This Privacy Policy applies to your access and use of OfficeProtector’s services.
Last updated: 23 July 2023.
This Privacy Policy is meant to help you understand what information I collect as Data Controller, why I collect it, and how you can update, manage, export, and delete your information.
1., DATA CONTROLLER
Name: Ivánka-Csontos Andrea (59189529-1-51)
Principal place of business: 5000 Szolnok, Dr. Kronberg J. u. 9.
Email: info@officeprotector.hu
For the purposes of this prospectus, personal data is any information relating to an identified or identifiable natural person (the Data Subject). A natural person can be who is, directly or indirectly identifiable, based on an identifier (such as name, number, location, online identifier or one or more factors relating to the natural person’s physical, physiological, genetic, mental, economic, cultural or social identity).
Main regulations of current data management:
– REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
2., The purpose of the processing and legal basis
The purpose of processing | The data I collect( Why it’s necessary?) | Source of data | Legal basis |
Webpage visitors, send email (contact) | Necessary for the identification and contact of the natural person. | Data sent by the Data Subject to the address indicated as the contact email address. | Article 6(1) point (a) ( the data subject has given consent to the processing of his or her personal data for one or more specific purposes;). |
OfficeProtector’s services | Necessary for the service and contract. | Data given for the service and contract. | Article 6(1) point (b) ( processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;;). |
Whistleblowing Procedure | Necessary for the procedure. | Data given for the Whistleblower | Article 6 (1) point (c) ( processing is necessary for compliance with a legal obligation to which the controller is subject;). |
3., Recipients
Recipient | Address | Purpose |
Rackhost Zrt. | 6722 Szeged, Tisza Lajos körút 41. | domain |
www.billingo.hu | 1133 Budapest, Árbóc utca 6. I. emelet | billing program |
Contacted Partners | Hungary | cooperating partners |
The personal data of the data subject may, as a general rule, be accessed by the employees of the Data Controller in order to perform their tasks. For example, the Data Controller’s employees involved in the organisation of an event are the organisers involved in the process. The personal data will be transferred to the above mentioned Recipients. Only in exceptional cases will the Controller transfer the personal data of the data subject to other public bodies. For example, if a dispute between the data subject and the Data Controller is the subject of legal proceedings and the court in charge requires the transfer of documents containing the data subject’s personal data, the police may contact the Data Controller and request the transfer of documents containing the data subject’s personal data for the purposes of the investigation. In addition, for example, the lawyer representing the Controller will also have access to the personal data in the event of a dispute between the data subject and the Controller.
4., Time of storage of personal data
Until the withdrawal of the data processing consent, but for a maximum of 3 years (8 years in the case of billing) after the use of the service or the sending of the contact message, unless the Data Subject has opted out of being contacted about further professional programmes. If he/she has consented to further inquiries, until the date of the opt-out by the Data Subject.
In the event of a complaint/abuse report having been made or not made, and after the investigation has been completed (if the data are not required for further action), they will be deleted with immediate effect within sixty days at the latest, in the cases specified in Act XXV of 2023.
5., Other
Personal data isn’t transferred to a third country and not to an international organization. No automated decision-making or profiling takes place during the processing of personal data detailed in this Data Management Information.
6., Rights of the data subject
I will comply with your written request to exercise your rights (which may be sent by e-mail to the info@nftdeb.art e-mail address or by post) within a maximum of one month of receipt. The date of receipt of the application does not count towards the deadline. If necessary, taking into account the complexity of the application and the number of applications, I may extend this deadline by another two months. I shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month from the receipt of the request.
6.1., Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
– the purposes of the processing;
– the categories of personal data concerned;
– the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
– where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
– the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
– the right to lodge a complaint with a supervisory authority;
In the case of a complaint/abuse report, the whistleblower’s personal data may not be disclosed to the person requesting the information.
6.2., Right to rectification
The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
6.3., Right to restriction of processing
The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:
– the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
– the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
– the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
– the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.
6.4., Right to object
The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
6.5., Right to erasure
The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
– the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
– the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
– the personal data have been unlawfully processed;
– the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
– the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
6.6., Right to data portability
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
– the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
– the processing is carried out by automated means.
7., Right of appeal
7.1.Right to contact the Data Controller
If you consider the way in which I handle your personal data to be infringing, I recommend that you first contact me with your complaint at laszlo@atakacs.hu.
7.2.Right to complain to the supervisory authority
I would like to inform you that you can submit a complaint regarding the processing of data to the local supervisory authority.
7.3. Right to legal remedy
Please be informed that you have the option of going to court to protect your personal information, which will act out of turn detailed in the following.
In this case, you are free to decide whether to bring the case before the court having jurisdiction.