BME ITS Non-profit Plc (hereunder: Supplier) in the course of operating the website www.bmeits.hu (hereunder: Website) manages the data of the visitors of the Website and the registered users using the Website and its services (hereunder: collectively Data Subject).
In relation to the managing of data the Supplier hereby notifies Data Subjects on the personal data managed by Supplier on the Website, on Supplier’s principles and practice regarding personal data management, furthermore on the modes and possibilities of practising the Data Subjects’ rights.
By using the Website and in the case of shopping, by ticking the separate checkbox Data Subject accepts the content of the Information on Data Management, and approves of the data managements defined as follows.
- Data Subject: a natural person who has been identified by reference to specific personal data, or who can be identified, directly or indirectly;
- Personal Data: any information relating to the data subject, in particular by reference to his name, an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity, and any reference drawn from such information pertaining to the data subject;
- The data subject’s consent: means any freely and expressly given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed without limitation or with regard to specific operations;
- the data subject’s objection: means an indication of his wishes by which the data subject objects to the processing of his personal data and requests that the processing of data relating to him be terminated and/or the processed data be deleted;
- Data Manager: the natural or legal person, or unincorporated body which alone or jointly with others determines the purposes of the processing of data, makes decisions regarding data processing (including the means) and implements such decisions itself or engages a data processor to execute them;
- Management of data: any operation or set of operations that is performed upon data, whether or not by automatic means, such as in particular collection, recording, organization, storage, adaptation or alteration, use, retrieval, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction, and blocking them from further use, photographing, sound and video recording, and the recording of physical attributes for identification purposes (such as fingerprints and palm prints, DNA samples and retinal images);
- data processing: the technical operations involved in data control, irrespective of the method and instruments employed for such operations and the venue where it takes place, provided that such technical operations are carried out on the data;
- Data processor: a natural or legal person or unincorporated organization that is engaged under contract in the processing of personal data, including when the contract is concluded by virtue of law;
- disclosure by transmission: making data available to a specific third party;
- public disclosure: making data available to the general public;
- erasure of data: the destruction or elimination of data sufficient to make them irretrievable;
- blocking of data: the marking of stored data with the aim of limiting their processing in future permanently or for a predetermined period;
- destruction of data: the complete physical destruction of the medium containing data;
- third party: any natural or legal person or unincorporated organization other than the data subject, the controller or the processor.
2. THE PURPOSE OF DATA MANAGEMENT
Supplier shall control and store data provided by Data Subject under the principle of target-specific data processing and for the sole purposes of providing service available on the Website, managing contacts and identifying the user.
The purpose of the automatically recorded data is making statistics and making technical improvements on the IT system.
Supplier shall and may not use the given data for purposes other than the ones set above. Handing data over to third persons and authorities–unless a legally binding law provides otherwise–may occur with the prior express consent of Data Subject.
In any cases when Supplier intends to use the data provided for a purpose other than the original, he shall notify Data Subject and acquires his/her express consent or provides an opportunity to prohibit such use.
3. LEGAL GROUND OF DATA MANAGEMENT
Processing of data shall be governed by Hungarian law, based on, in particular, section 5, paragraph 1, subsection a) of Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (hereinafter referred as: DPA), and on Act CVIII of 2001 on Electronic Commerce and on Information Society Services.
Supplier does not verify the personal data given to him. Data Subject, as a contracting party, shall have sole responsibility for the suitability of given data. By providing his/her email address, it shall be Data Subject’s responsibility that he/she alone uses the services via the provided e-mail address. Due to this responsibility, any liability in connection with any purchase or communication via the provided email address shall rest with the Data Subject who provided his/her email address.
4. DENOMINATION OF SUPPLIER AS DATA MANAGER
Name of registering Court:
Community VAT registration number:
Financial institution managing account:
Data Management registration number:
5. DURATION OF DATA MANAGEMENT
5.1. Registration data
Processing of personal data provided compulsively in the course of registration shall end with Data Subject’s request via email or mail for deletion of registration. In such case the time limit for the deletion shall be no longer than 5 working days following receipt of the request.
5.2. Technical data
The system stores log information for 10 years calculated from the date of logging, except for the date of the last visit which shall be automatically overwritten by the system.
6. SCOPE OF PERSONAL DATA MANAGEMENT
6.1. Required data for registration
During the registration necessary for shopping on the Website, Data Subject is required to provide the following data:
- Surname (company name),
- Given name (legal form, e.g. Ltd., Limited partnership),
- legal registration number,
- PIN code,
- street name and number,
- e-mail address,
- phone number.
6.2. Technical data
The data of Data Subject’s computer used to login shall be considered as technical, which are generated by visiting the Website and which are automatically registered by Controller’s system in the course of the technical processes. These are, in particular, the date and time of the visit, IP address and web browser type of Data Subject’s computer, the address of the viewed and last visited website.
The system stores automatically recorded information without Data Subject’s separate declaration or action, when (s)he visits or leaves the Website. Such data shall not be connected to other personal user data, unless set forth by law. Only Supplier shall access the data.
Supplier may collect data on the activity of Data Subject, which may be linked neither with other data provided by Data Subject during registration nor data created through accessing other websites or services.
The html code of the Website www.bmeits.hu may contain hyperlinks coming from or pointing to an external server, which are independent from Supplier. The service providers of such hyperlinks may collect user data as a reason of directly connecting to their servers.
External servers help the independent measuring and auditing of the Website’s visitor information and other web analytics (Google Analytics). Controllers shall be able to give detailed information to Data Subject on the processing of data.
Contact information: www.google.com/analytics/
For the purpose of giving a personalized service, Supplier shall place a small data package called ’cookie’ on Data Subject’s computer. In case the browser returns a stored cookie, the service provider managing the cookie may connect data saved during Data Subject’s current visit to the Website with previously saved data, but exclusively in respect of his own content.
The ’Help’ function found in most browsers’ menu bar shall give information about Data Subject’s options regarding
- banning cookies,
- accepting new cookies,
- directing his/her browser to set a new cookie or
- turning off other cookies.
In case Data Subject may wish Google Analytics to stop measuring the above mentioned data in the described way and for the described purpose, (s)he shall install the relevant blocking add-on.
7. THE SCOPE OF THE PERSONS GETTING TO KNOW THE DATA, DATA DTRANSER? DATA PROCESSING
It is the Supplier and his colleagues who shall primarily have the right to information regarding data, who shall neither disclose nor transmit them to third parties.
The Supplier uses the services of the following web hosting service provider: ________________ (address).
Beyond the above, transmission of personal data related to Data Subject is possible exclusively in cases set forth by law, or with the consent of Data Subject.
8. USER RIGHTS AND ENFORCEMENT OPTIONS
8.1. Right to information
Data Subject may request information about personal data processed by Supplier concerning him/her.
Based on a request by Data Subject, Supplier shall inform Data Subject about the data processed by Supplier related to Data Subject, the purpose, legal basis and period of data processing, furthermore, to whom and for what purpose Supplier provides or has provided Data Subject’s data. Supplier must comply with the request for information in writing, within no more than 30 days from the submission of the request.
Data Subject shall contact the Supplier’s colleague concerning any question or comment in relation to data management. Contact information: .....................
8.2. Data Subject may request the erasure, rectification or blocking of his personal data
Data Subject may at any time require the deletion or alteration of his/her data recorded incorrectly the following contact option: ....................... . Supplier shall delete data within no more than 5 working days from the receipt of the request, and in such a case, no restoration of the data will be possible. Deletion does not include data processing prescribed by law (e.g. accountancy laws), which are preserved by Supplier for the prescribed period.
Data Subject shall request the blocking of his/her data. Personal data shall be blocked instead of erased if so requested by the Data Subject, or if there are reasonable grounds to believe that erasure could affect the legitimate interests of the Data Subject. Blocked data shall be processed only for the purpose which prevented their erasure.
When a data is rectified, blocked or erased, the Data Subject to whom it pertains and all recipients to whom it was transmitted for processing shall be notified. Notification is not required if it does not violate the rightful interest of the Data Subject in light of the purpose of processing.
If the data controller refuses to comply with Data Subject’s request for rectification, blocking or erasure, he shall communicate the factual or legal reasons on which the decision for refusing the request for rectification, blocking or erasure is based in writing, within 30 days of receipt of the request.
8.3. The data subject holds the right to object to the processing of data relating to him/her
Data Subject shall have the right to object to the processing of data relating to him. In the event of objection, Supplier shall investigate the cause of objection within the shortest possible time inside a fifteen-day time period, adopt a decision as to its soundness and shall notify the data subject in writing of his decision.
Data Subject may exercise his/her rights through the following contact details:
8.4. Due to the Hungarian laws (Act CXII of 2011 and Act V of 2013 on the Civil Code) Data Subject shall
1. lodge a complaint with the National Authority for Data Protection and Freedom of Information (22/c Szilágyi Erzsébet fasor Budapest 1125; www.naih.hu) or
2. seek judicial remedy.
Supplier may claim damages in case Data Subject provided third party’s data in the course of making a purchase, or caused damages in any manner during the usage of the Website. In such cases, Controller provides all cooperation and support to establish the identity of the wrongdoer.
9. USING E-MAIL ADDRESSES
The Supplier pays particular attention to the legality of managed electronic addresses, therefore the Supplier shall use them only in the following ways (information or advertisement) to send e-mails.
E-mail addresses are managed primarily to keep contact throughout the identification of the User, completing orders and requesting services.
10. DATA SECURITY
Supplier shall take all steps necessary to guarantee the security of data, and further takes all technical measures to protect the registered, stored and controlled data and to prevent their destruction, unauthorized use and unauthorized alteration. He also commits himself to take all steps to inform all third parties to whom he may disclose or transmit data of their relevant obligations.
11. OTHER PROVISIONS
Supplier reserves the right to modify the present Regulation with prior notification of Users through the internal mailing system. The modification comes into effect on the 30th day following the notification. After the enforcement of the modification, Data Subject accepts and approves of the content of the modified version through implicit conduct.