top of page

DATA PROCESSING INFORMATION ON THE PROCESSING OF PERSONAL DATA (NOTIFICATION TO CONTRACTING PARTIES) European Parliament and Council Regulation (EU) No 2016/67 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the Council (EU) (hereinafter: GDPR), the Data Controller shall provide the following information to data subjects regarding the processing of personal data.

Data Protection Officer Name: Bende Erhard Mailing address: 6500 Baja Attila u3. Email: erhardno1@gmail.com Phone: +36202702804 Headquarters: 6522 Gara Kossuth u 10

Legislation underpinning data processing Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 (General Data Protection Regulation) ) (hereinafter: GDPR, the current text of the legislation is available at the following link: http://eur-lex.europa.eu/legalcontent/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01. ENG & toc = OJ: L: 2016: 119: TOC) Act CXII of 2011 on the right to information self-determination and freedom of information. Act (hereinafter: Infotv., the current text of the legislation is available via the following link: http://njt.hu/cgi_bin/njt_doc.cgi?docid=139257.338504)

For the purposes of the GDPR, "personal data" means any information relating to an identified or identifiable natural person ("data subject"); identify a natural person who, directly or indirectly, in particular by reference to one or more factors such as name, number, location, online identifier or physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable. The term "recipient" shall mean any natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities that may have access to personal data in the framework of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing.

Purpose of the processing of PERSONAL DATA: Legal basis for data processing in the Appendix: Duration of storage in the Appendix: List or categories in the Appendix: Source in the Appendix: If the legal basis is indicated in the Appendix, the legitimate interest is indicated in the Appendix. The provision of personal data in the Appendix is, as a general rule, at the discretion of the data subject. If the provision of personal data in the Appendix is based on a law or a contractual obligation or a precondition for concluding a contract, the data subject is obliged to provide the personal data indicated in the Annex, failure to do so may result in: - request for data for the purpose of: non-conclusion of a contract - request for data in order to use the service: refusal to provide a service - request for data for security purposes: restriction of access, exclusion Automated decision-making or profiling Does the Data Controller use this? Information on the logic used What is the significance and consequences for the person concerned No. Not relevant Not relevant IF ADDRESSED Names of recipients Purpose of communication In the Appendix In the Appendix

WHO CAN KNOW YOUR PERSONAL INFORMATION? As a general rule, the personal data of the data subject may be disclosed to the employees of the Data Controller in order to perform their duties. Thus, for example, the data processing staff of the Data Controller will get to know the personal data of the data subject in order to manage the case or the HR staff member will be able to draw up the employment contract. The Data Controller will only transfer the personal data of the data subject to other state bodies in exceptional cases. For example, if a legal dispute between the data subject and the Data Controller involves legal proceedings and the processing court requires the transfer of documents containing the data subject's personal data, the police will contact the Data Controller and request the transmission of the data subject's personal data. In addition, for example, a lawyer representing the Data Controller will also have access to personal data in the event of a dispute between the data subject and the Data Controller. DATA SECURITY MEASURES The Data Controller stores the personal data provided by the data subject at the Data Controller's registered office or registered office. To process the personal data of the data subject, the Data Controller uses the data processing service indicated in the Appendix. The Data Controller shall take appropriate information security measures to ensure that the personal data of the data subject are protected against, inter alia, unauthorized access or alteration. For example, access to personal information stored on servers is logged, so you can always check who, when, what personal information. The Data Controller shall take appropriate organizational measures to ensure that personal data cannot become accessible to an indefinite number of persons. TRANSFER TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATION Name of third country or international organization EU Commission decision on compliance or, failing that, indication of guarantees Binding company rule (if relevant) Relevant Not applicable for specific situations Not relevant (if relevant)

YOUR RIGHTS Pursuant to Article 15 of the GDPR, the data subject may request access to personal data concerning him or her in the following ways: such processing is ongoing, shall have the right to access personal data and the following information: (a) for the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be communicated, including in particular third country recipients or international organizations; (d) where applicable, the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period; (e) the right of the data subject to request the controller to rectify, erase or restrict the processing of personal data concerning him or her and to object to the processing of such personal data; (f) the right to lodge a complaint with a supervisory authority; (g) if the data were not collected from the data subject, all available information on their source; (h) the fact of automated decision-making, including profiling, and at least in such cases, comprehensible information on the logic used and the significance of such data processing for the data subject. (2) The Data Controller shall make a copy of the personal data subject to data processing available to the data subject. The Data Controller may charge a reasonable fee based on administrative costs for additional copies requested by the data subject. Where the data subject has submitted the request by electronic means, the information shall be provided in a widely used electronic format, unless otherwise requested by the data subject. The right to request a copy shall not adversely affect the rights and freedoms of others. Pursuant to Article 16 of the GDPR, the data subject has the right to request the rectification of personal data concerning him or her. Upon the request of the data subject, the Data Controller is obliged to correct inaccurate personal data concerning him / her without undue delay. Taking into account the purpose of the data processing, the data subject has the right to request that the incomplete personal data be supplemented, inter alia, by means of a supplementary statement. Pursuant to Article 17 of the GDPR, the data subject has the right to request the controller to have his or her personal data deleted as follows: 1. The data subject has the right to request the controller to delete his or her personal data delete the relevant personal data without undue delay if one of the following reasons exists: (a) the personal data are no longer required for the purpose for which they were collected or otherwise processed; (b) the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing; (c) the data subject objects to the data processing in the public interest, in the exercise of a public authority or in the legitimate interest of the controller (third party) and there is no overriding legitimate reason for the data processing or the data subject objects to the data processing for direct business acquisition; (d) personal data have been processed unlawfully; e) personal data must be deleted in order to fulfill a legal obligation provided for in the applicable EU or Member State law (Hungarian law); (f) personal data have been collected in connection with the provision of information society services. 2. Where the controller has disclosed personal data and is required to delete it pursuant to paragraph 1, it shall take reasonable steps, including technical measures, to inform the controllers, taking into account the technology available and the cost of implementation. that the data subject has requested the deletion of links to the personal data in question or of a copy or duplicate of such personal data. (3) The right of the data subject to be deleted may be restricted only if the following exceptions are provided for in the GDPR, ie further retention of personal data is considered lawful for the above reasons: a) if the exercise of the right to freedom of expression and information ) if compliance with a legal obligation, or c) if the performance of a task carried out in the public interest, or d) if due to the exercise of public authority over the controller, or e) if in the public health field, and for historical research or statistical purposes, or (h) necessary for the submission, enforcement or defense of legal claims. Pursuant to Article 18 of the GDPR, the data subject has the right to request the Data Controller to restrict the processing of personal data concerning him or her as follows: (1) The data subject has the right to the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the data and instead requests that their use be restricted; c) the Data Controller no longer needs the personal data for the purpose of data processing, but the data subject requests them in order to submit, enforce or protect legal claims; or (d) the data subject objects to the processing in the public interest, in the exercise of official authority or in the legitimate interest of the controller (third party); in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Data Controller take precedence over the legitimate reasons of the data subject. 2. Where the processing is subject to a restriction pursuant to the above, such personal data shall be removed, except for storage, only with the consent of the data subject or for the purpose of claiming, enforcing or protecting legal claims or protecting the rights of another natural or legal person. important public interest of the Member State. 

(3) The Data Controller shall, at the request of the data subject at whose request the data processing has been restricted pursuant to subsection (1), inform him or her in advance of the lifting of the data processing restriction. Pursuant to Article 21 of the GDPR, the data subject has the right to object to the processing of his or her personal data concerning him or her as follows: (third party), including profiling based on it. In this case, the Data Controller may not further process the personal data, unless the Data Controller demonstrates that the data processing is justified by compelling legitimate reasons which take precedence over the interests, rights and freedoms of the data subject or which are necessary to bring, enforce or protect legal claims. are related. 2. Where personal data are processed for the purpose of direct business acquisition, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for that purpose, including profiling, in so far as it relates to direct business acquisition. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose. 3. The right of objection shall be expressly brought to the attention of the data subject at the latest at the time of his or her first contact and information relating thereto shall be displayed clearly and separately from any other information. 4. By way of derogation from Directive 2002/58 / EC, the data subject may also exercise the right to object by automated means based on technical specifications in relation to the use of information society services. 5. Where personal data are processed for scientific and historical research or statistical purposes, the data subject shall have the right to object to the processing of personal data concerning him or her on grounds relating to his or her situation, unless the processing is carried out for reasons of public interest. need. Pursuant to Article 20 of the GDPR, the data subject is entitled to the portability of personal data concerning him or her as follows: and shall have the right to transfer such data to another controller without being prevented from doing so by the controller to whom the personal data have been made available, if: data management is automated. 2. In exercising the right to data portability, the data subject shall have the right, if technically feasible, to request the direct transfer of personal data between controllers. 3. The exercise of the right to data portability shall not infringe the right to erasure. The right to carry data shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. (4) The right to data portability must not adversely affect the rights and freedoms of others. Pursuant to Article 7 (3) of the GDPR, the data subject has the right to withdraw his or her consent to the processing of his or her personal data at any time as follows: The data subject has the right to withdraw his or her consent at any time. Withdrawal of consent shall not affect the lawfulness of the data processing prior to withdrawal. You have the right to withdraw your consent as easily as you give it. The right of the data subject to appeal to a court, a complaint to a supervisory authority In the event of an unlawful data processing experienced by the data subject, he or she may initiate a civil lawsuit against the Data Controller. The court has jurisdiction to hear the case. The lawsuit may, at the option of the person concerned, be brought before the court of his or her place of residence (see the list and contact details of the courts at the following link: http://birosag.hu/torvenyszekek Without prejudice to other administrative or judicial remedies, all parties concerned are entitled to to lodge a complaint with a supervisory authority, in particular in the Member State in which he or she has his or her habitual residence, place of employment or alleged breach, if the data subject considers that the processing of personal data concerning him or her is in breach of the GDPR. address: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c postal address: 1530 Budapest, Pf .: 5 e-mail: ugyfelszolgalat@naih.hu telephone: +36 (1) 391-1400 fax .: +36 (1) 391-1410 website: www.naih.hu

bottom of page