The purpose of the data management information is to present the data protection and data management principles applied by CERES Kft. (hereinafter: Data Controller) and the data protection and data management policy of the Data Controller, which the Data Controller recognizes as binding on itself. When developing these rules, the Data Controller took particular account of Regulation (Eu) 2016/679 of the European Parliament and of the Council (hereinafter: Regulation) and the relevant resolutions of the EU "Working Group 29", as well as related and legal harmonization laws of the Member States, regulations and recommendations.
The Data Controller is committed to protecting the personal data of its customers and partners, treats their personal data confidentially and takes all data security, data protection, technical and organizational measures that result in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data. .
II. DATA CONTROLLER
Name of the data controller: CERES Kft.
Headquarters: 8600 Siófok, Fő tér 10/B., A. lph. 1st em. 2nd door
It carries out its data management activities on the basis of Regulation (Eu) 2016/679 of the European Parliament and of the Council (GDPR - General Data Protection Regulation), taking into account the resolutions of working group 29.
III. THE HANDLED DATA:
During a visit to the portal, the Data Subject's network identity is recorded on the server: the software environment used by the Data Subject, as well as the time of the visit and the address of the pages viewed. We store this data in electronic format on our server, after a certain time only in aggregated form.
During his visit, you can receive a cookie file from our website. Accepting cookies is not mandatory (you can disable them in your browser), but some of our services can only be used by accepting them.
The Data Controller does not operate a newsletter service. You can establish contact with our company via the Contact Us menu item. When initiating electronic contact, if you contact us and send us documents in electronic format, these may optionally include your personal data.
IV. PURPOSE OF DATA MANAGEMENT:
The data automatically recorded by the server is temporarily stored for the purpose of measuring website traffic. During the personal contact, we use the data that comes to our attention to maintain contact, as well as in the performance of our duties defined by law.V. LEGAL BASIS OF DATA MANAGEMENT:
The Data Controller processes the data subject's personal data in order to enforce its legitimate interests and only with regard to data absolutely necessary for the purpose of data management.
VI. PERIOD OF DATA MANAGEMENT:
The data automatically recorded by the server are available to us for 30 days, after which we only keep them in aggregated form, as attendance statistics.
VII. DATA CONTROLLER:
The Data Controller uses the services of the following Data Processor: WEBLAND Hungary Bt. storage service.
VIII. DATA SECURITY NOTICE:
The Data Controller ensures the security of the data, and also takes all the technical measures and establishes the procedural rules that are necessary for the implementation of the data protection provisions. The User is responsible for the data provided by the User, their correctness, completeness and authenticity. The Data Controller is not responsible for damages resulting from erroneously entered data, even if it could recognize the erroneous nature of the data.
IX. REPORTING A DATA PROTECTION INCIDENT:
The Data Controller has the following obligations in relation to data protection incidents:
1. the incident must be reported to NAIH no later than 72 hours after becoming aware of it, unless the data protection incident likely does not pose a risk to the rights and freedoms of natural persons;
2. if the notification is not made within 72 hours, the reasons justifying the delay must also be attached;
3. the information contained in the notification can be disclosed in several details without undue delay;
4. registration of data protection incidents, indicating the facts related to them, and the measures taken to remedy them;
5. informing the Data Subject about the data protection incident in the event that the conditions listed in Article 34 of the GDPR exist, in the manner specified therein.
X. RIGHTS OF THE DATA PARTIES:
1. Right of access
The Data Subject has the right to receive feedback from the Data Controller as to whether her personal data is being processed, and if such data processing is in progress, she is entitled to receive access to the personal data and the information listed in the regulation.
2. Right to rectification
The Data Subject has the right to have inaccurate personal data corrected without undue delay upon request by the Data Controller.
3. The right to erasure
The Data Subject has the right to have the Data Controller delete the personal data concerning her without undue delay upon request, and the Data Controller is obliged to delete the personal data concerning the data subject without undue delay under the conditions specified in the regulation.(nőnemű)
4. Az adatkezelés korlátozásához való jog
The Data Subject has the right to request that the Data Controller restrict data processing if one of the following conditions is met:
• the Data Subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the data controller to check the accuracy of the personal data;
• the data management is illegal and the Data Subject opposes the deletion of the data and instead requests the restriction of its use;
• the Data Controller no longer needs the personal data for the purpose of data management, but the Data Subject requires them to present, enforce or defend legal claims;
• the Data Subject objected to data processing; in this case, the restriction applies to the period until it is established whether the Data Controller's legitimate reasons take precedence over the data subject's legitimate reasons.
5. The right to data portability
The Data Subject has the right to receive the personal data concerning him/her provided to the Data Controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller without the Data Controller preventing this, if the data management is based on the data subject's consent or contract.
6. The right to protest
The Data Subject has the right to object to the processing of her personal data at any time for reasons related to her own situation.
XI. GENERAL DATA PROTECTION AUTHORITY:
You can file a complaint with the National Data Protection and Freedom of Information Authority against possible violations of the Data Controller:
National Data Protection and Freedom of Information Authority
Headquarters: 1055 Budapest, Falk Miksa utca 9-11.
Postal address: 1363 Budapest, Pf.: 9.
Phone number: +36 (1) 391-1400
Fax number: +36 (1) 391-1410