x
W E B F O X

Data Protection Guidelines

Kucséber Dezső Sole Trader (registered office: 7761 Kozármisleny, Fülemüle Street 3/d., company registration number: tax number: 58681987-1-22       

email: info@webfox.hu, phone:) (hereinafter: Service Provider, Data Controller) subject to:the following information.

Relevant laws

underlying data processing:

This data processing information regulates the data processing of the following websites: https://www.webfox.hu and is based on the above content requirements. 

The data protection policy becomes effective upon disclosure at the specified address.

  1. NAME AND CONTACT INFORMATION OF DATA CONTROLLER

Company name/abbreviated company name:

Kucséber Dezső Egyéni Vállalkozó

Registered office/Mailing address:

7761 Kozármisleny, Fülemüle street 3/d

Tax number:

58681987-1-22

Represented by:

Kucséber Dezső

Phone:

+36 30 554 18 92

Email:

info@redfox.hu

  1. PURPOSE, SCOPE, AND DURATION OF THE POLICY

The purpose of this Policy is to ensure that all executives, employees, and other individuals in a contractual relationship with the Company adhere to the applicable data protection laws at all times during their activities. The executives, employees, and other individuals in a contractual relationship with the Company are obligated to prioritize compliance with the GDPR, the Info Act, and the provisions of this Policy in all activities related to the processing of personal data of natural persons who are customers and other natural persons in contact with the Company. In all data processing activities, the Company is obligated to adhere to the principles of data protection and the current legal requirements for data protection to ensure accountability and the protection of the rights and freedoms of the data subjects. Data processing by the Company All data processing carried out by the Company falls under the scope of data protection. The Company is only authorized to process personal data when it has a legal basis for doing so. The Company is obligated to comply with the principles of data protection and the current legal requirements for data protection in all data processing activities, ensuring accountability and the protection of the rights and freedoms of the data subjects.

Data processing by the Company may involve the engagement of data processors. The tasks of data processors may include performing the following activities:

  1. Invoicing-related activities (printing and mailing),
  2. Payroll processing,
  3. Accounting,
  4. IT system operation,
  5. Supporting the Company's activities
  6. facilitating performance
  7. involving subcontractors

The Company, in accordance with the requirements of built-in and default data protection, adheres to the principles of data protection and complies with the current legal requirements for data protection in all data processing activities. This is done to ensure accountability and the protection of the rights and freedoms of the data subjects in line with the principles of data protection and the prevailing legal requirements for data protection.

Data Processing Conducted by the Company

All data processing carried out by the Company falls under the scope of data protection. The Company is only authorized to process personal data when it has a legal basis for doing so.

The Company is only authorized to perform data processing, including the knowledge, collection, or utilization of personal data, when it has a legal basis for doing so.

  1. a) if the data subject has given explicit consent for the processing of their personal data for one or more specific purposes;
  2. b) if the data processing is necessary for the Company to fulfill a legal obligation;
  3. c) the data processing is necessary for the performance of a contract in which the data subject is a party, or for the implementation of pre-contractual measures at the request of the data subject;
  4. d) if the data processing is necessary for the vital interests of the data subject or another natural person, and to assert the legitimate interests of the Company (or a third party), except where the interests and fundamental rights and freedoms of the data subject that require the protection of personal data take precedence over those interests.

Our company may engage data processors to provide its services. The tasks of data processors may include performing the following activities:

  • activities related to invoicing (printing and mailing),
  • payroll processing
  • accounting
  • operation of information systems
  • supporting our activities, facilitating performance, involving subcontractors

2/A. [Data Processing Related to Customers]

The purpose of data processing:

  1. a) creating and maintaining contractual relationships (e.g., commissioning contract, sales contract) between the Company and the data subject related to the Company's regular economic activities, exercising rights arising from such contractual relationships (e.g., demanding consideration), and fulfilling obligations (e.g., providing services specified in the contract);
  2. b) asserting and defending the legitimate interests of the Company related to the customer;
  3. c) fulfilling legal obligations that may burden the Company in connection with contractual relationships.

The duration of data processing:

From the date of giving consent by the data subject, the duration of data processing is 5 years after the termination of the contractual relationship. For all personal data processed based on consent falling under the provisions of Sections 56-57 of Act LIII of 2017 on the prevention and combating of money laundering and terrorist financing, the duration of data processing is 8 years after the termination of the contractual relationship.

The method of data processing:

Maintaining paper-based or electronic records and performing paper-based or electronic operations on personal data.

The data processing according to this subsection is lawful only if the Company has the appropriate legal basis for it. In the case where this legal basis relies on consent-based data processing, the condition for the lawfulness of data processing is that the Company acts in accordance with the provisions specified in this subsection. By making the consent statement, the customer expressly consents to the Company creating a photocopy or electronic copy of documents containing the customer's personal data necessary and indispensable for establishing the contractual relationship, and fulfilling the preservation of personal data through the retention of this copy. The Company is obligated to keep the copy, along with other documents concerning the customer, in a location where unauthorized individuals cannot access them.

The Company, within the framework of consent-based data processing, is entitled to acquire and process the following data of the customer:

PERSONAL DATA

PURPOSE OF DATA PROCESSING

Name

Identification

Phone number

Contact, coordination

Email

Contact, coordination

Residential address/Installation address

Date of the quote request

Date of the quote request

Execution of technical operation.

*In the case of email addresses, it is not necessary for them to contain personal data.

The Company, in the case of consent-based data processing, is entitled to obtain and process the following data of the data subject (customer):

  1. a) The name and contact information of the Company or its representative;
  2. b) Information that the contractual relationship can only be established if the personal data necessary for it is known and processed by the Company, and about the revocability of this consent.
  3. c) About the exact purpose, legal basis, and specific scope of data processing.
  4. d) Regarding the recipients or categories of recipients of personal data.
  5. e) About the planned duration of storing the personal data.
  6. f) About the rights entitled to the data subject regarding their personal data.
  7. g) Regarding the possibility of submitting a complaint to the Authority or seeking judicial remedy.

The information must be provided by the Company using Annex 1 and sent to the data subject or made accessible to them.

The Company is obliged to provide the information concisely and comprehensibly to the customer. In addition to providing the information, the Company is required to make this Regulation accessible to the customer and, upon request, send it in electronic form to the customer's electronic delivery address.

The data subject is entitled, after receiving the information, to voluntarily decide whether they wish to establish a contractual relationship with the Company. The consent of the customer is lawful when

  1. a) voluntary;
  2. b) relates to specific data processing (related to one or more contractual relationships);
  3. c) is based on adequate information; and
  4. d) is a clear expression of will.

The condition for data processing based on the consent of the data subject is that the data subject, prior to establishing a legal relationship with the Company, acknowledges the Company's data processing information, the purpose of the Company's data processing, the fact of data processing, as well as the scope of data to be known and managed. The data subject must consent to data processing by signing a statement consistent with the content of Annex 2 of this Regulation for the Company.

In the case of a contractual relationship, the Company is entitled to formulate the data subject's consent statement, who is the customer, as a provision in the contract to be concluded between the Company and the customer. By signing such a contract containing this provision, the customer simultaneously provides the Company with the consent statement regarding the knowledge and processing of their personal data.

In the customer's consent statement, it is mandatory to note that, in addition to consent-based data processing, the customer expressly understands the Company's information that data processing may also be justified by other legal grounds concerning the customer.

If the data subject does not consent to the processing of personal data or refuses to sign a statement identical to the content of Annex 2, the Company cannot establish an obligation relationship with the respective natural person. The data subject can withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of the data processing based on consent before the withdrawal. Upon the withdrawal of consent to the processing of personal data, the Company is obliged to terminate the obligation relationship related to personal data processing as a precondition.

The Company is obliged to delete from all its records the personal data for which the obligation relationship with the data subject has ceased for any reason, except if the data subject has consented to further processing of personal data or if the preservation of personal data is prescribed by law (e.g., tax-related legal relationship) for the Company.

2/B. [Data Processing Related to Inquiries]

The purpose of data processing:

Contact initiation, communication, and submission of the proposal to the requester.

The legal basis for data processing:

Consent of the data subject.

The Company, within the framework of consent-based data processing, is entitled to become acquainted with and process the following data of the inquirer:

PERSONAL DATA

PURPOSE OF DATA PROCESSING

Name

Identification

Phone number

Contact, coordination

Email

Contact, coordination

Residential address/Installation address

Date of the quote request

Date of the quote request

Execution of technical operation.

*In the case of email addresses, it is not necessary for them to contain personal data.

Circle of data subjects:

All individuals requesting a quote on the website/customer service.

The duration of data processing and the deadline for deleting the processed data:

It lasts until the deletion request of the data subject. The data controller informs the data subject via email, based on Article 19 of the GDPR, about the deletion of any personal data provided by the data subject. If the deletion request of the data subject includes the email address provided by them, the data controller will also delete the email address after providing the information.

The possible data processors authorized to access personal data are:

The employees of the Data Controller may access the personal data provided by the data subjects for the purpose of performing their duties.

The Data Controllers transfer the personal data of the data subjects to other Data Controllers or government authorities only in exceptional cases, not listed in the annex.

If, for example:

  • if legal proceedings are initiated regarding the data subject, and it is necessary to transfer documents containing personal data of the data subject to the competent court,
  • the police contact the Data Controller, and it is necessary to transmit documents containing personal data of the data subject for the investigation.

Description of the data subject's rights related to data processing:

The data subject may request access to their personal data, its modification, deletion, or restriction of processing from the data controller. Furthermore, the data subject has the right to data portability and the withdrawal of consent at any time.

Access to personal data, deletion, correction, or possible restriction of processing can be initiated by data subjects through the following methods:

by post at

7761 Kozármisleny, Fülemüle street 3/d

by phone at

number +36 30 554 18 92

in electronic format

to the email address info@webfox.hu.

The legal basis for data processing:

Article 6(1)(b) of the GDPR.

We inform you that:

  • the data processing is necessary for providing a quotation.
  • the data subject is obliged to provide personal data in order for us to provide a quotation.
  • Failure to provide the data may result in us being unable to provide you with a personalized quotation.

2/C [Data processing related to the website]

The purpose of data processing:

Contact, communication, information sharing, information request.

The legal basis for data processing:

Consent of the data subject.

The Company, within the framework of consent-based data processing, is entitled to acquire and process the following data of the customer:

PERSONAL DATA

PURPOSE OF DATA PROCESSING

Name

Identification

Phone number

Contact, coordination

Email

Contact, coordination

Messege:

Explanation of the purpose of contact is required. Possibly, with the provision of additional personal information.

Date of the quote request

Execution of technical operation.

*In the case of email addresses, it is not necessary for them to contain personal data.

Circle of data subjects:

All individuals sending messages through the aforementioned website.

The duration of data processing and the deadline for deleting the processed data:

It lasts until the deletion request of the data subject. The data controller informs the data subject via email, based on Article 19 of the GDPR, about the deletion of any personal data provided by the data subject. If the deletion request of the data subject includes the email address provided by them, the data controller will also delete the email address after providing the information.

The possible data processors authorized to access personal data are:

The employees of the Data Controller may access the personal data provided by the data subjects for the purpose of performing their duties.

The Data Controllers transfer the personal data of the data subjects to other Data Controllers or government authorities only in exceptional cases, not listed in the annex.

If, for example:

  • if legal proceedings are initiated regarding the data subject, and it is necessary to transfer documents containing personal data of the data subject to the competent court,
  • the police contact the Data Controller, and it is necessary to transmit documents containing personal data of the data subject for the investigation.

Description of the data subject's rights related to data processing:

The data subject may request access to their personal data, its modification, deletion, or restriction of processing from the data controller. Furthermore, the data subject has the right to data portability and the withdrawal of consent at any time.

Access to personal data, deletion, correction, or possible restriction of processing can be initiated by data subjects through the following methods:

by post at

7761 Kozármisleny, Fülemüle street 3/d

by phone at

number +36 30 554 18 92

in electronic format

to the email address info@webfox.hu.

The legal basis for data processing:

Article 6(1)(b) of the GDPR.

We inform you that:

  • the data processing is necessary for contacting.
  • the data subject is obliged to provide personal data in order for us to provide a quotation.
  • Failure to provide the data may result in us being unable to provide you with a personalized quotation.

2/D. CUSTOMER RELATIONS AND OTHER DATA PROCESSING

  • If any issues arise or if the data subject has questions during the use of the data controller's services, they can contact the data controller through the contact information provided on the website (phone, email, social media, etc.).
  • The data controller will delete incoming emails, messages, phone calls, Facebook interactions, etc., along with the inquirer's name, email address, and any other voluntarily provided personal data, upon the request of the data subject.
  • Information about data processing not listed in this notice will be provided by the service provider at the time of data collection.
  • Upon exceptional authority requests and in accordance with legal authorization, the Data Controller is obliged to provide information, disclose data, and make documents available.
  • In such cases, the Data Controller shall, to the extent necessary to achieve the purpose of the request, provide the inquirer with personal data only to the extent and amount specified if it has indicated the precise purpose and scope of the data.
  1. USED DATA PROCESSORS:

The Data Controller may use the services of third parties for the processing of personal data, provided that the data processing practices of the third party comply with applicable legal requirements. By accepting this policy, the user gives explicit consent to the processing of data by the third party.

 

Online data submission (invoicing):

Name

Nemzeti Adó- és Vámhivatal (NAV)

Adress:

1134 Budapest, Dózsa György út 128-132.

Phone:

+36-1-427-3200

Webpage:

www.nav.gov.hu

Stored data:

Customer and seller data on the invoice, invoice items, detailed information on the invoice

Activity:

Online data provision from the invoicing module, data analysis, risk analysis, regulatory control.

The data processor undertakes an obligation and provides adequate guarantees for the processing activities carried out by him as a data processor to comply with the requirements set out in Regulation (EU) 2016/679 of the European Parliament and of the Council, ensuring the protection of the rights of data subjects, and implementing appropriate technical and organizational measures.

.

Description of Data Processing in the Case of Accounting Services:

During the provision of accounting services as a Data Processor to the Data Controller, the processing of accounting documents and the performance of payroll activities involve the handling of personal data of the natural persons who are clients, employees, and contractual partners (customers and suppliers) of the Principal.

The purpose of data processing is to fulfill the following services:

  1. a) accounting
  2. b) other accounting services;
  3. c) record-keeping of business or other transactions, transactions, and documents;
  4. d) preparation or examination of financial and accounting reports;
  5. e) preparation of personal and corporate income tax and other declarations;
  6. f) payroll processing.

The scope of processed personal data:

  1. a) Name of the natural person (title, former name), address, tax identification number, individual entrepreneur's identification number, agricultural producer's identification number, social security number,
  2. b) In the case of employees, health data, special personal data related to trade union membership, with the note that the processing of these data is necessary for the data controller or the data subject to fulfill legal obligations arising from regulations governing employment, social security, and social protection, as well as for the exercise of specific rights.
  3. Data security measures

The Data Controller stores the personal data provided by the data subject on the Data Controller's servers and, in certain cases, in its paper-based filing system. The Data Controller does not use the services of another Service Provider/Data Processor for the storage of personal data.

The data controller takes all necessary measures to ensure the security of the data, ensuring its adequate protection, particularly against unauthorized access, alteration, transmission, disclosure, deletion, or destruction, as well as against accidental loss or damage.

Data security and the order of data storage

The Company carries out data processing in compliance with the GDPR and other data protection regulations, ensuring respect for the fundamental right to family and private life, as well as other rights and freedoms of the data subject.

The provisions regarding the storage of personal data outlined in this Regulation apply equally to personal data stored in both paper and electronic formats, which are part of the record-keeping system or processed by the Company, either partially or entirely through automated means. The Company utilizes owned Assets for the electronic storage of personal data, while paper-based records are maintained in real estate owned or used by the Company as its headquarters, branches, or representative offices.

The personal data collected and stored by the Company for data processing purposes can only be processed for the purposes specified in this Regulation or as specified by law and with an appropriate legal basis.

The Company must preserve the personal data collected and stored in a manner that prevents unauthorized access during the data processing period. The Company is obligated to ensure that the collected and stored personal data:

  1. a) cannot be known or accessed by unauthorized third parties;
  2. b) are not subjected to unauthorized data processing;
  3. c) cannot be altered, transmitted, disclosed, or deleted by unauthorized individuals;
  4. d) are not transmitted contrary to Section VII of this Regulation;
  5. e) are not modified or accidentally or unlawfully destroyed, deleted, or made inaccessible;
  6. f) are protected from loss or damage.

The Company, in its data processing and related organizational activities, takes into account the current state and development of science and technology. It aims to use the most secure technology possible to maintain data security and provide appropriate data security in line with the level of risk, ensuring the protection of the rights and freedoms of natural persons.

  1. Cookie Management

The anonymous visitor identifier (cookie) is a unique sequence of characters capable of identification and storing profile information, which service providers place on visitors' computers. It is important to note that such a character sequence, given that the complete IP address is not stored during its application, cannot identify the customer or visitor in any way by itself. It is solely capable of recognizing the visitor's computer. Providing a name, email address, or any other personal information is not necessary, as when using such solutions, the provider does not request data from the visitor. The data exchange essentially occurs between computers.

In the world of networks, personalized information and tailored services can only be provided if service providers can uniquely identify the habits and needs of their customers. Alarmdirect Ltd, like other providers, manages such anonymous identifiers - which do not contain personal information - for the purpose of gaining insights into customers' information usage habits. This allows for the improvement of service quality and the enhancement of the convenience of the website's services.

The use of cookies is necessary to improve user experiences during the use of the website. Some of these applied cookies are essential for the operation of specific services. There are cookies that collect information and statistics about the use of the website, making browsing more convenient. There are cookies that operate periodically and disappear when the browser is closed, but there are also persistent cookies that are stored on the computer. There are local cookies associated with periodically appearing content and are present on the site for a specified period. Some cookies are essential for the operation of the site, while others enhance performance and user experience.

.

The fact of data processing, the scope of processed data:

Unique identifier, dates, timestamps

Circle of data subjects:

All individuals visiting the website.

The purpose of data processing:

User identification and tracking of visitors.

The duration of data processing and the deadline for deleting data:

variable.

COOKIE TYPE

LEGAL BASIS OF DATA PROCESSING

DURATION OF DATA PROCESSING

SCOPE OF PROCESSED DATA

Session cookies

Paragraph (3) of Section 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services (Elkertv.)

Until the end of the respective visitor's session

connect.sid

The possible data processors authorized to access the data are:

The data controller does not process personal data through the use of cookies.

Description of the data subject's rights related to data processing:

The data subject has the option to delete cookies in their browser under the Tools/Settings menu, usually under the Privacy settings.

The legal basis for data processing:

Consent is not required from the data subject if the sole purpose of using cookies is the transmission of communications over an electronic communications network or if it is strictly necessary for the service provider to provide a service explicitly requested by the subscriber or user related to the information society.

  1. THE RIGHTS OF THE DATA SUBJECTS

Right of Access:

The data subject is entitled to receive feedback from the Data Controller on whether the processing of their personal data is in progress. If the data processing is in progress, the data subject has the right to access the personal data and the information listed in the regulations.

Right to Rectification:

The data subject is entitled to request the Data Controller to rectify inaccuracies/errors in the personal data without undue delay upon request. Taking into account the purpose of the data processing, the data subject is entitled to request the supplementation of incomplete personal data, among other things, through a supplementary statement.

Right to Erasure:

The data subject is entitled to request the Data Controller to erase their personal data without undue delay upon request. The Data Controller is obliged to erase the personal data of the data subject without undue delay under the conditions specified in the regulations.

Right to be Forgotten:

If the Data Controller has made the personal data public and is obligated to erase it, they will take reasonable steps, including technical measures, considering the available technology and implementation costs, to inform other data controllers that the data subject has requested the deletion of links or copies of personal data.

Right to Restriction of Processing:

The data subject is entitled to request the Data Controller to restrict the processing of personal data. This right applies under certain conditions, such as when the data subject disputes the accuracy of the personal data or if the processing is unlawful, and the data subject opposes the erasure of the data.

  • The data subject disputes the accuracy of the personal data. In this case, the restriction applies to the period during which the data controller can verify the accuracy of the personal data.
  • In the event that the data processing is unlawful and the data subject opposes the deletion of the data. Instead, the data subject requests the restriction of the use of their data.
  • The data controller no longer needs the personal data for the purposes of processing, but the data subject requires the data for the submission, enforcement, or defense of legal claims.
  • The data subject has objected to the data processing; in such a case, the restriction applies to the period until it is determined that the legitimate reasons of the data controller take precedence over the rights of the data subject.

Right to Data Portability:

The data subject is entitled to receive their personal data provided to the Data Controller in a structured, commonly used, and machine-readable format. Furthermore, the data subject has the right to transmit this data to another data controller.

Right to Object:

The data subject is entitled to object to the processing of their personal data for reasons related to their particular situation. This includes objections to profiling based on the mentioned provisions.

Objection to Direct Marketing:

If the processing of personal data is carried out for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing. This includes profiling related to direct marketing. If the data subject objects to the processing of personal data for marketing purposes, their personal data cannot be processed for this purpose in the future.

Automated Decision-Making, Including Profiling:

The data subject is entitled not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

This provision does not apply if the decision is necessary for

  • the performance of a contract between the data subject and the Data Controller, is based on the data subject's explicit consent,
  • or is authorized by Union or Member State law providing for suitable measures to safeguard the
  • data subject's rights, freedoms, and legitimate interests.
  1. ACTION DEADLINE

The data controller shall inform the data subject of the measures taken following the request without undue delay but no later than 30 days from the receipt of the request. This period may be extended by an additional 60 days if necessary. The data controller shall inform the data subject of the extension within 30 days of receiving the request, indicating the reasons for the delay.

If the data controller does not take action on the data subject's request without undue delay, but no later than 30 days from the receipt of the request, the data subject shall be informed of the reasons for the lack of action. It shall also inform the data subject that they may lodge a complaint with the supervisory authority and exercise their right to judicial remedy.

  1. PROCEDURE FOR HANDLING DATA PROTECTION INCIDENTS

If a data protection incident is likely to result in a high risk to the rights and freedoms of the data subject, the data controller shall promptly inform the data subject of the data protection incident.

The information provided must be accurate and easy to understand, including the name and contact details of the data protection officer or another contact person. The data subject must be informed of the likely consequences of the data protection incident, and the measures taken or planned by the data controller to remedy the data protection incident, including any measures to mitigate unintended adverse effects arising from the data protection incident.

The data subject does not need to be informed if any of the following conditions are met:

  • The data controller has implemented appropriate technical and organizational security measures that apply to the data affected by the data protection incident, such as encryption, making the data unintelligible to unauthorized persons.
  • The data controller has taken further measures after the data protection incident to ensure that the high risk to the rights and freedoms of the data subject is likely not to materialize.
  • The notification would require disproportionate effort. In this case, the data subject shall be provided with public information or similar measures ensuring effective information.

If the data controller has not informed the data subject of the data protection incident, the supervisory authority may, after considering the matter, instruct the data subject to be informed.

REPORTING DATA PROTECTION INCIDENTS TO THE AUTHORITY

The data controller shall report the data protection incident to the supervisory authority competent under Article 55 without undue delay, and no later than 3 days after becoming aware of the incident. This does not apply if the data protection incident is unlikely to pose a risk to the rights and freedoms of natural persons. If the report is not made within 3 days, the reasons for the delay must be included.

  1. COMPLAINT OPTION

If the data subject, as the data subject of personal data processing, finds that the Company violates the provisions of data protection laws, they may seek redress by submitting a remedy request to the competent court or the National Authority for Data Protection and Freedom of Information.

Nemzeti Adatvédelmi és Információszabadság Hatóság

1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Adress:

Phone:

Fax: +36-1-391-1410

E-mail: ugyfelszolgalat@naih.hu

  1. OTHER PROVISIONS

The Data Controller reviews this information annually. The Service Provider reserves the right to unilaterally modify this Privacy Statement with prior notice to the Data Subject. The Data Controller is obligated to review the information in this statement even if significant changes in legislation or substantial changes in data protection and processing procedures occur. In such cases, the Data Controller will appropriately modify and publish this statement on its website, drawing attention to the changes. Our website is not responsible for the data management practices of other external websites. The Data Controller does not verify the personal data provided to them. Any Data Subject providing their email address also assumes responsibility for ensuring that only they use the provided email address for the service.

Budapest, May 25, 2018.

Terms and Definitions

1.1. 1.1. data subject: any natural person identified or identifiable based on specific personal data – directly or indirectly;: bármely meghatározott, személyes adat alapján azonosított vagy – közvetlenül vagy közvetve – azonosítható természetes személy;

1.2. personal data: any data related to the data subject – especially the name, identifier, as well as one or more physical, physiological, mental, economic, cultural, or social characteristics, and the conclusions that can be drawn from them regarding the data subject;

1.3. consent: the voluntary and explicit expression of the data subject's wishes, based on adequate information, giving unmistakable consent to the processing of their personal data – either in full or for specific operations;

1.4. objection: the data subject's statement objecting to the processing of their personal data and requesting the cessation of data processing or the deletion of processed data;

1.5. data controller: the natural or legal person, or organization without legal personality, who or which, alone or jointly with others, determines the purpose of processing the data, makes and executes decisions regarding data processing (including the tools used), or has it executed by a data processor authorized by them;

1.6. data processing: any operation or set of operations performed on data, irrespective of the procedure applied, including collection, recording, organization, storage, alteration, use, retrieval, transmission, disclosure, coordination, or linking, blocking, erasure, and destruction of data, and preventing further use of data, taking photographs, making sound or visual recordings, and recording physical characteristics suitable for identifying a person (e.g., fingerprints, DNA samples, iris scans);

1.7. data transfer: making data accessible to a specific third party;

1.8. disclosure: making data accessible to anyone;

1.9. data erasure: making the data unrecognizable in a way that their restoration is no longer possible;

1.10. data marking: identifying data with an identifier for the purpose of distinguishing it;

1.11. data blocking: marking data with an identifier to permanently or for a specified period restrict further processing;

1.12. data destruction: complete physical destruction of the data carrier containing the data;

1.13. data processing: the performance of technical tasks related to data processing, regardless of the method and means of execution and the location of the application, provided that the technical task is performed on the data;

1.14. data processor: the natural or legal person, or organization without legal personality, who or which, based on a contract concluded with the data controller – including contractual arrangements based on legal provisions – processes the data;

1.15. third party: any natural or legal person, or organization without legal personality, who or which is not identical with the data subject, the data controller, or the data processor;

1.16. third country: any state that is not an EEA state.

1.17. special data::

  1. a) personal data related to racial or ethnic origin, political opinion or party affiliation, religious or other beliefs, membership in interest representation organizations, personal data related to sexual life,
  2. b) personal data related to health status, pathological addiction, and criminal personal data. 
en_GBEnglish