This Privacy Notice sets forth the terms and conditions related to the data processing activities carried out by Arvali Kft. (2724 Újlengyel, Petőfi Sándor u. 48.) (hereinafter referred to as the “Provider”), related to the Websites operated by the Provider, specified below, and relating to the following specific areas:
- periodically produced professional materials
- various professional publications available for download from the Websites
- business contact requests made
The Provider, acting as a Data Controller, hereby agrees to be bound by the contents herein. The Provider hereby undertakes to ensure that all data processing activities carried out in relation to its business activities pursued are fully compliant with the requirements stipulated herein, and by the governing laws.
The purpose of this Privacy Notice is to ensure for all Users (hereinafter referred to as the “Users”), for the purposes of sending periodical professional materials, and making various professional publications available for download via the Websites, and to make business contacts, to be able to exercise their rights and essential freedoms, with particular regard to their right to privacy, during the course of an automated processing of their personal data (hereinafter referred to as “data protection”).
The Provider fully respects the Users’ personal rights. The Provider is obliged to process the Users’ personal data recorded in a fully confidential nature, in full alignment with the applicable data protection laws and international guidelines, and the provisions herein.
When subscribing to any of the professional materials and/or professional publications made available via the Websites, and/or making a business contact, Users automatically accept the following terms and conditions, and provide their consent to the data processing activities specified below being carried out by the Provider.
- Data Subject (User):
any natural person identified or identifiable – either directly or indirectly – based on any Personal Data.
- Personal Data:
any information relating to the Data Subject – in particular name, an identification number, or one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of the Data Subject – and any conclusion that can be drawn in relation to the Data Subject based on the same.
- Special Personal Data:
o Personal Data revealing racial or ethnic origin, political opinions or affiliations, religious or philosophical beliefs, trade union membership, or sexual orientation
o Personal Data concerning health, pathological addictions, or criminal records.
- The Data Subject’s Consent:
any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes, by which he/she, by a clear affirmative action, signifies agreement to the – full scale or limited to certain specific data processing operations – processing of Personal Data relating to him/her.
- The Data Subject’s Objection
a declaration made by the Data Subject, objecting to the processing of his/her personal data, and requesting the termination of data processing, or a deletion of the data processed.
- Data Controller:
the natural or legal person, or any other organisation without legal personality, which, alone or jointly with others, determines the purposes of the data processing activities, makes the decisions related to the data processing operations (including the tools used) and implements the same, or procures a Data Processor to implement the same.
- Data Processing:
any operation, or set of operations, which is performed on the data, regardless of the exact method used, such as the collection, recording, organisation, structuring, storage, alteration, use, retrieval, transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and the prevention of any further use of the data, the making of photos, sound recordings or pictures, or the recording of any physical characteristics suitable to identify a given person (e.g. fingerprints, palm prints, DNA sample, iris scan).
- Data Process:
performing technical tasks in connection with data processing operations, irrespective of the method and means used for executing the operations, or the place of execution, provided that the technical task is performed on the data.
- Data Processor:
any natural or legal person, or organisation without legal personality, processing the data on the grounds of a contract with the Data Controller, including contracts concluded pursuant to legislative provisions.
- Data Transfer:
ensuring access to the data for a specific third party.
ensuring open access to the data.
- Data Deletion:
making personal data unrecognisable in a way that it can never again be restored.
- Blocking of Data:
marking the data with a special ID tag, to indefinitely or definitely restrict its further processing.
- Data Destruction:
complete physical destruction of the data carrier recording the data.
- Third Person:
any natural or legal person, or organisation without legal personality other than the Data Subject, the Data Controller, or the Data Processor.
- Business Advertising:
any communication, information or method of representation, the aim of which is to promote the sale or use in any other way of movable property that is tradeable – including money, securities, financial instruments, and natural resources that can be utilized in the same way as things – (hereinafter collectively referred to as the “Product”) or of services, immovable property and acquired rights (hereinafter collectively referred to as the “Goods”), or the aim of which is, in connection with the objective mentioned above, to popularize the name, designation or activity of an undertaking, or to make any goods or designations of goods more widely known (hereinafter referred to as “Advertising”).
- THE DATA CONTROLLER’S DATA
2724 Újlengyel, Petőfi Sándor u. 48.
Mandatory data processing registration No.:
The above specified e-mail address is only provided for the purposes of receiving queries and complaints related to the Provider’s data processing activities carried out, and this Privacy Notice.
- THE PURPOSE OF THE DATA PROCESSING ACTIVITIES
All data supplied by the Users shall be processed by the Provider strictly tied to a specific purpose, and solely for the purposes of sending various professional publications, or making them available for download via the Websites, or making a business approach, or sending other, marketing purpose advertisements to the Users, in a segregated system, tied to the specific purpose.
- DATA PROCESSING ACTIVITIES PURSUED FOR OTHER PURPOSES
The Users are hereby informed on the fact that the courts, the public attorney’s office, the law enforcement agencies, or the agencies investigating other non-compliance, may contact the Provider and request that the Provider discloses or transfers information, or the Users’ personal data, or any related documents to them.
The Provider will comply with all such lawful requests made (provided that the official authority has specified the exact purpose and the scope of data to be supplied), but will solely disclose personal data to the extent absolutely necessary in order to implement the original objectives of the given official authority request made.
- THE LEGAL BASIS OF THE DATA PROCESSING ACTIVITIES
The Provider’s data processing activities are carried out based on the Users’ voluntary consent given, pursuant to section 5(1) of Act CXII of 2011 on the Right of informational self-determination and the freedom of information (hereinafter referred as the “Infotv.”’), and pursuant to the provisions of Act CVIII of 2001 on Certain issues of electronic commerce services and information society services. The User’s consent to the various types of data processing activities is provided when the User voluntarily subscribes to the Newsletter.
- DURATION OF THE DATA PROCESSING ACTIVITIES
The processing of the personal data will start when the User subscribes to the professional publications, or to publications that can be downloaded from the Websites, or for a business contact to be made, via the online platform provided for such purposes, and shall end when the User unsubscribes from the same. Users shall be entitled to request a deletion or modification of their data any time, via any form of electronic communication, by using the unsubscribe menu item provided in the footnotes. Once such request is received, the Provider shall erase the User’s personal data with a permanent effect from its system, in a form ensuring that it can no longer be restored.
The deadline for the erasure of data shall be 3 business days upon the request for data erasure was received by the Provider.
THE SCOPE OF PERSONAL DATA PROCESSED
Subscription to the professional publications:
Downloading professional publications:
When can the Provider call you back:
- THE SCOPE OF PERSONS AUTHORISED TO GET ACCESS TO THE DATA
The persons authorised to get access to the data shall be the Provider, and the Provider’s internal staff members, whom shall not publish the data, or disclose the data to any third parties, and whom shall be authorised to solely use the data for the specific purposes defined herein.
The Provider shall be entitled to involve a third party Data Processor (such as a system administrator) for the purposes of operating the underlying IT system.
Data processing activities
The Data Controller transfers the Users’ personal data to the following third parties:
Data Processor’s name:
The Provider selects its business partners after due consideration made, and the selected Data Processors shall be obliged to treat all confidential data obtained during the course of performing their duties, and rendering their services, in full compliance with the applicable laws, and the Provider’s data protection standards.
- DATA SECURITY
The Provider shall take all necessary steps to ensure the safety of the personal data supplied by the Users when subscribing to the Newsletters, during the course of storing and safeguarding the data.
The Provider provides strictly restricted access to the personal data, in order to avoid any unauthorised access, or any unauthorised modification or use of the personal data.
The Provider’s IT system and network is adequately protected from any fraud, spying, sabotage, or vandalism potentially occurring during the use of the IT systems, or from any fire or flood, or any computer viruses, or computer system hacker activity.
The Provider shall be obliged to provide adequate protection during the data processing activities carried out, in the following areas:
- secrecy: the Provider shall protect the personal data, by enabling access to the same only for duly authorised persons
- data integrity: the Provider shall protect the integrity of the data, as well as the precise nature of the data processing methodology used.
- THE USERS’ RIGHTS AND LEGAL REMEDY AVAILABLE
Right to receive information
Users shall have the right to request information from the Provider, with regards to their personal data being processed by the Provider.
Upon the Users’ request, the Provider shall supply information to the Users regarding the specific data processed about them, the exact purposes, the legal basis, and duration of the data processing activities carried out, as well as the list of persons having received or receiving the data in the future, and for what exact purposes. The Provider shall send a written reply to the User, within 30 days upon the receipt of such information request.
If the Users have any query or comments, with regards to the data processing activities carried out by the Provider, the Users may contact the Provider’s delegated staff member, at any of the contact details provided below.
Users shall be entitled to request the Provider to rectify or erase any of their data incorrectly recorded. The Provider shall be obliged to erase the data within 3 business days upon the receipt of such request, ensuring that the data cannot be restored.
Further, Users shall also be entitled to request the Provider to block their data. When requested so by the User, the Provider shall be obliged to block the personal data, or when it can be assumed based on the information available that an erasure of the data would violate the User’s lawful interests. The personal data blocked this way can only be processed by the Provider for the duration of the specific data processing activities, which previously prevented the data being erased, remaining valid.
The Provider shall be obliged to notify the User, and all other persons, to whom the data was previously transferred, for the purposes of data processing activities to be carried out, about the rectification, blocking or erasure of the data. No such notification shall be sent, if this does not violate the Users’ lawful interests, given the specific purpose of the data processing activities carried out.
If the Provider fails to comply with its obligation to fulfil the User’s request submitted for the rectification, blocking or erasure of the data, the Provider shall notify the User within 30 days upon receipt of such request about the underlying factual and legal reasons for refusing to comply with the rectification, blocking or erasure request made.
Users shall be entitled to object the processing of their personal data in the following cases:
- when the processing (transfer) of their personal data is solely requested to enforce the Data Controller’s or the data recipient’s rights or lawful interests, except when the data processing activities are mandatory by the law
- when the personal data is used or transferred for the purposes of direct marketing, market research, or scientific research activities
- when such right of objection can be exercised for any other reason, by the law.
The Provider shall be obliged to investigate any such request submitted including an objection within the shortest possible timeframe, or within 15 days, and shall make a decision on whether the request was justified, and shall be obliged to inform the User submitting the request accordingly, in writing.
The Data Subjects shall be entitled to exercise any of their rights via the following contact details:
Name: Arvali Kft.
Email address: firstname.lastname@example.org
- Legal remedy available
Pursuant to the Infotv. and the Civil Code, if the User disagrees with any of the Provider’s decision made on any request submitted, or if the User wishes to file a complaint with regards to the processing of his/her data, the Users shall have the right:
to contact the National Authority for Data Protection and the Freedom of Information (1125 Budapest, Szilágyi Erzsébet fasor 22/c.; www.naih.hu ), or
to file for litigation, to enforce their rights.
The Provider enables the Users to subscribe to the professional publications provided, or to download professional materials from the Websites, or to make a business contact, via the contact form provided for such purposes. Any electronic communication sent by Arvali Kft. may include direct marketing elements or advertising. When using the Provider’s professional publications and materials, the Provider processes the Users’ data supplied. Users shall be entitled to unsubscribe from receiving the professional publications any time, free-of-charge, without stating cause, and without any limitations applied. Such unsubscription can be made via normal mail, e-mail, or by clicking the “Unsubscribe” link at the bottom of the e-mails received. In such case, the Provider shall delete all of the User’s personal data from its registration system (which was previously required for sending the Newsletters), and shall not contact the User in the future with any further letters or offers.
The Provider retains the right to unilaterally amend this Privacy Notice any time, by notifying the Users beforehand. Once the changes made become effective, the Users shall be deemed to have automatically and implicitly accepted the contents of the amended Privacy Notice, by using the Provider’s services.