Privacy Policy

Kasléder Albert e.v.
registered seat: H-7030 Paks, Kandó Kálmán utca 13.
Company registration number: 15392276
VAT number 65394753-1-37

DATA PROCESSING
POLICY

based on Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as the “Privacy Act”)

as well as
Regulation (EU) No 2016/679 of the European Parliament and of the Council
(GDPR – General Data Protection Regulation)

PREAMBLE

On behalf of Kasléder Albert e.v. (hereinafter referred to as: Data Controller) we would like to inform our customers and the visitors of our website – www.kasledereffects.com and our social media sites – collectively as data subject(s) that we respect the personal rights of the data subjects therefore act according to the following rules in the course of our data processing.

We reserve the right to change our policy for alignment with the prevailing legal background and other internal regulations.

The electronic version of our policy is available on our website, www.kasledereffects.com and on paper basis at our registered seat: H-7030 Paks, Kandó Kálmán u. 13.

Therefore, our Company as a Data Controller considers the provisions of this Policy binding for itself and shall act accordingly in the course of its operation.

I. Definitions pursuant to Section 3 of the Privacy Act

Data subject means any natural person identified or identifiable on the basis of any information;
Identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Personal data: means any information relating to the data subject, in particular an identifier such as a name, an identification number, or one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person, as well as the conclusions that may be deduced from the data.
Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Protest means the statement of the data subject in which he or she objects to the processing of his/her personal data and requests the termination of the data processing and the erasure of the processed data;
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, makes and enforces decisions on data processing (including the devices used) or has them executed by the entrusted data processor.
Data processing means irrespective of the method used, any operation or set of operations which is performed on data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; to prevent further use of the data, to take photographs, sound recordings or images, and to record the physical characteristics (e.g. finger or palm print, DNA pattern, iris image) for identifying the person;
Data transmission means making the data available to a specific third party;
Third party means a natural or legal person, or an organization without a legal personality other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorized to process personal data;
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

II. The purpose and scope of this policy
II/1. The purpose of the data processing policy
The purpose of this policy is to ensure that the data processing of Kasléder Albert e.v., as Data Controller respects the privacy of natural persons and that its data processing operations are in conformity with the constitutional principle of information self-determination and the information received by the Data Controller is not misused.
II/2. Scope of the Policy
The scope of this Policy applies to the employees of the Company and to the flow of information among employees and to all data processing related to personal data, i.e. all personal data processed by the Company.

III. Principles of data processing

Personal data can only be processed for clearly defined, legitimate purposes, in order to exercise a right and fulfill an obligation. Data processing shall in all stages be compliant with the purpose thereof, furthermore, data collection and processing shall be fair and legitimate.

Only personal data that is essential for achieving the purpose of data processing can be processed to achieve this purpose. Personal data can only be processed to the extent and for the duration necessary for the achievement of the purpose.

Personal data will continue to maintain this quality while processing the data as long as its connection can be restored with the data subject. The connection can be restored with the data subject if the data controller possesses the technical conditions required for restoration.

In the course of data processing the accuracy and completeness of the data shall be ensured, and, where necessary for the purposes of data processing, the updating of the data and that the data subject can only be identified for the time necessary for the purpose of data processing shall be ensured.
Adequate security of personal data shall be ensured in the course of data processing by applying appropriate technical or organizational measures, in particular protection against unauthorized or unlawful processing, accidental loss, destruction or damage to data.

IV. Legal basis and general terms and conditions of data processing

Personal data can be processed, if
a) it is strictly necessary for the performance of the data controller’s statutory tasks and the data subject has explicitly consented to the processing of personal data;
b) it is ordered by law or – by virtue of the authorization of the law, in the scope specified therein, in the case of data not classified as special data or criminal personal data – a local government decree for purposes of public interest;
c) it is necessary and proportionate to the protection of the vital interests of the data subject(s) or other person, and to the elimination or prevention of the direct threat to the life, physical integrity or the goods of persons, or
d) the personal data has been expressly disclosed by the data subject and it is proportionate to the purpose of the data processing;

We perform data processing pursuant to Article 6, paragraph (1), item a) and b) of the GDPR, namely when the data subject has consented to the processing of his/her personal data for one or more specific purposes, and the processing of data is necessary for the performance of an agreement, the data subject is a party thereto, or for the actions required to be taken by the data subject before concluding the agreement.

In addition to the relevant personal identification data of the data subject, pursuant to the principle of data frugality and purpose limitation, the agreement contains only data that is absolutely necessary to the performance of the agreement and to enforce the customer’s debt or to assess the business risk. Further data processing may only be performed with the explicit consent of the data subject. Prior to obtaining the consent statement, the data subject shall be duly informed that the refusal to provide a consent statement does not cause him/her any disadvantage.

If the data subject does not intend to provide the Company with the minimum data required for the conclusion of the agreement, the Company may refuse to conclude the agreement.

We only make a copy of the documents presented by our Customers with the consent of the Customers, that is, with the consent of the data subjects. In case of a refusal of providing a consent, the conclusion of the agreement is not denied.

The information provided by our customers during the conclusion of the agreement is used exclusively by the Company for exercising the rights arising out of the agreement and for the fulfillment of the obligations contained therein.

V. Rights of the Data subjects

1. Relating to the personal data of the data subject processed by the data controller or the data processor based on the mandate of the data controller, the data subject shall be entitled to

a.) receive information about the data processing prior to the commencement of the data processing – right to preliminary information;
b.) access his/her personal data and the information relating to its processing by the data controller – the right to access;
c.) upon request, his/her personal data shall be corrected or supplemented by the data controller – right to correction;
d.) upon request, the processing of his/her personal data is restricted by the data controller – the right to restrict the processing of data;
e.) upon request, the data controller shall erase his/her personal data – right to erasure;
f.) initiate authority proceedings – the right to an authority remedy;
g.) initiate court proceedings – the right to judicial redress;

The data controller shall take appropriate technical and organizational measures to facilitate the enforcement of the rights of the data subject, by providing notifications and information to the data subject in a readily accessible, legible format, with a clear and comprehensible content, and
make a decision on the request submitted by the data subject for the enforcement of his/her rights in the shortest possible time, but within a maximum of 25 days, and shall inform the data subject of its decision in writing or if the request had been submitted electronically, by electronic means. The above-mentioned activities of the Data Controller are provided free of charge.
In order to ensure the right of obtaining preliminary information, we immediately provide the data subject with the following data prior to the commencement of the data processing operations but at the latest after the first data processing operation commences:
a.) the name and contact details of the data controller;
b.) the purpose of the intended data processing;
c.) the rights of the data subject and the manner in which they can be enforced;
We provide information to data subjects on
a.) the legal basis of data processing
b.) the retention time of the processed personal data:
c.) the scope of the recipients of the data transmission in the case of data transmission or planned transmission;
d.) the source of processed personal data;
e.) and any other substantive facts related to the circumstances of data processing.
If our Customers find that their personal data processed by us is inaccurate, incorrect, or incomplete, it will be promptly corrected or supplemented upon request.

Customers’ personal data is processed by us as a data controller, without involving a data processor, who processes personal data on behalf of the data controller.

The data subject has the right to withdraw his/her consent to data processing at any time free of charge. The withdrawal shall not affect the lawfulness of the data processing effected prior to the withdrawal of the consent. Withdrawals can be initiated via mail or electronic mail at info@kasledereffects.com.
The data subjects have the right to file a complaint with the supervisory authority (National Authority for Data Protection and Freedom of Information, http://naih.hu, phone: +36 (1) 391-1400, mail address: 1530 Budapest, Pf.: 5., e-mail: ugyfelszolgalat@naih.hu). Foreign citizens may also file a complaint with the supervisory authority of their residence.
In the event of a breach of his or her rights, the data subject may contact the court concerned. The court proceeds forthwith in the case. The decision on the data protection lawsuits falls within the jurisdiction of the regional court, however, the lawsuit can be initiated even at the court of the place of residence or stay of the data subject at his/her choice.
Please do not hesitate to contact us before filing a complaint with the supervisory authority or the court – in order to cooperate and solve the problem as quickly as possible.

The recipients of the personal data of the data subject
a) the employees of the Company performing customer service tasks,
b) the employees of the Company providing financial, accounting and taxation functions, and
c) the data processors of the Company.
Personal data is retained for 5 years after the termination of the agreement, which constitutes the basis of this Data Processing Information.
The personal data of the data subject will be handed over for processing
a) for accountancy and tax purposes, to the accounting office entrusted by the company: ………………………………………………………………………………………….
b) for postal and delivery purposes to the Hungarian Post

VI. Data Controller’s Register

Our Company as a data controller keeps a register of the data processing operations related to the personal data it processes, which records
– the name and contact details of the data controller;
– the purpose of data processing:
– the recipients of data transmission;
– the scope of data subjects and the data being processed;
– the fact of profiling if applicable;
– in the case of international data transmission, the scope of the data transmitted;
– the legal basis for data processing operations;
– the erasure date of the processed personal data:
– a general description of the technical and organizational security measures;
– the circumstances surrounding the occurrence of personal data breach, their effects and the measures taken to deal with them;
– the legal and factual grounds for the measure restricting or refusing to enforce the data subject’s access rights.

VII. Management of personal data breach

Our company records the nature of the incident, including the scope and approximate number of data subjects, including the scope and approximate amount of the data involved in the personal data breach in connection with the personal data breach related to the data processed.
We describe the likely consequences of a personal data breach and the actions taken or planned to address the personal data breach.
The personal data breach shall be reported to the competent authority immediately, but not later than 72 hours after information has been received thereof.
The personal data breach does not have to be reported if it is probable that it does not pose a risk to the enforcement of the rights of the data subjects.
In order to comply with the legal requirements for the processing of personal data and to facilitate the enforcement of the rights of the data subjects, our Company does not employ a Data Protection Officer on the basis of Section 25/L, paragraph (1) of the Privacy Act.

VIII. Data processing related to our website

Our website, www.kasledereffects.com enables visitors, as potential customers to send us an Inquiry about the services provided by our Company.
By sending us an inquiry through our website, you voluntarily provide us with your personal data, so please make sure that the data provided are true, correct and accurate, because you are responsible for these data. Incorrect, inaccurate or incomplete data may be an obstacle to using our services.
If you provide personal information of another person, we assume that you have the authority to do so.
You can withdraw your consent to data processing any time by sending a simple request to our Company’s e-mail address info@kasledereffects.com free of charge.
Registration of withdrawal of consent – for technical reasons – is undertaken with a two-day deadline, but please be aware that certain data may be processed after the withdrawal of consent to fulfill our legal obligations or to enforce our legitimate interests.
In the event of fraudulent use of personal data, or when a visitor commits a criminal offense or attacks our system, simultaneously with the abolition of the registration of that visitor, his/her data will be erased immediately, or, if necessary, retained in the course of the determination of the civil liability or the conduct of criminal proceedings.

IX. Miscellaneous

An electronic device suitable for image recording is used by our Company for property protection purposes on the external facade of the building of our regsitered seat, the Clinic and the Hotel, and inside the building.
Our surveillance system
a) does not monitor public areas,
b) does monitor employees or their activities,
c) is not intended to influence the behavior of employees in the workplace.

A noticeable, awareness-raising information sign was placed in the monitored area in the vicinity of the camera. Our new and old Employees and our visitors are always informed of the surveillance system.
We have placed signs at our registered seat in order to inform our customers and visitors that by entering the building they consent to participate in the recordings. Access to recordings, authorizations, erasure and supervision of the recordings are regulated by our Company in a separate Policy.

X. Confidentiality

Employees of our Company undertake to retain the personal information they receive during their duties without any time limitation. Employees undertake to use the data concerned solely in the performance of their duties and not to disclose them to third parties.

This Policy enters into force on January 9th, 2019.

Dated: Paks, January 9th, 2019

Kasléder Albert e.v.
Kasleder Effects