Privacy Policy
data management information of architive.hu
This data management information sheet has been prepared on the basis of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of Directive 95/46/EC („GDPR”)
1 INTRODUCTION
1.1 The purpose of this Notice is for those affected, whose personal data Architive is managed by Concept Kft. („Data Controller”), inform you about the provisions of Article 13 (1) of the GDPR and about the management of personal data and their rights based on this paragraph.
1.2 In the course of its activities, the data controller shall process personal data in accordance with the current legal provisions, in particular the GDPR, the legislation issued for its implementation, CXII of 2011 on the right to informational self-determination and freedom of information. Act (“ Infotv .”), Act V of 2013 on the Civil Code (“ Ptk ”), Act C of 2000 on Accounting).
2 NAME AND CONTACT INFORMATION OF THE DATA CONTROLLER AND ITS REPRESENTATIVE
Primary data controller | |
Name: | Architive Concept Kft. |
headquarters: | 1143 Budapest, Zászlós utca 29-31 |
tax number: | 26571793-2-42 |
|
|
e-mail address: | info.architive [at]gmail.com |
website address: | www.architive.hu |
phone number: | +3630/513-2978 |
name of representative: | Duke Attila |
representative contact details: | herczeg.attila [at]architive.hu |
3 NAME AND CONTACT INFORMATION OF THE DATA PROTECTION OFFICER
Data Protection Officer | |
Name: | Duke Attila |
postal contact: | 1143 Budapest, Zászlós utca 29-31 |
phone number: | +3630/513-2978 |
e-mail address: | herczeg.attila [at]architive.hu |
4 PURPOSE OF DATA PROCESSING AND LEGAL BASIS OF DATA PROCESSING FOR NATURAL PERSONS
4.1 Purposes of data processing:
– the purpose of processing the data provided on the website is to identify the given person, to distinguish him from persons of the same name, to ensure contact with him – to exercise rights and fulfill obligations based on the concluded contracts, to monitor the fulfillment of contracts, based on the contracts enforcement of arising claims,
– in case of breach of contract, collection of claims and accounts receivable ;
– ensuring efficient customer service (creating statistical reports and analyses, for this purpose),
4.2 The legal basis for the processing of personal data:
– Article 6, point b) of the GDPR during the entire period from the acceptance of the Data Controller’s offer to the conclusion of the contract (data processing necessary to fulfill the contract), – Article 6, point c) of the GDPR in all cases where the the processing of data is required by law for the Data Controller anyway (fulfilment of legal obligations); – point a) of Article 6 of the GDPR, i.e. the consent of the data subject for the invitation to offer (in the case of ordering a service), as well as data transfers for market research, direct business acquisition and marketing purposes and inquiries; The provision of personal data is based either on the consent of the data subject or on legal regulations or contractual obligations. Handing over the data to the Data Controller is a condition for entering into a contract, refusal to hand over the data may lead to a refusal to enter into a contract . In order to use the Data Controller’s services (and in this way to fulfill the data controller’s obligations), the data subject is obliged to provide his personal data.
5 PURPOSE OF DATA MANAGEMENT AND LEGAL BASIS OF DATA MANAGEMENT IN THE CASE OF BUSINESS ORGANIZATIONS/LEGAL ENTITIES
In the case of business organization/legal entity clients, the Data Controller manages the data of natural persons representing the client or of natural persons in a legal relationship with the client (e.g. employment relationship) to ensure the availability of the contracting party and for the purpose of maintaining contact, within this scope the data is recorded, stored, used and, if necessary, deleted .
In the event that, on the basis of the contract concluded with the Data Controller, the business organization/legal entity represents the client by a natural person (both within legal or transactional representation), it processes the data of these natural persons for the purpose of maintaining contact, and records, stores, uses and, if necessary, deletes the data .The provision of personal data is based on legal regulations and contractual obligations, the transfer of data to the Data Controller is a condition for entering into a contract, refusal to transfer data may lead to a refusal to enter into a contract . In order to use the Data Controller’s services, the data subject must provide the requested personal data.
6 ADDRESSES AND CATEGORIES OF DATA
6.1 During the enforcement of claims arising from the contract
– in order to collect claims, the Data Controller may also use the services of external legal service providers (lawyers’ offices, notaries’ offices), and may sell or assign the claim to another, third party. 6.2 After the conclusion of the contract, the Data Controller’s accounting services from …. , as a Data Processor.
6.3 In the course of performing its activities, the Data Controller uses hosting services
from Magyar Hosting Kft. , as an independent Data Controller . 6.4 The recipients of the data may be the organizations, business associations, enterprises , natural persons with which the Data Controller has entered into a cooperation agreement.
The list of recipients of the data, i.e. current data processors and joint data controllers, can be found in this data management information sheet available on the Data Controller’s website at www.architive.hu. The Data Controller may also forward the data to authorities (e.g. local government, police, consumer protection authority, tax authority, etc.), for courts and prosecutors’ offices.
7 DATA SECURITY MEASURES
Paper-based documents are stored in a safe place closed to customer traffic, documents are stored in filing cabinets. Only authorized persons can access the documents. Paper-based documents are also stored in electronic form for safe keeping on the Data Controller’s own, offline server.
The electronically stored data and documents can only be accessed by authorized persons involved in the development and customer management of the Data Controller in order to fulfill their job duties.
The Data Controller has developed the detailed, internal data security measures in internal regulations. In addition, the Data Controller ensures an adequate level of data protection through the provisions stipulated in its contracts with other data controllers or data processors and their enforcement.
8 DATA TRANSFER OUTSIDE THE EUROPEAN UNION / EUROPEAN ECONOMIC AREA OR TO AN INTERNATIONAL ORGANIZATION
The Data Controller does not transfer data outside the European Union / European Economic Area or to an international organization.
9 PERIOD OF DATA MANAGEMENT
As a general rule, the data is processed only for the period of time that is absolutely necessary for the realization of the data management purpose, provided that
– in the case of data management necessary for the performance of a contract, the duration of the data management lasts until the termination of the contract, until the enforcement of related claims, or until the termination of enforceability. As a result of legal requirements (e.g. the provisions of Act C of 2000 on Accounting), the law defines a longer time limit (8 years) for the retention of data; – in the case of data management related to the fulfillment of a legal obligation , the duration of data management can be determined in accordance with the deadlines prescribed in the legislation defining the legal obligation ;
– in the case of data management based on the consent of the data subject, the data management is terminated even before the goal has been achieved, if the data subject has withdrawn his consent
. After the expiry of the periods specified above, the Data Controller deletes the Personal Data, with the anonymization of the data being considered as deletion , i.e. that they will no longer be they cannot be identified and linked to the affected person(s).
In the event that the data subject does not accept the Data Controller’s offer during the conclusion of the contract, the Data Controller shall regard it as a withdrawal of consent in relation to the personal data (e-mail address, telephone number, name) managed with his consent, and the provided personal data shall be deleted from his records without delay.
10 CONCERNED RIGHTS
10.1 Right to access and information
At the request of the data subject, the Data Controller provides information on whether their data is being processed. If so, in addition to providing access, the Data Controller informs the data subject about the categories of data processed, the purpose of data management, the recipients of data management or the category of recipients, the duration of data storage or the aspects of determining the duration, the exercise of the rights of the data subject, the National Data Protection and Complaint to the Freedom of Information Authority (NAIH) about the right to report, the source of the data, and the fact of automated decision-making, including profiling. In case of data transmission outside the European Union or the European Economic Area, the data subject will also be informed of the appropriate guarantees provided in connection with the data transmission. 10.2 Right to rectification The data subject has the right to request the correction of their data from the Data Controller in case of inaccuracies. If it is necessary to correct the Personal Data managed by the Data Controller, the data subject may request the correction of the data in writing (by post or e-mail) indicating the correct data. The data subject is obliged to notify the Data Controller in writing (post by road or e-mail) immediately, but at the latest within 5 days after the change. The defaulting data subject shall be liable for any damage caused to the Data Controller due to the failure or delayed performance of this notification. 10.3 Right to erasure If the reasons set out in Article 17 of the GDPR exist, the data subject may request that the Data Controller delete the personal data relating to him without undue delay, and the Data Controller is obliged to fulfill the request. In the event that the Data Controller has made the personal data public, i.e. forwarded it to third parties, in the event of exercising the data subject’s right to deletion, the Data Controller will take the reasonably expected steps to inform the additional data controllers to whom the personal data is data, that the data subject requested from them the deletion of the links to the personal data in question or the copy or duplicate of this personal data.
10.4 The right to restrict data processing The data subject has the right to request that the Data Controller restrict data processing if – the data subject disputes the accuracy of the personal data;
– data management is illegal;
– the data controllers no longer need the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims; – the data subject objected to the data processing. 10.5 Right to data portability The data subject has the right to have the Data Controller you will receive the personal data provided to you in a segmented, widely used, machine-readable format, and you are also entitled to transfer this data to another data controller without the Data Controller hindering this, if: – the data processing is based on consent; and – the data is processed in an automated manner. 10.6 Right to object The data subject may object to the processing of his personal data for the purpose of direct business acquisition. In this case, personal data may no longer be processed for this purpose. In connection with the exercise of the rights listed above, the data subject is entitled to contact the Data Controller at the contact details indicated in this information. only with the consent of the data subject, the data subject may withdraw the consent, but this does not affect the legality of the data processing carried out on the basis of the consent before the withdrawal.
11 DATA PROCESSING FOR DIFFERENT PURPOSES
If the data controller wishes to carry out further data processing of personal data for a purpose other than the purpose of their collection, prior to further data processing, the data subject must inform the data subject of this different purpose and of all relevant additional information mentioned in Article 13 (2) of the GDPR.
RULES REGARDING COOKIES MANAGED ON THE WWW.ARCHITIVE.HU WEBSITE
You can access our separate cookie policy at the following link: COOKIE POLICY
13 THE RIGHT TO REFER TO THE DATA PROTECTION SUPERVISORY AUTHORITY, COURT
The affected parties have the option of legal redress and complaints related to data management at the National Data Protection and Freedom of Information Authority (NAIH), which can be reached at any of the following contact details:
Name: National Data Protection and Information Freedom Authority Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22/C. Mailing address: 1530 Budapest , Pf.: 5.Telephone: 06.1.391.1400Fax: 06.1.391.1410E-mail: ugyfelszolgalat@naih.huWebsite: http://www.naih.hu In addition to what is written above, to apply to the court in connection with the alleged unlawful handling of the data of the entitled person, and if suffered financial or non-financial damage in connection with the treatment of the alleged infringer, assert a claim for compensation against the Data Controller (in the case of joint data management, the data controllers).
Scope of managed data
Managed data | Purpose of data management | Legal basis for data management | Retention time | ||
the family and first name of the person concerned | identification of the data subject monitoring the performance of contracts, enforcing claims arising from contracts in case of breach of contract, collection of receivables and payables | necessary for the performance of the contract necessary to fulfill a legal obligation consent of the affected person | 8 years based on the provisions of the Accounting Act | ||
residence of the person concerned | identification of the data subject monitoring the performance of contracts, enforcing claims arising from contracts in case of breach of contract, collection of receivables and payables | necessary for the performance of the contract | 8 years based on the provisions of the Accounting Act | ||
natural personal identification data of the person concerned (place of birth, time, mother’s name) | identification of the data subject monitoring the performance of contracts, enforcing claims arising from contracts in case of breach of contract, collection of receivables and payables | necessary for the performance of the contract | until the performance of the contract or the final deadline for asserting claims | ||
the e-mail address of the person concerned | contact | consent of the data subject | until the performance of the contract or the withdrawal of the data subject’s consent | ||
the telephone number of the person concerned | contact | consent of the data subject | until the performance of the contract or the withdrawal of the data subject’s consent | ||