate reasons for the data controller have priority over the legitimate grounds of the party concerned.

 

7.3. The person concerned must be informed in advance of the discontinuation of the data handling.

 

The relevant rules are set out in Article 18 of the Regulation.

 

  1. A the obligation to notify or erase personal data or to restrict the processing of data

The data controller informs all addressees of any rectification, deletion or data limitation with whom or with which personal information has been communicated, unless this proves impossible or requires disproportionate effort. At the request of the data subject, the data controller shall inform the addressees thereof.

 

These rules are contained in Article 19 of the Regulation.

 

  1. Right to data storage

 

9.1. Subject to the conditions set out in this Decree, the data subject shall have the right to receive the personal information provided to him by a data controller in a fragmented, widely used machine-readable format and shall be entitled to transmit this data to another data controller without obstructing the the data controller who has provided the personal data if he / she is

(a) the processing of data is either a contribution or a contract; and

(b) data management is carried out in an automated manner.

 

9.2. The person concerned may also request the direct transfer of personal data between data controllers.

 

9.3. The exercise of the right to hold data shall be without prejudice to Article 17 of the Regulation (The right to cancel ("the right to be forgiven"). The right to adduceability is not applicable in the case where data processing is necessary for the performance of a task in the public interest or in the exercise of its public authority powers conferred on the data controller. This right should not adversely affect the rights and freedoms of others.

 

Detailed rules are set out in Article 20 of the Regulation.

 

  1. A right to protest

 

10.1. The person concerned has the right to object at any time to the processing of personal data in the public interest, the performance of a public task (Article 6 (1) (e)) or legitimate interest (Article 6 (f)), including profiling based on those provisions too. In this case, the data controller may not process the personal data unless the data controller proves that the data processing is justified by compelling reasons of lawfulness that prevail over the interests, rights and freedoms of the data subject, or for the purpose of submitting, enforcing or protecting legal claims related.

10.2. If your personal data is handled for direct business, the person is entitled to object at any time to the handling of personal data relating to that purpose, including profiling, if it is related to direct business acquisition.  If a person objects to the personal data being handled for direct business purposes, personal data may no longer be handled for that purpose.

10.3. These rights must be explicitly mentioned in the notice of first contact with the person concerned at the latest, and the relevant information must be clearly and completely separate from any other information.

10.4. The right to protest can also be exercised by automated means based on technical specifications.

10.5. If the personal data are handled for scientific and historical research purposes or for statistical purposes, the data subject is entitled to object to the processing of personal data relating to his / her own personal situation, unless it is necessary for the performance of a task for public interest purposes.

 

The relevant rules are contained in the Article of the Regulation.

 

  1. Automated decision-making in individual cases, including profiling

 

11.1. The data subject shall be entitled to exclude the scope of a decision based solely on automated data management, including profiling, which would have a bearing on him or would have a significant effect on him.

 

11.2. This right shall not apply if the decision is:

(a) it is necessary for the conclusion and performance of the contract between the data subject and the data controller;

(b) be made available to the data controller by means of Union or Member State law which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or

Is based on the data subject’s explicit consent

 

11.3. In the cases referred to in points (a) and (c), the data controller shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention, submit an objection.

 

Further rules are set out in Article 22 of the Regulation.

 

  1. Restrictions

 

The law of the Union or of the Member States applicable to a data controller or data processor may restrict the scope of rights and obligations (Articles 12 to 22, Article 34 and Article 5) by means of legislative measures if the restriction respects the essential content of fundamental rights and freedoms.

 

The conditions for this restriction are laid down in Article 23 of the Regulation.

 

  1. Informing the person concerned about the privacy incident

 

13.1. If the privacy incident is likely to pose a high risk to the rights and freedoms of natural persons, the data controller must inform the data subject of the data protection incident without undue delay. This information must clearly and easily explain the nature of the privacy incident and provide at least the following information:

 

(a) the name and contact details of the Data Protection Officer or other contact person providing further information;

(c) the likely consequences of a data protection incident;

(d) measures to be taken or planned by the data controller to remedy a data protection incident, including, where appropriate, measures to mitigate any adverse consequences resulting from a data protection incident.

 

13.2. The data subject need not be informed if any of the following conditions are met:

(a) the data controller has implemented adequate technical and organizational protection measures and applies those measures to the data covered by the data protection incident, in particular the measures, such as the use of encryption, which are unintelligible to unauthorized persons make the data;

(b) after the data protection incident, the data controller has taken further measures to ensure that high risk for the rights and freedoms of the person concerned is no longer likely to be realized;

(c) the information would require a disproportionate effort. In such cases, the data subject shall be informed by means of publicly disclosed information or a similar measure shall be taken to ensure that such information is equally effective.

 

Further rules are set out in Article 34 of the Regulation.

 

  1. A the right to complain to a supervisory authority (right to an administrative remedy)

 

The person concerned has the right to lodge a complaint with a supervisory authority, in particular in the Member State where he or she is habitually resident, in the workplace or in the suspected breach, if the person concerned considers that the processing of personal data relating to him violates the Regulation.  The supervisory authority to which the complaint has been filed shall inform the client about the procedural developments and the outcome of the complaint, including the fact that the client is entitled to seek judicial redress.

 

These rules are contained in Article 77 of the Regulation.

 

  1. A effective judicial remedies against the supervisory authority

 

15.1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons shall be entitled to effective judicial remedies against the legally binding decision of the supervisory authority.

 

15.2. Without prejudice to other administrative or non-judicial remedies, all parties concerned shall be entitled to an effective remedy if the competent supervisory authority does not deal with the complaint or within three months shall not inform the person concerned of the procedural developments or results of the complaint submitted.

 

15.3. The procedure against the supervisory authority shall be initiated before the courts of the Member State in which the supervisory authority is situated.

 

15.4. If a supervisory authority commits a decision against which a body has previously issued an opinion or made a decision under the unity mechanism, the supervisory authority shall send that opinion or decision to the court.

 

These rules are set out in Article 78 of the Regulation.

 

  1. Right to an effective remedy against data controller or data processor

 

16.1. Without prejudice to any available administrative or non-judicial remedies, including the right to complain to the supervisory authority, all concerned shall be entitled to an effective judicial remedy if it considers that their rights under this Regulation have been infringed as a result of the non-compliance of their personal data with this Regulation.

 

16.2. The data controller or processor shall be initiated before the court of the Member State in which the data controller or the processor is established. Such proceedings may be instituted before the courts of the Member State in which the person concerned is habitually resident, unless the data controller or the data processor is a public authority of a Member State acting within the scope of his public authority.

 

These rules are set out in Article 79 of the Regulation.

 

Done, Budaörs, May 15, 2018

 

Data Processing Policy
THE RIGHTS OF NATURAL PERSONS CONCERNED
 PERSONAL DATA SHOULD BE TAKEN INTO ACCOUNT
 
 
TABLE OF CONTENTS

 

INTRODUCTION

CHAPTER I - THE DATABASE TITLE

  1. CHAPTER - DATABASE DOCUMENTS
  2. Finance on Call IT Service Provider

III. SECURITY OF DATA MANAGEMENT LEGISLATION

  1. Data management based on the consent of the person concerned
  2. Data management based on the fulfillment of a legal obligation
  3. Facilitating the Rights of the Rights

ARC. CHAPTER II - VISITOR'S DATA MANAGEMENT ON THE FINANCIAL ON CALL - INFORMATION FOR THE APPLICATION OF COOKIE

CHAPTER V - INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED

 


 

 

 

 

 

INTRODUCTION

 

REGULATION (EU) No 2016/67 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL ("the Regulation"), concerning the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation 95/46 / that the Data Controller shall take appropriate measures to provide the data subject with the personal data management information in a concise, transparent, comprehensible and easily accessible form, in a clear and unambiguous manner, and that the Data Controller shall facilitate the exercise of the rights of the data subject. 

 

The obligation to inform the data subject in advance of the information on the right to information self-determination and the freedom of information in CXII. law also provides.

 

By following the information provided below, we comply with this statutory obligation.

 

The information must be disclosed on the Finance on Call website or sent to the person concerned at its request.

 

CHAPTER I

THE DATABASE TITLE

 

The publisher of this information, at the same time the Data Manager:

Brand Name: Finance on Call

Registered office:

|||UNTRANSLATED_CONTENT_START|||Cégjegyzékszám:|||UNTRANSLATED_CONTENT_END|||

Tax ID No.:

Representative: Gyula Szarvas

Phone: +36309772648

Fax: [de]

E-mail address: info @ Finance on Call

Website: www.Finance on Call

(hereinafter referred to as Finance on Call)

 

CHAPTER II

DATA PROCESSING TITLE

 

Data Processor: afor a natural or legal person, public authority, agency or any other body that manages personal data on behalf of the data controller; (Regulation Article 4 8)

 

The use of the data processor does not require the prior consent of the data subject, but it is necessary to inform him / her. Accordingly, we provide the following information:

 

  1. Finance on Call IT Service Provider

 

Finance on Call uses a data processor to maintain and manage its website, which provides IT services (hosting services) and manages the personal information provided on the website, for the duration of our contract, with the personal data stored on the server.

 

This data processor is named as follows:

Company Name: FRIK Kft.

Head office: 2040 Budaörs Puskás Tivadar utca 3.

Company registration number: 13 09 118073

Tax number: 14209790-2-13

Representative: Tamás Fehér

Phone: +36-30 / 610-1027

E-mail address: info@frik.hu

Website: www.frik.hu

 

  1. Postal Services, Delivery, Sending Shipment

 

These processors receive from Finance on Call the personal information necessary for the delivery of the ordered product (name, address, telephone number) and use it to deliver the product.

 

These providers are:

 

"Magyar Posta Zrt"

 

Flat rate

Company name:

Registered office:

|||UNTRANSLATED_CONTENT_START|||Cégjegyzékszám:|||UNTRANSLATED_CONTENT_END|||

Tax ID No.:

Represented by:

Phone number:

 

 

CHAPTER III

INSURANCE OF LEGALITY OF DATA MANAGEMENT

 

  1. Data management based on the consent of the person concerned

 

(1) If the Finance on Call wishes to perform a data-based data management agreement, the consent of the person concerned for handling his or her personal data shall be requested with the content and information contained in the data request form specified in the data management policy.

 

(2 Hit is also a matter of concern when the person concerned displays a check box when viewing the Finance on Call website and applies technical information regarding the use of information society services, as well as any other statement or action that is relevant to the relevant context. contributes to the planned management of your personal data. Silence, the foreground square or non-action is therefore not a consent. 

 

  1. Contribution shall cover all data management activities for the same purpose or purposes. If data management serves multiple purposes at a time, the consent must be given for all data management purposes.

 

  1. If the consent of the party concerned is provided in the context of a written statement that applies to other matters, such as the conclusion of a contract of sale or service, the request for consent must be presented in a clearly distinct manner from these other cases, in a clear and easily accessible form, with simple language. Any part of such a declaration containing the consent of the person concerned that violates the Decree shall not have binding force.

 

(5) Finance on Call may not conclude a contract for the performance of a contract to provide personal data that is not required for performance of the contract.

 

(6) The withdrawal of consent should be allowed in the same simple way as the granting of the consent.

 

(7) If the personal data has been collected with the consent of the data subject, the data controller may handle the data recorded without the need for a different legal provision for the fulfillment of the legal obligation that he or she may have, without further special consent and withdrawal of the consent of the person concerned.

 

  1. Data management based on the fulfillment of a legal obligation

 

 

(1) In the case of data processing based on a legal obligation, the provisions of the applicable law shall govern the scope of the manageable data, the purpose of data management, the length of the data storage, and the addressees.

(2) Data management based on the fulfillment of a legal obligation is independent of the consent of the party concerned, as data management is defined by law. In this case, the data controller must be informed prior to the processing of the data that the data is compulsory and that the data subject must be clearly and thoroughly informed about all the facts related to his or her data management, including the data and legal basis of data management, data handling and data processing , the duration of the data handling, if the personal data of the person concerned is handled by the data controller on the basis of the legal obligation that he or she is responsible for, and on who can know the data. The information should also include the rights and remedies available to the data subject in question. In the case of mandatory data handling, information may also be disclosed by making public the reference to the legal provisions containing the foregoing information.

 

  1. Facilitating the Rights of the Rights

 

You must ensure that you exercise your rights in all of the data management of Finance on Call.

 

 

CHAPTER IV

VISITOR'S DATA MANAGEMENT ON THE FINANCIAL ON CALL - APPLICATION OF COOKIE

 

  1. A visitors to the website should be informed about the use of cookies and to do sois technically essential except session cookies - your contribution should be sought.

 

  1. General information about cookies

 

2.1. Cookie is a data that the visited website sends to the visitor's browser (variable name value) to store it and later the same website can fill its contents. Cookies can be valid, valid until the browser closes, but for an unlimited period of time.  Later on, all HTTP (S) requests will also send this information to the server. This changes the data on the user's machine.

 

2.2. The essence of the cookie is that by the very nature of the web site services you need to designate a user (eg entering the page) and can handle it accordingly. The danger lies in the fact that this user is not always aware of and may be able to follow the user from the web site operator or other service provider whose content is built in the page (e.g. Facebook, Google Analytics), creating a profile, and in that case the cookie content can be considered as personal information.

 

2.3. Types of Cookies:

2.3.1. Technically indispensable session (s): without which the page simply would not work functionally, they would be used to identify the user, it needs to be handled if you have entered what you did in the basket, etc. This typically stores a session-id; other data is stored on the server, making it safer. There is a security aspect when the session cookie value is not well generated, there is a risk of session hijacking, so it is imperative that these values ​​are generated properly. Other terminology is called a session cookie for each cookie that is deleted at the time of exit from the browser (a session is a browser usage from start to exit).

2.3.2. Cooking Cookies: So you name cookies that comment on the user's choices, such as how you want the user to see the page. These types of cookies are essentially the setting data stored in the cookie.

2.3.3. Cooking Cookies: Although they do not have much to do with 'performance', they usually call cookies that gather information about the user's behavior, time spent, and clicks on the site they visit. These are typically third party applications (e.g. Google Analytics, AdWords, or Yandex.ru cookies). They are suitable for profiling from the visitor.

Learn more about Google Analytics cookies here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

To learn more about Google AdWords cookies:

https://support.google.com/adwords/answer/2407785?hl=hu

 

2.4. Accepting or enabling cookies is optional.  You can reset your browser settings to reject all cookies or to indicate when a cookie is just being sent.  Most browsers accept cookies automatically as default, but they can usually be changed to prevent automatic acceptance and offer options every time.

See the links below for the most popular browser cookie settings• Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu• Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn• Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11• Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7• Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9• Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8• Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq• Safari: https://support.apple.com/hu-hu/HT201265

However, we also note that certain site features or services may not function properly without cookies.

 

Third  Information on the Cookies on the Finance on Call website, or of the data generated during the visit

 

3.1. During the visit, the Finance on Call website may use the web site to record and manage the following information about the visitor and the device you are browsing:• the IP address used by the visitor,• browser type,• features of the operating system of the device used for browsing (configured language)• visit date,• the visited (sub) page, feature or service.

Click

 

These data are kept for up to 90 days and can be used primarily to test security incidents.

 

3.2. Cookies on the website

 

3.2.1. Technically indispensable session cookies

The purpose of data management is to ensure the proper functioning of the website. These cookies are needed for visitors to browse the web site, seamlessly and fully utilize its features, services available through the web site, including - in particular - comment on the actions made by a visitor on those pages or the login user during a visit. The duration of this cookie's data management is limited to the visitor's current visit, this type of cookies will automatically be deleted from your computer when the session is completed or when the browser is closed.

 

The legal basis for this data management is the 2001 Electronic Commerce Services and certain Information Society Services. CVIII. Act (Dedicated) 13 / A. Paragraph (3), according to which a the provider may treat the personal data necessary for the provision of the service in order to provide the service technically indispensable. If the other conditions are identical, the service provider must choose and always operate the tools used to provide the information society service in such a way that personal data is processed only if it is strictly necessary for the provision of the service and for the fulfillment of other purposes set out in this Act required, but in this case also to the extent and time required.

 

3.2.1. Cooking Cookies:

 

They note the user's choices, for example, in what form the user wants to see the page. These types of cookies are essentially the setting data stored in the cookie.

The legal basis for data handling is the visitor's consent.

The purpose of data management is: THE increase service efficiency, increase user experience, make the site more comfortable.

This data is rather on the user's computer, the web site only accesses and recognizes the visitor (s). 

 

3.2.2. Cooking Cookies:

Collect information about the user's behavior, time spent, and clicks on the site you visit. These are typically third party applications (e.g. Google Analytics, AdWords).

Legal Basis for Data Management: Contribution of the Contributor.

The aim of the data management is to analyze the website and send the promotional offers.

 

 

 

CHAPTER V

INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED

 

  1. The rights of the person concerned briefly summarized:
  2. To promote transparent communication, communication and the exercise of the relevant case law
  3. Right to prior information - where personal data are collected from the data subject
  4. Information to the person concerned and information to be made available if personal data are not obtained from the data controller
  5. Right of access to the subject
  6. A right to rectification
  7. A right of cancellation ("right to forgetting")
  8. Right to Restrict Data Management
  9. A the obligation to notify or erase personal data or to restrict the processing of data
  10. Right to data storage
  11. A right to protest
  12. Automated decision-making in individual cases, including profiling
  13. Restrictions
  14. Informing the person concerned about the privacy incident
  15. A the right to complain to a supervisory authority (right to an administrative remedy)
  16. A effective judicial remedies against the supervisory authority
  17. Right to an effective remedy against data controller or data processor

 

  1. Rights of the data subject in detail:

 

  1. To promote transparent communication, communication and the exercise of the relevant case law

 

1.1. The data controller shall provide the data subject with all information and information on the management of personal data in a concise, transparent, comprehensible and easily accessible form, in a clear and unambiguous manner, in particular for any information addressed to children. The information shall be provided in writing or otherwise, including, where appropriate, the electronic path. Oral information may be provided at the request of the person concerned, provided that the identity of the person concerned has been verified otherwise.

1.2. The data controller must facilitate the exercise of the rights of the data subject.

 

1.3. The data controller shall inform the data subject of undue delay, but in any event within one month of the receipt of the request, of the measures taken on his or her application for the exercise of his rights. This time limit may be extended by two additional months under the terms of the Regulation. to which the person concerned should be informed.

 

1.4. If the data controller fails to take measures in response to his request, he shall inform the data subject without delay and within one month of the receipt of the request for reasons of non-action and whether he or she may file a complaint with a supervisory authority and exercise his right of judicial redress.

 

1.5. The data controller provides information and action about the information and rights of the user free of charge, but fees may be charged in the cases described in the Regulation.

 

The detailed rules are set out in Article 12 of the Regulation.

 

  1. Right to prior information - if the personal data is collected from the person concerned

 

2.1. The person concerned has the right to be informed about the facts and information related to data management prior to commencing the processing of data.  In this context, the person concerned should be informed:

(a) the identity and contact details of the data controller and his representative,

  1. b) contact details of the Data Protection Officer (if any),

(c) the purpose of the planned treatment of personal data and the legal basis for data processing,

  1. d) in the case of data handling based on the validation of a legitimate interest, on the legitimate interests of the data controller or third party,

(e) the addressees of personal data with whom personal data are communicated, and the categories of recipients, if any;

(e) where applicable, the fact that the data controller wishes to transmit personal data to a third country or an international organization.

 

2.2. In order to ensure fair and transparent data management, the data controller must inform the data subject of the following additional information:

(a) the duration of the storage of personal data or, where this is not possible, the criteria for determining that period;

(b) the right of the data subject to request the data controller to access, correct, delete or restrict the personal data relating to the data subject, and object to the handling of such personal data and the right to the data concerned to be covered;

(c) in the case of data handling based on the consent of the party concerned, the right to withdraw the consent at any time without prejudice to the lawfulness of the data processing carried out on the basis of the consent prior to the withdrawal;

(d) the right to lodge a complaint addressed to the supervisory authority;

  1. e) whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for the conclusion of a contract and whether the data subject is obliged to provide personal data and the possible consequences of the lack of data provision;

(f) the existence of automated decision-making, including profiling, and at least in such cases the logic employed and information about the significance of such data management and the likely consequences for the data subject.

 

2.3. If the data controller wishes to perform further data processing for personal purposes other than the purpose of their collection, he / she must inform the person concerned of this different purpose and any relevant additional information prior to further processing.

 

 The detailed rules for the right of prior information are contained in Article 13 of the Regulation.

 

  1. Information to the person concerned and information to be made available if personal data are not obtained from the data controller

 

3.1. If the data controller has not obtained the personal data from the data subject, the data controller shall be kept by the data controller within no more than one month after the personal data has been obtained; where personal data are used for contact with the data subject, at least when contacting the person concerned; or if it is expected to communicate with other addressees, it must notify the facts and information referred to in paragraph 2 above, the categories of personal data concerned, the source of personal data and, where applicable, the fact that the data publicly available sources.

 

3.2. Further rules are set out in Section 2 (Right to Advance Advice).

 

Detailed rules for this information are contained in Article 14 of the Regulation.

 

  1. Right of access to the subject

 

4.1. The person concerned has the right to be informed by the data controller about whether his personal data is being processed and, if such data is being processed, he has the right to personal information and to the 2-3. You will receive access to related information in this section. (Article 15 of the Regulation).

 

4.2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the corresponding guarantees provided for in Article 46 of the Regulation.

 

4.3. The data controller shall provide the data subject with a copy of the personal data subject to data handling. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. 

 

Detailed rules for the right of access to the subject are set out in Article 15 of the Order.

 

  1. A right to rectification

 

5.1. The data subject shall have the right to rectify any inaccurate personal data that he or she is entitled upon request by the Data Controller without undue delay.

 

5.2. Taking into account the purpose of data management, the person concerned has the right to request the addition of incomplete personal data, including by means of a supplementary statement.

 

These rules are set out in Article 16 of the Regulation.

 

  1. A right of cancellation ("right to forgetting")

 

6.1. The data subject shall have the right to delete the personal data relating to him without undue delay, and the data controller shall be required to delete the personal data of the data subject without undue delay if

(a) personal data is no longer required for the purpose from which they have been collected or otherwise handled;

(b) the party concerned withdraws the consent of the data controller and does not have any other legal basis for data processing;

  1. c) the person concerned objects to his or her data handling and has no prior legitimate reason for data handling,

(d) the personal data has been unlawfully handled;

(e) the personal data are to be deleted in order to comply with the legal obligation imposed on the data controller in the Union or Member States' law;

(f) the provision of information society-related services offered directly to children for the collection of personal data.

 

6.2. The right to cancel can not be enforced if data management is required

(a) to exercise the right to freedom of expression and information;

(b) the performance of a task under the law of the Union or of a Member State applicable to the data controller, or to carry out a task carried out in the exercise of public authority exercised in the public interest or on the data controller;

(c) public interest in the field of public health;

(d) for purposes of public interest archiving, for scientific and historical research purposes or for statistical purposes, provided that the right to cancel would be likely to render impossible or seriously undermine this data management; or

  1. e) filing, enforcing or protecting legal claims.

 

Detailed rules on the right to cancel are set out in Article 17 of the Regulation.

 

7th Right to Restrict Data Management

 

7.1. In the case of limitation of data processing, such personal data may only be managed with the consent of the person concerned, with the exception of storage, with the submission, validation or protection of legal claims or in the protection of the rights of a natural or legal person, or in the public interest of the Union or of a Member State.

 

7.2. The data subject shall have the right to request that the Data Controller restricts the processing of data if one of the following conditions is met:

(a) the person concerned disputes the accuracy of the personal data; in this case, the restriction concerns the period of time that the Data Controller may check the accuracy of the personal data;

(b) data manipulation is unlawful and the data subject is opposed to the deletion of the data and, instead, requests that they be restricted;

  1. c) the Data Controller no longer needs personal data for data processing, but the data subject requires them to submit, enforce, or protect legal claims; or

(d) the person concerned objected to the data handling; in that case, the restriction applies to the period during which it is established that the legitimate reasons for the data controller have priority over the legitimate grounds of the party concerned.

 

7.3. The person concerned must be informed in advance of the discontinuation of the data handling.

 

The relevant rules are set out in Article 18 of the Regulation.

 

  1. A the obligation to notify or erase personal data or to restrict the processing of data

The data controller informs all addressees of any rectification, deletion or data limitation with whom or with which personal information has been communicated, unless this proves impossible or requires disproportionate effort. At the request of the data subject, the data controller shall inform the addressees thereof.

 

These rules are contained in Article 19 of the Regulation.

 

  1. Right to data storage

 

9.1. Subject to the conditions set out in this Decree, the data subject shall have the right to receive the personal information provided to him by a data controller in a fragmented, widely used machine-readable format and shall be entitled to transmit this data to another data controller without obstructing the the data controller who has provided the personal data if he / she is

(a) the processing of data is either a contribution or a contract; and

(b) data management is carried out in an automated manner.

 

9.2. The person concerned may also request the direct transfer of personal data between data controllers.

 

9.3. The exercise of the right to hold data shall be without prejudice to Article 17 of the Regulation (The right to cancel ("the right to be forgiven"). The right to adduceability is not applicable in the case where data processing is necessary for the performance of a task in the public interest or in the exercise of its public authority powers conferred on the data controller. This right should not adversely affect the rights and freedoms of others.

 

Detailed rules are set out in Article 20 of the Regulation.

 

  1. A right to protest

 

10.1. The person concerned has the right to object at any time to the processing of personal data in the public interest, the performance of a public task (Article 6 (1) (e)) or legitimate interest (Article 6 (f)), including profiling based on those provisions too. In this case, the data controller may not process the personal data unless the data controller proves that the data processing is justified by compelling reasons of lawfulness that prevail over the interests, rights and freedoms of the data subject, or for the purpose of submitting, enforcing or protecting legal claims related.

10.2. If your personal data is handled for direct business, the person is entitled to object at any time to the handling of personal data relating to that purpose, including profiling, if it is related to direct business acquisition.  If a person objects to the personal data being handled for direct business purposes, personal data may no longer be handled for that purpose.

10.3. These rights must be explicitly mentioned in the notice of first contact with the person concerned at the latest, and the relevant information must be clearly and completely separate from any other information.

10.4. The right to protest can also be exercised by automated means based on technical specifications.

10.5. If the personal data are handled for scientific and historical research purposes or for statistical purposes, the data subject is entitled to object to the processing of personal data relating to his / her own personal situation, unless it is necessary for the performance of a task for public interest purposes.

 

The relevant rules are contained in the Article of the Regulation.

 

  1. Automated decision-making in individual cases, including profiling

 

11.1. The data subject shall be entitled to exclude the scope of a decision based solely on automated data management, including profiling, which would have a bearing on him or would have a significant effect on him.

 

11.2. This right shall not apply if the decision is:

(a) it is necessary for the conclusion and performance of the contract between the data subject and the data controller;

(b) be made available to the data controller by means of Union or Member State law which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or

Is based on the data subject’s explicit consent

 

11.3. In the cases referred to in points (a) and (c), the data controller shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention, submit an objection.

 

Further rules are set out in Article 22 of the Regulation.

 

  1. Restrictions

 

The law of the Union or of the Member States applicable to a data controller or data processor may restrict the scope of rights and obligations (Articles 12 to 22, Article 34 and Article 5) by means of legislative measures if the restriction respects the essential content of fundamental rights and freedoms.

 

The conditions for this restriction are laid down in Article 23 of the Regulation.

 

  1. Informing the person concerned about the privacy incident

 

13.1. If the privacy incident is likely to pose a high risk to the rights and freedoms of natural persons, the data controller must inform the data subject of the data protection incident without undue delay. This information must clearly and easily explain the nature of the privacy incident and provide at least the following information:

 

(a) the name and contact details of the Data Protection Officer or other contact person providing further information;

(c) the likely consequences of a data protection incident;

(d) measures to be taken or planned by the data controller to remedy a data protection incident, including, where appropriate, measures to mitigate any adverse consequences resulting from a data protection incident.

 

13.2. The data subject need not be informed if any of the following conditions are met:

(a) the data controller has implemented adequate technical and organizational protection measures and applies those measures to the data covered by the data protection incident, in particular the measures, such as the use of encryption, which are unintelligible to unauthorized persons make the data;

(b) after the data protection incident, the data controller has taken further measures to ensure that high risk for the rights and freedoms of the person concerned is no longer likely to be realized;

(c) the information would require a disproportionate effort. In such cases, the data subject shall be informed by means of publicly disclosed information or a similar measure shall be taken to ensure that such information is equally effective.

 

Further rules are set out in Article 34 of the Regulation.

 

  1. A the right to complain to a supervisory authority (right to an administrative remedy)

 

The person concerned has the right to lodge a complaint with a supervisory authority, in particular in the Member State where he or she is habitually resident, in the workplace or in the suspected breach, if the person concerned considers that the processing of personal data relating to him violates the Regulation.  The supervisory authority to which the complaint has been filed shall inform the client about the procedural developments and the outcome of the complaint, including the fact that the client is entitled to seek judicial redress.

 

These rules are contained in Article 77 of the Regulation.

 

  1. A effective judicial remedies against the supervisory authority

 

15.1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons shall be entitled to effective judicial remedies against the legally binding decision of the supervisory authority.

 

15.2. Without prejudice to other administrative or non-judicial remedies, all parties concerned shall be entitled to an effective remedy if the competent supervisory authority does not deal with the complaint or within three months shall not inform the person concerned of the procedural developments or results of the complaint submitted.

 

15.3. The procedure against the supervisory authority shall be initiated before the courts of the Member State in which the supervisory authority is situated.

 

15.4. If a supervisory authority commits a decision against which a body has previously issued an opinion or made a decision under the unity mechanism, the supervisory authority shall send that opinion or decision to the court.

 

These rules are set out in Article 78 of the Regulation.

 

  1. Right to an effective remedy against data controller or data processor

 

16.1. Without prejudice to any available administrative or non-judicial remedies, including the right to complain to the supervisory authority, all concerned shall be entitled to an effective judicial remedy if it considers that their rights under this Regulation have been infringed as a result of the non-compliance of their personal data with this Regulation.

 

16.2. The data controller or processor shall be initiated before the court of the Member State in which the data controller or the processor is established. Such proceedings may be instituted before the courts of the Member State in which the person concerned is habitually resident, unless the data controller or the data processor is a public authority of a Member State acting within the scope of his public authority.

 

These rules are set out in Article 79 of the Regulation.

 

Done, Budaörs, May 15, 2018

 

Data Processing Policy
THE RIGHTS OF NATURAL PERSONS CONCERNED
 PERSONAL DATA SHOULD BE TAKEN INTO ACCOUNT
 
 
TABLE OF CONTENTS

 

INTRODUCTION

CHAPTER I - THE DATABASE TITLE

  1. CHAPTER - DATABASE DOCUMENTS
  2. Finance on Call IT Service Provider

III. SECURITY OF DATA MANAGEMENT LEGISLATION

  1. Data management based on the consent of the person concerned
  2. Data management based on the fulfillment of a legal obligation
  3. Facilitating the Rights of the Rights

ARC. CHAPTER II - VISITOR'S DATA MANAGEMENT ON THE FINANCIAL ON CALL - INFORMATION FOR THE APPLICATION OF COOKIE

CHAPTER V - INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED

 


 

 

 

 

 

INTRODUCTION

 

REGULATION (EU) No 2016/67 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL ("the Regulation"), concerning the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation 95/46 / that the Data Controller shall take appropriate measures to provide the data subject with the personal data management information in a concise, transparent, comprehensible and easily accessible form, in a clear and unambiguous manner, and that the Data Controller shall facilitate the exercise of the rights of the data subject. 

 

The obligation to inform the data subject in advance of the information on the right to information self-determination and the freedom of information in CXII. law also provides.

 

By following the information provided below, we comply with this statutory obligation.

 

The information must be disclosed on the Finance on Call website or sent to the person concerned at its request.

 

CHAPTER I

THE DATABASE TITLE

The publisher of this information, at the same time the Data Manager:

Brand Name: Finance on Call

Registered office:

|||UNTRANSLATED_CONTENT_START|||Cégjegyzékszám:|||UNTRANSLATED_CONTENT_END|||

Tax ID No.:

Representative: Gyula Szarvas

Phone: +36309772648

Fax:

E-mail address: info @ Finance on Call

Website: www.Finance on Call

(hereinafter referred to as Finance on Call)

 

CHAPTER II

DATA PROCESSING TITLE

 

Data Processor: afor a natural or legal person, public authority, agency or any other body that manages personal data on behalf of the data controller; (Regulation Article 4 8)

 

The use of the data processor does not require the prior consent of the data subject, but it is necessary to inform him / her. Accordingly, we provide the following information:

 

  1. Finance on Call IT Service Provider

 

Finance on Call uses a data processor to maintain and manage its website, which provides IT services (hosting services) and manages the personal information provided on the website, for the duration of our contract, with the personal data stored on the server.

 

This data processor is named as follows:

Company Name: FRIK Kft.

Head office: 2040 Budaörs Puskás Tivadar utca 3.

Company registration number: 13 09 118073

Tax number: 14209790-2-13

Representative: Tamás Fehér

Phone: +36-30 / 610-1027

E-mail address: info@frik.hu

Website: www.frik.hu

 

  1. Postal Services, Delivery, Sending Shipment

 

These processors receive from Finance on Call the personal information necessary for the delivery of the ordered product (name, address, telephone number) and use it to deliver the product.

 

These providers are:

 

"Magyar Posta Zrt"

 

Flat rate

Company name:

Registered office:

|||UNTRANSLATED_CONTENT_START|||Cégjegyzékszám:|||UNTRANSLATED_CONTENT_END|||

Tax ID No.:

Represented by:

Phone number:

 

 

CHAPTER III

INSURANCE OF LEGALITY OF DATA MANAGEMENT

 

  1. Data management based on the consent of the person concerned

 

(1) If the Finance on Call wishes to perform a data-based data management agreement, the consent of the person concerned for handling his or her personal data shall be requested with the content and information contained in the data request form specified in the data management policy.

 

(2 Hit is also a matter of concern when the person concerned displays a check box when viewing the Finance on Call website and applies technical information regarding the use of information society services, as well as any other statement or action that is relevant to the relevant context. contributes to the planned management of your personal data. Silence, the foreground square or non-action is therefore not a consent. 

 

  1. Contribution shall cover all data management activities for the same purpose or purposes. If data management serves multiple purposes at a time, the consent must be given for all data management purposes.

 

  1. If the consent of the party concerned is provided in the context of a written statement that applies to other matters, such as the conclusion of a contract of sale or service, the request for consent must be presented in a clearly distinct manner from these other cases, in a clear and easily accessible form, with simple language. Any part of such a declaration containing the consent of the person concerned that violates the Decree shall not have binding force.

 

(5) Finance on Call may not conclude a contract for the performance of a contract to provide personal data that is not required for performance of the contract.

 

(6) The withdrawal of consent should be allowed in the same simple way as the granting of the consent.

 

(7) If the personal data has been collected with the consent of the data subject, the data controller may handle the data recorded without the need for a different legal provision for the fulfillment of the legal obligation that he or she may have, without further special consent and withdrawal of the consent of the person concerned.

 

  1. Data management based on the fulfillment of a legal obligation

 

 

(1) In the case of data processing based on a legal obligation, the provisions of the applicable law shall govern the scope of the manageable data, the purpose of data management, the length of the data storage, and the addressees.

(2) Data management based on the fulfillment of a legal obligation is independent of the consent of the party concerned, as data management is defined by law. In this case, the data controller must be informed prior to the processing of the data that the data is compulsory and that the data subject must be clearly and thoroughly informed about all the facts related to his or her data management, including the data and legal basis of data management, data handling and data processing , the duration of the data handling, if the personal data of the person concerned is handled by the data controller on the basis of the legal obligation that he or she is responsible for, and on who can know the data. The information should also include the rights and remedies available to the data subject in question. In the case of mandatory data handling, information may also be disclosed by making public the reference to the legal provisions containing the foregoing information.

 

  1. Facilitating the Rights of the Rights

 

You must ensure that you exercise your rights in all of the data management of Finance on Call.

 

 

CHAPTER IV

VISITOR'S DATA MANAGEMENT ON THE FINANCIAL ON CALL - APPLICATION OF COOKIE

 

  1. A visitors to the website should be informed about the use of cookies and to do sois technically essential except session cookies - your contribution should be sought.

 

  1. General information about cookies

 

2.1. Cookie is a data that the visited website sends to the visitor's browser (variable name value) to store it and later the same website can fill its contents. Cookies can be valid, valid until the browser closes, but for an unlimited period of time.  Later on, all HTTP (S) requests will also send this information to the server. This changes the data on the user's machine.

 

2.2. The essence of the cookie is that by the very nature of the web site services you need to designate a user (eg entering the page) and can handle it accordingly. The danger lies in the fact that this user is not always aware of and may be able to follow the user from the web site operator or other service provider whose content is built in the page (e.g. Facebook, Google Analytics), creating a profile, and in that case the cookie content can be considered as personal information.

 

2.3. Types of Cookies:

2.3.1. Technically indispensable session (s): without which the page simply would not work functionally, they would be used to identify the user, it needs to be handled if you have entered what you did in the basket, etc. This typically stores a session-id; other data is stored on the server, making it safer. There is a security aspect when the session cookie value is not well generated, there is a risk of session hijacking, so it is imperative that these values ​​are generated properly. Other terminology is called a session cookie for each cookie that is deleted at the time of exit from the browser (a session is a browser usage from start to exit).

2.3.2. Cooking Cookies: So you name cookies that comment on the user's choices, such as how you want the user to see the page. These types of cookies are essentially the setting data stored in the cookie.

2.3.3. Cooking Cookies: Although they do not have much to do with 'performance', they usually call cookies that gather information about the user's behavior, time spent, and clicks on the site they visit. These are typically third party applications (e.g. Google Analytics, AdWords, or Yandex.ru cookies). They are suitable for profiling from the visitor.

Learn more about Google Analytics cookies here:

https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

To learn more about Google AdWords cookies:

https://support.google.com/adwords/answer/2407785?hl=hu

 

2.4. Accepting or enabling cookies is optional.  You can reset your browser settings to reject all cookies or to indicate when a cookie is just being sent.  Most browsers accept cookies automatically as default, but they can usually be changed to prevent automatic acceptance and offer options every time.

See the links below for the most popular browser cookie settings• Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu• Firefox: https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn• Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11• Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7• Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9• Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8• Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq• Safari: https://support.apple.com/hu-hu/HT201265

However, we also note that certain site features or services may not function properly without cookies.

 

Third  Information on the Cookies on the Finance on Call website, or of the data generated during the visit

 

3.1. During the visit, the Finance on Call website may use the web site to record and manage the following information about the visitor and the device you are browsing:• the IP address used by the visitor,• browser type,• features of the operating system of the device used for browsing (configured language)• visit date,• the visited (sub) page, feature or service.

Click

 

These data are kept for up to 90 days and can be used primarily to test security incidents.

 

3.2. Cookies on the website

 

3.2.1. Technically indispensable session cookies

The purpose of data management is to ensure the proper functioning of the website. These cookies are needed for visitors to browse the web site, seamlessly and fully utilize its features, services available through the web site, including - in particular - comment on the actions made by a visitor on those pages or the login user during a visit. The duration of this cookie's data management is limited to the visitor's current visit, this type of cookies will automatically be deleted from your computer when the session is completed or when the browser is closed.

 

The legal basis for this data management is the 2001 Electronic Commerce Services and certain Information Society Services. CVIII. Act (Dedicated) 13 / A. Paragraph (3), according to which a the provider may treat the personal data necessary for the provision of the service in order to provide the service technically indispensable. If the other conditions are identical, the service provider must choose and always operate the tools used to provide the information society service in such a way that personal data is processed only if it is strictly necessary for the provision of the service and for the fulfillment of other purposes set out in this Act required, but in this case also to the extent and time required.

 

3.2.1. Cooking Cookies:

 

They note the user's choices, for example, in what form the user wants to see the page. These types of cookies are essentially the setting data stored in the cookie.

The legal basis for data handling is the visitor's consent.

The purpose of data management is: THE increase service efficiency, increase user experience, make the site more comfortable.

This data is rather on the user's computer, the web site only accesses and recognizes the visitor (s). 

 

3.2.2. Cooking Cookies:

Collect information about the user's behavior, time spent, and clicks on the site you visit. These are typically third party applications (e.g. Google Analytics, AdWords).

Legal Basis for Data Management: Contribution of the Contributor.

The aim of the data management is to analyze the website and send the promotional offers.

 

 

 

CHAPTER V

INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED

 

  1. The rights of the person concerned briefly summarized:
  2. To promote transparent communication, communication and the exercise of the relevant case law
  3. Right to prior information - where personal data are collected from the data subject
  4. Information to the person concerned and information to be made available if personal data are not obtained from the data controller
  5. Right of access to the subject
  6. A right to rectification
  7. A right of cancellation ("right to forgetting")
  8. Right to Restrict Data Management
  9. A the obligation to notify or erase personal data or to restrict the processing of data
  10. Right to data storage
  11. A right to protest
  12. Automated decision-making in individual cases, including profiling
  13. Restrictions
  14. Informing the person concerned about the privacy incident
  15. A the right to complain to a supervisory authority (right to an administrative remedy)
  16. A effective judicial remedies against the supervisory authority
  17. Right to an effective remedy against data controller or data processor

 

  1. Rights of the data subject in detail:

 

  1. To promote transparent communication, communication and the exercise of the relevant case law

 

1.1. The data controller shall provide the data subject with all information and information on the management of personal data in a concise, transparent, comprehensible and easily accessible form, in a clear and unambiguous manner, in particular for any information addressed to children. The information shall be provided in writing or otherwise, including, where appropriate, the electronic path. Oral information may be provided at the request of the person concerned, provided that the identity of the person concerned has been verified otherwise.

1.2. The data controller must facilitate the exercise of the rights of the data subject.

 

1.3. The data controller shall inform the data subject of undue delay, but in any event within one month of the receipt of the request, of the measures taken on his or her application for the exercise of his rights. This time limit may be extended by two additional months under the terms of the Regulation. to which the person concerned should be informed.

 

1.4. If the data controller fails to take measures in response to his request, he shall inform the data subject without delay and within one month of the receipt of the request for reasons of non-action and whether he or she may file a complaint with a supervisory authority and exercise his right of judicial redress.

 

1.5. The data controller provides information and action about the information and rights of the user free of charge, but fees may be charged in the cases described in the Regulation.

 

The detailed rules are set out in Article 12 of the Regulation.

 

  1. Right to prior information - if the personal data is collected from the person concerned

 

2.1. The person concerned has the right to be informed about the facts and information related to data management prior to commencing the processing of data.  In this context, the person concerned should be informed:

(a) the identity and contact details of the data controller and his representative,

  1. b) contact details of the Data Protection Officer (if any),

(c) the purpose of the planned treatment of personal data and the legal basis for data processing,

  1. d) in the case of data handling based on the validation of a legitimate interest, on the legitimate interests of the data controller or third party,

(e) the addressees of personal data with whom personal data are communicated, and the categories of recipients, if any;

(e) where applicable, the fact that the data controller wishes to transmit personal data to a third country or an international organization.

 

2.2. In order to ensure fair and transparent data management, the data controller must inform the data subject of the following additional information:

(a) the duration of the storage of personal data or, where this is not possible, the criteria for determining that period;

(b) the right of the data subject to request the data controller to access, correct, delete or restrict the personal data relating to the data subject, and object to the handling of such personal data and the right to the data concerned to be covered;

(c) in the case of data handling based on the consent of the party concerned, the right to withdraw the consent at any time without prejudice to the lawfulness of the data processing carried out on the basis of the consent prior to the withdrawal;

(d) the right to lodge a complaint addressed to the supervisory authority;

  1. e) whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for the conclusion of a contract and whether the data subject is obliged to provide personal data and the possible consequences of the lack of data provision;

(f) the existence of automated decision-making, including profiling, and at least in such cases the logic employed and information about the significance of such data management and the likely consequences for the data subject.

 

2.3. If the data controller wishes to perform further data processing for personal purposes other than the purpose of their collection, he / she must inform the person concerned of this different purpose and any relevant additional information prior to further processing.

 

 The detailed rules for the right of prior information are contained in Article 13 of the Regulation.

 

  1. Information to the person concerned and information to be made available if personal data are not obtained from the data controller

 

3.1. If the data controller has not obtained the personal data from the data subject, the data controller shall be kept by the data controller within no more than one month after the personal data has been obtained; where personal data are used for contact with the data subject, at least when contacting the person concerned; or if it is expected to communicate with other addressees, it must notify the facts and information referred to in paragraph 2 above, the categories of personal data concerned, the source of personal data and, where applicable, the fact that the data publicly available sources.

 

3.2. Further rules are set out in Section 2 (Right to Advance Advice).

 

Detailed rules for this information are contained in Article 14 of the Regulation.

 

  1. Right of access to the subject

 

4.1. The person concerned has the right to be informed by the data controller about whether his personal data is being processed and, if such data is being processed, he has the right to personal information and to the 2-3. You will receive access to related information in this section. (Article 15 of the Regulation).

 

4.2. Where personal data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the corresponding guarantees provided for in Article 46 of the Regulation.

 

4.3. The data controller shall provide the data subject with a copy of the personal data subject to data handling. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. 

 

Detailed rules for the right of access to the subject are set out in Article 15 of the Order.

 

  1. A right to rectification

 

5.1. The data subject shall have the right to rectify any inaccurate personal data that he or she is entitled upon request by the Data Controller without undue delay.

 

5.2. Taking into account the purpose of data management, the person concerned has the right to request the addition of incomplete personal data, including by means of a supplementary statement.

 

These rules are set out in Article 16 of the Regulation.

 

  1. A right of cancellation ("right to forgetting")

 

6.1. The data subject shall have the right to delete the personal data relating to him without undue delay, and the data controller shall be required to delete the personal data of the data subject without undue delay if

(a) personal data is no longer required for the purpose from which they have been collected or otherwise handled;

(b) the party concerned withdraws the consent of the data controller and does not have any other legal basis for data processing;

  1. c) the person concerned objects to his or her data handling and has no prior legitimate reason for data handling,

(d) the personal data has been unlawfully handled;

(e) the personal data are to be deleted in order to comply with the legal obligation imposed on the data controller in the Union or Member States' law;

(f) the provision of information society-related services offered directly to children for the collection of personal data.

 

6.2. The right to cancel can not be enforced if data management is required

(a) to exercise the right to freedom of expression and information;

(b) the performance of a task under the law of the Union or of a Member State applicable to the data controller, or to carry out a task carried out in the exercise of public authority exercised in the public interest or on the data controller;

(c) public interest in the field of public health;

(d) for purposes of public interest archiving, for scientific and historical research purposes or for statistical purposes, provided that the right to cancel would be likely to render impossible or seriously undermine this data management; or

  1. e) filing, enforcing or protecting legal claims.

 

Detailed rules on the right to cancel are set out in Article 17 of the Regulation.

 

7th Right to Restrict Data Management

 

7.1. In the case of limitation of data processing, such personal data may only be managed with the consent of the person concerned, with the exception of storage, with the submission, validation or protection of legal claims or in the protection of the rights of a natural or legal person, or in the public interest of the Union or of a Member State.

 

7.2. The data subject shall have the right to request that the Data Controller restricts the processing of data if one of the following conditions is met:

(a) the person concerned disputes the accuracy of the personal data; in this case, the restriction concerns the period of time that the Data Controller may check the accuracy of the personal data;

(b) data manipulation is unlawful and the data subject is opposed to the deletion of the data and, instead, requests that they be restricted;

  1. c) the Data Controller no longer needs personal data for data processing, but the data subject requires them to submit, enforce, or protect legal claims; or

(d) the person concerned objected to the data handling; in that case, the restriction applies to the period during which it is established that the legitimate reasons for the data controller have priority over the legitimate grounds of the party concerned.

 

7.3. The person concerned must be informed in advance of the discontinuation of the data handling.

 

The relevant rules are set out in Article 18 of the Regulation.

 

  1. A the obligation to notify or erase personal data or to restrict the processing of data

The data controller informs all addressees of any rectification, deletion or data limitation with whom or with which personal information has been communicated, unless this proves impossible or requires disproportionate effort. At the request of the data subject, the data controller shall inform the addressees thereof.

 

These rules are contained in Article 19 of the Regulation.

 

  1. Right to data storage

 

9.1. Subject to the conditions set out in this Decree, the data subject shall have the right to receive the personal information provided to him by a data controller in a fragmented, widely used machine-readable format and shall be entitled to transmit this data to another data controller without obstructing the the data controller who has provided the personal data if he / she is

(a) the processing of data is either a contribution or a contract; and

(b) data management is carried out in an automated manner.

 

9.2. The person concerned may also request the direct transfer of personal data between data controllers.

 

9.3. The exercise of the right to hold data shall be without prejudice to Article 17 of the Regulation (The right to cancel ("the right to be forgiven"). The right to adduceability is not applicable in the case where data processing is necessary for the performance of a task in the public interest or in the exercise of its public authority powers conferred on the data controller. This right should not adversely affect the rights and freedoms of others.

 

Detailed rules are set out in Article 20 of the Regulation.

 

  1. A right to protest

 

10.1. The person concerned has the right to object at any time to the processing of personal data in the public interest, the performance of a public task (Article 6 (1) (e)) or legitimate interest (Article 6 (f)), including profiling based on those provisions too. In this case, the data controller may not process the personal data unless the data controller proves that the data processing is justified by compelling reasons of lawfulness that prevail over the interests, rights and freedoms of the data subject, or for the purpose of submitting, enforcing or protecting legal claims related.

10.2. If your personal data is handled for direct business, the person is entitled to object at any time to the handling of personal data relating to that purpose, including profiling, if it is related to direct business acquisition.  If a person objects to the personal data being handled for direct business purposes, personal data may no longer be handled for that purpose.

10.3. These rights must be explicitly mentioned in the notice of first contact with the person concerned at the latest, and the relevant information must be clearly and completely separate from any other information.

10.4. The right to protest can also be exercised by automated means based on technical specifications.

10.5. If the personal data are handled for scientific and historical research purposes or for statistical purposes, the data subject is entitled to object to the processing of personal data relating to his / her own personal situation, unless it is necessary for the performance of a task for public interest purposes.

 

The relevant rules are contained in the Article of the Regulation.

 

  1. Automated decision-making in individual cases, including profiling

 

11.1. The data subject shall be entitled to exclude the scope of a decision based solely on automated data management, including profiling, which would have a bearing on him or would have a significant effect on him.

 

11.2. This right shall not apply if the decision is:

(a) it is necessary for the conclusion and performance of the contract between the data subject and the data controller;

(b) be made available to the data controller by means of Union or Member State law which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; or

Is based on the data subject’s explicit consent

 

11.3. In the cases referred to in points (a) and (c), the data controller shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention, submit an objection.

 

Further rules are set out in Article 22 of the Regulation.

 

  1. Restrictions

 

The law of the Union or of the Member States applicable to a data controller or data processor may restrict the scope of rights and obligations (Articles 12 to 22, Article 34 and Article 5) by means of legislative measures if the restriction respects the essential content of fundamental rights and freedoms.

 

The conditions for this restriction are laid down in Article 23 of the Regulation.

 

  1. Informing the person concerned about the privacy incident

 

13.1. If the privacy incident is likely to pose a high risk to the rights and freedoms of natural persons, the data controller must inform the data subject of the data protection incident without undue delay. This information must clearly and easily explain the nature of the privacy incident and provide at least the following information:

 

(a) the name and contact details of the Data Protection Officer or other contact person providing further information;

(c) the likely consequences of a data protection incident;

(d) measures to be taken or planned by the data controller to remedy a data protection incident, including, where appropriate, measures to mitigate any adverse consequences resulting from a data protection incident.

 

13.2. The data subject need not be informed if any of the following conditions are met:

(a) the data controller has implemented adequate technical and organizational protection measures and applies those measures to the data covered by the data protection incident, in particular the measures, such as the use of encryption, which are unintelligible to unauthorized persons make the data;

(b) after the data protection incident, the data controller has taken further measures to ensure that high risk for the rights and freedoms of the person concerned is no longer likely to be realized;

(c) the information would require a disproportionate effort. In such cases, the data subject shall be informed by means of publicly disclosed information or a similar measure shall be taken to ensure that such information is equally effective.

 

Further rules are set out in Article 34 of the Regulation.

 

  1. A the right to complain to a supervisory authority (right to an administrative remedy)

 

The person concerned has the right to lodge a complaint with a supervisory authority, in particular in the Member State where he or she is habitually resident, in the workplace or in the suspected breach, if the person concerned considers that the processing of personal data relating to him violates the Regulation.  The supervisory authority to which the complaint has been filed shall inform the client about the procedural developments and the outcome of the complaint, including the fact that the client is entitled to seek judicial redress.

 

These rules are contained in Article 77 of the Regulation.

 

  1. A effective judicial remedies against the supervisory authority

 

15.1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons shall be entitled to effective judicial remedies against the legally binding decision of the supervisory authority.

 

15.2. Without prejudice to other administrative or non-judicial remedies, all parties concerned shall be entitled to an effective remedy if the competent supervisory authority does not deal with the complaint or within three months shall not inform the person concerned of the procedural developments or results of the complaint submitted.

 

15.3. The procedure against the supervisory authority shall be initiated before the courts of the Member State in which the supervisory authority is situated.

 

15.4. If a supervisory authority commits a decision against which a body has previously issued an opinion or made a decision under the unity mechanism, the supervisory authority shall send that opinion or decision to the court.

 

These rules are set out in Article 78 of the Regulation.

 

  1. Right to an effective remedy against data controller or data processor

 

16.1. Without prejudice to any available administrative or non-judicial remedies, including the right to complain to the supervisory authority, all concerned shall be entitled to an effective judicial remedy if it considers that their rights under this Regulation have been infringed as a result of the non-compliance of their personal data with this Regulation.

 

16.2. The data controller or processor shall be initiated before the court of the Member State in which the data controller or the processor is established. Such proceedings may be instituted before the courts of the Member State in which the person concerned is habitually resident, unless the data controller or the data processor is a public authority of a Member State acting within the scope of his public authority.

 

These rules are set out in Article 79 of the Regulation.

 

Done, Budaörs, May 15, 2018

 

Please publish modules in offcanvas position.