Your rights regarding data processing are as follows:
RIGHT TO TRANSPARENT INFORMATION:
You have the right to receive notification about the facts and information related to data processing prior to starting the data processing. We have also created this Privacy Notice to ensure this right.
RIGHT OF ACCESS BY THE DATA SUBJECT:
The Data Subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the following information:
- the processed personal data and the category of personal data, the purpose of data processing;
- the recipients or categories of recipient to whom the personal data have been, or will be disclosed by the Controller;
- the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period.
• at request, the controller provides the data subject with a copy of the personal data that are the subject of data processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on the administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
RIGHT TO RECTIFICATION:
The Data Subject may request the Company to rectify or complete any personal information that is incorrect, inaccurate or incomplete. Before rectifying the erroneous data, the Company may verify the truthfulness or accuracy of the data involved.
RIGHT OF WITHDRAWAL:
In the case of data processing based on the Data Subject’s consent, the Data Subject may withdraw his/her consent at any time, which does not affect the lawfulness of data processing based on consent before the withdrawal.
RIGHT TO ERASURE (‘RIGHT TO BE FORGOTTEN’):
The data subject shall have the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, and the Controller is obliged to do so. You do not have this right in the case of data processing based on a legal obligation.
RIGHT TO RESTRICTION OF PROCESSING (RETENTION RIGHT):
The Data Subject shall have the right to obtain from the Controller restriction of processing in the following cases:
- if the accuracy of the personal data is contested by the Data Subject, for a period enabling the controller to verify the accuracy of the personal data;
- if the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead;
- if the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defence of legal claims;
- if the Data Subject has objected to processing pending the verification whether the legitimate grounds of the Controller override those of the Data Subject.
RIGHT TO DATA PORTABILITY:
The Data Subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where: The Data Subject shall have the right to data portability if:
- the processing is based on the data subject's consent or on the consent to processing specific categories of the personal data for one or more specific purposes, or on a contract pursuant to Article 6 (1) (b) GDPR, and
- the processing is carried out by automated means.
RIGHT TO OBJECT:
The Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her except where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, including profiling. The Controller shall not terminate data processing on the basis of the objection if the data processing is justified by compelling legitimate reasons which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims
AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING:
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or otherwise significantly affects them. The Company does not use automated decision making.
COMMUNICATION OF A PERSONAL DATA BREACH TO THE DATA SUBJECT:
If a potential data breach is likely to pose a high risk to your data, rights and freedoms, the Controller will notify you about the data breach without undue delay.
RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY:
In the event where the Data Subject suffered a harm concerning the processing of his or her personal data, it is advisable to contact the Controller before lodging the complaint and submit a request to exercise the relevant data subject's right in order to handle the matter more quickly and efficiently.
You shall have the right to complain to a supervisory authority if you consider that the processing of personal data violates the data protection laws.
National Authority for Data Protection and Freedom of Information
Registered office: 1055 Budapest, Falk Miksa utca 9-11.
Mailing address: 1363 Budapest, Pf.: 9.
Phone number: +36 (1) 391-1400
Facsimile number: +36 (1) 391-1410
RIGHT TO AN EFFECTIVE JUDICIAL REMEDY AGAINST A SUPERVISORY AUTHORITY:
You have the right to an effective judicial remedy against a legally binding decision of the supervisory authority concerning you.
RIGHT TO AN EFFECTIVE JUDICIAL REMEDY AGAINST DATA CONTROLLERS OR DATA PROCESSORS:
Without prejudice to the right to lodge a complaint, the Data Subject shall have the right to an effective judicial remedy by instituting civil proceedings if, in his or her opinion, his or her rights have been violated as a result of the improper processing of his or her personal data. The Metropolitan Court has jurisdiction to hear the case, but the data subject may also choose to bring the case before the court having jurisdiction over his or her place of residence.