DATA MANAGEMENT INFORMATION ON THE RIGHTS OF THE NATURAL PERSON CONCERNED REGARDING THE MANAGEMENT OF YOUR PERSONAL DATA
Content
INTRODUCTION
CHAPTER I
NAME OF DATA PROCESSOR
II. CHAPTER
NAME OF DATA PROCESSORS
III. CHAPTER
ENSURING THE LEGALITY OF DATA MANAGEMENT
ARC. CHAPTER
VISITORS DATA MANAGEMENT ON THE COMPANY WEBSITE - INFORMATION ON THE USE OF COOKIES
CHAPTER V
INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED
VI. CHAPTER
Legal basis for data management
VII. CHAPTER
Purpose of data management
VIII. CHAPTER
Scope of managed data
IX. CHAPTER
Duration of data management
CHAPTER X
Method of data management
XI. CHAPTER
Request for information, correction, deletion, blocking of data
XII. CHAPTER
Legal remedy
XIII. CHAPTER
Unilateral modifiability
INTRODUCTION
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL On the protection of natural persons with regard to the processing of personal data and on the free flow of such data and on the repeal of Regulation 95/46/EC_cc781905 -5cde-3194-bb3b-136bad5cf58d_ (hereinafter: Regulation) stipulates that the Data Controller takes appropriate measures in order to ensure that, for the data subject,_cc781905-5cde-3194-bb3b -136bad5cf58d_ provide each piece of information in a concise, transparent, understandable and easily accessible form, clearly and comprehensibly worded, and that the Data Controller facilitates the exercise of the data subject's rights.
CXII of 2011. is also required by law.
We comply with this legal obligation by providing the information below.
The information must be published on the company's website or sent to the person concerned upon request.
CHAPTER I
NAME OF DATA PROCESSOR
The publisher of this information, also the Data Controller:
Data controller details:
Name:
PlusTvNews Service Limited Company
Headquarters:
1068 Budapest, Városligeti fasor 10. 1st floor 24/25
Mailing address:
1068 Budapest, Városligeti fasor 10. 1st floor 24/25
Registering court:
Metropolitan Court
Company registration number:
01 09 943657
Tax number:
22789730-2-42
Representative:
Managing Director György Ferenc Both
Telephone number:
06 1 445 2164
E-mail:
Website:
(hereinafter: Company)
II. CHAPTER
NAME OF DATA PROCESSORS
Data processor: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller; (Regulation Article 4, 8)
The use of the data processor does not require the prior consent of the data subject, but information is required. Accordingly, we provide the following information:
1. Our company's IT service provider
Our company's IT service provider
For the maintenance and management of its websites, our company uses a data processor who provides the IT services (hosting service) and in this context - for the duration of our contract with him - manages the personal data provided on the website, the operation performed by him storage of personal data on the server.
The name of this data processor is as follows:
Google Ireland Limited
Gordon House
Barrow Street
Dublin 4
Ireland
Tax number: IE 6388047V
2. Other data management:
In addition to the above, personal data relating to the Data Subject may only be forwarded in the case required by law or based on the Data Subject's consent.
III. CHAPTER
ENSURING THE LEGALITY OF DATA MANAGEMENT
1. Data management based on the data subject's consent
(1) If the Company wishes to perform data management based on consent, the data subject's consent to the processing of his personal data must be requested with the content and information of the data request form specified in the data management regulations.
(2) Consent is also considered if the data subject ticks a relevant box when viewing the Company's website , makes relevant technical settings when using services related to the information society, and any other declaration or an act which, in the given context, clearly indicates the data subject's consent to the planned processing of his personal data. Silence, a pre-ticked box or inaction therefore does not constitute consent.
(3) Consent covers all data management activities carried out for the same purpose or purposes. If data processing serves several purposes at the same time, consent must be given for all data processing purposes.
(4) If the data subject gives his consent in the context of a written statement that also applies to other matters - e.g. the conclusion of a sales or service contract - the request for consent must be submitted in a way that is clearly distinguishable from these other matters, in an understandable and easily accessible form, with clear and simple language. Any part of such a statement containing the consent of the data subject that violates the Regulation is not binding.
(5) The Company may not make the conclusion or performance of a contract subject to consent to the processing of personal data that is not necessary for the performance of the contract.
(6) Withdrawal of consent must be possible in the same simple way as giving it.
(7) If the recording of personal data took place with the consent of the data subject, the data controller may, in the absence of a different provision of the law, process the recorded data for the purpose of fulfilling the relevant legal obligation without further separate consent, and also after the withdrawal of the consent of the data subject.
2. Data management based on the fulfillment of a legal obligation
(1) In the case of data management based on legal obligations, the scope of data that can be handled, the purpose of data management, the duration of data storage, and the recipients are governed by the provisions of the underlying legislation.
(2) Data management based on the legal title of fulfilling a legal obligation is independent of the consent of the data subject, as data management is defined by law. In this case, before data processing begins, the data subject must be informed that data processing is mandatory, and the data subject must be informed clearly and in detail about all the facts related to the processing of his data before data processing begins, including, in particular, the purpose and legal basis of data processing, the person entitled to data management and data processing, on the duration of the data management, on whether the personal data of the data subject is managed by the data controller based on the relevant legal obligation, and on who can see the data. The information must also cover the data subject's rights and legal remedies. In the case of mandatory data management, the information can also be provided by publishing a reference to the legal provisions containing the above information.
3. Promoting the rights of the data subject
During all data management, the Company is obliged to ensure the exercise of the rights of the data subject.
ARC. CHAPTER
VISITORS DATA MANAGEMENT ON THE COMPANY WEBSITE - INFORMATION ON THE USE OF COOKIES
1. Website visitors must be informed about the use of cookies on the website, and their consent must be requested for this - with the exception of session cookies that are technically absolutely necessary.
2. General information about cookies
2.1. A cookie is data that the visited website sends to the visitor's browser (in the form of a variable name and value) so that it can store it and later the same website can load its content. Cookies can be valid, they can be valid until the browser is closed, or for an unlimited time. This modifies the data on the user's machine.
2.2. The essence of the cookie is that, due to the nature of website services, it is necessary to mark a user (e.g. that he has entered the page) and accordingly know the following handle. The danger lies in the fact that the user is not always aware of this and the website operator or another service provider whose content is integrated into the site may be able to follow the user (e.g. Facebook, Google Analytics), thereby creating a profile about it, and in this case the content of the cookie can be considered personal data.
2.3. Types of cookies:
2.3.1. Session cookies are technically absolutely necessary: without them, the site would simply not work functionally, they are used to identify the user, e.g. necessary to manage whether you entered, what you put in the basket, etc. This is typically the storage of a session ID, the rest of the data is stored on the server, which is therefore more secure. It has a security aspect, if the value of the session cookie is not generated well, there is a risk of a session-hijacking attack, so it is absolutely necessary that these values are generated correctly. Other terminologies call all cookies that are deleted when you exit the browser (a session is a browser usage from start to exit).
2.3.2. Usage-facilitating cookies: this is what you call cookies that remember the user's choices, for example in what form the user wants to see the page. These types of cookies essentially mean the setting data stored in the cookie.
2.3.3. Performance cookies: although they have little to do with "performance", cookies that collect information about the user's behavior, time spent, and clicks on the visited website are usually called this. These are typically third-party applications (e.g. Google Analytics, AdWords, or Yandex.ru cookies). These are suitable for profiling the visitor.
You can find out more about Google Analytics cookies here:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
You can find out more about Google AdWords cookies here:
https://support.google.com/adwords/answer/2407785?hl=en
2.4. It is not mandatory to accept or allow the use of cookies. You can reset your browser settings so that it rejects all cookies or to indicate when the system is currently sending a cookie._cc781905-5cde- 3194-bb3b-136bad5cf58d_ Although most browsers automatically accept cookies by default, they can usually be changed to prevent automatic acceptance and offer you a choice each time.
You can find information about the cookie settings of the most popular browsers at the links below
• Google Chrome:https://support.google.com/accounts/answer/61416?hl=en
• Firefox:https://support.mozilla.org/hu/kb/sutik-engedelizeze-es-tiltasa-amit-weboldak-haszn
• Microsoft Internet Explorer 11:http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11
• Microsoft Internet Explorer 10:http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
• Microsoft Internet Explorer 9:http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9
• Microsoft Internet Explorer 8:http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8
• Microsoft Edge:http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq
• Safari:https://support.apple.com/hu-hu/HT201265
However, we would like to point out that certain website functions or services may not function properly without cookies.
3. Information about the cookies used on the Company's website and the data created during the visit
3.1. The scope of data handled during the visit: Our company's website collects the following data about the visitor, and the device used for browsing by record and manage:
• the IP address used by the visitor,
• the type of browser,
• characteristics of the operating system of the device used for browsing (set language),
• date of visit,
• the visited (sub)page, function or service.
• click.
We keep this data for a maximum of 90 days and can primarily be used to investigate security incidents.
3.2. Cookies used on the website
3.2.1. Session cookies are technically essential
The purpose of data management is to ensure the proper functioning of the website. These cookies are necessary so that visitors can browse the website, use its functions smoothly and fully, the services available through the website, so - among others - in particular the commenting of the actions performed by the visitor on the given pages or the identification of the logged-in user during a visit . The duration of the data management of these cookies applies only to the visitor's current visit, this type of cookie is automatically deleted from the computer when the session ends or when the browser is closed.
The legal basis for this data management is Act CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. § (3), according to which the service provider may process the personal data that are technically absolutely necessary for the provision of the service for the purpose of providing the service. If the other conditions are the same, the service provider must choose and in any case operate the tools used in the provision of services related to the information society in such a way that personal data is only processed if this is absolutely necessary for the provision of the service and the fulfillment of other objectives defined in this law necessary, but also in this case only to the extent and for the necessary time.
3.2.1. Cookies facilitating use:
These remember the user's choices, for example in what form the user wants to see the page. These types of cookies essentially mean the setting data stored in the cookie.
The legal basis for data management is the visitor's consent.
Purpose of data management: Increasing the efficiency of the service, user experience, making the use of the website more convenient.
This data is rather on the user's computer, the website can only access and recognize the visitor through it.
3.2.2. Performance cookies:
Information is collected about the user's behavior, time spent, and clicks within the visited website. These are typically third-party applications (e.g. Google Analytics, AdWords).
Legal basis for data management: the consent of the data subject.
Purpose of data management: analysis of the website, sending advertising offers.
CHAPTER V
INFORMATION ON THE RIGHTS OF THE PERSON CONCERNED
I. The rights of the data subject in brief:
1. Transparent information, communication and facilitating the exercise of the rights of the data subject
2. Right to preliminary information - if personal data is collected from the data subject
3. Informing the data subject and the information to be made available if the personal data was not obtained by the data controller
4. The data subject's right of access
5. Right to rectification
6. The right to erasure (“the right to be forgotten”)
7. The right to restrict data processing
8. Notification obligation related to the correction or deletion of personal data or the limitation of data management
9. The right to data portability
10. Right to protest
11. Automated decision-making in individual cases, including profiling
12. Limitations
13. Informing the data subject about the data protection incident
14. The right to complain to the supervisory authority (right to an official remedy)
15. Right to an effective judicial remedy against the supervisory authority
16. Right to an effective judicial remedy against the controller or data processor
II. The rights of the data subject in detail:
1. Transparent information, communication and facilitating the exercise of the rights of the data subject
1.1. The data controller must provide all information and every single piece of information concerning the handling of personal data to the data subject in a concise, transparent, understandable and easily accessible form, clearly and comprehensibly worded, especially in the case of any information addressed to children. The information must be provided in writing or in another way, including, where applicable, the electronic way. Verbal information can also be provided at the request of the data subject, provided that the identity of the data subject has been verified in another way.
1.2. The data controller must facilitate the exercise of the rights of the data subject.
1.3. The data controller informs the data subject without undue delay, but in any case within one month of the receipt of the request, of the measures taken as a result of his request to exercise his rights. This deadline can be extended by another two months under the conditions set out in the Regulation. about which the data subject must be informed.
1.4. If the data controller does not take measures following the data subject's request, it shall inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as that the data subject may file a complaint with a supervisory authority and exercise his right to judicial redress.
1.5. The data controller provides the information and information about the rights of the data subject and measures free of charge, however, in the cases described in the Regulation, a fee may be charged.
The detailed rules can be found under Article 12 of the Regulation.
2. Right to preliminary information - if personal data is collected from the data subject
2.1. The data subject has the right to receive information about the facts and information related to data management before the start of data management. Within this framework, the data subject must be informed:
a) about the identity and contact details of the data controller and its representative,
b) the contact details of the data protection officer (if any),
c) the purpose of the planned processing of personal data and the legal basis of data processing,
d) in the case of data processing based on enforcing a legitimate interest , about the legitimate interests of the data controller or a third party,
e) about the recipients of the personal data - with whom the personal data is communicated - and the categories of recipients, if any;
e) where applicable, the fact that the data controller wishes to transfer the personal data to a third country or international organization.
2.2. In order to ensure fair and transparent data management, the data controller must inform the data subject of the following additional information:
a) on the period of storage of personal data, or if this is not possible, on the criteria for determining this period;
b) the data subject's right to request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and to object to the processing of such personal data, as well as the data subject's right to data portability;
c) in the case of data processing based on the consent of the data subject, the right to withdraw the consent at any time, which does not affect the legality of the data processing carried out on the basis of the consent before the withdrawal;
d) on the right to submit a complaint to the supervisory authority;
e) whether the provision of personal data is based on legislation or a contractual obligation or is a prerequisite for the conclusion of a contract, as well as whether the data subject is obliged to provide the personal data, and what possible consequences the failure to provide data may have;
f) about the fact of automated decision-making, including profiling, as well as, at least in these cases, about the applied logic, and understandable information about the importance of such data management , and the expected consequences for the person concerned.
2.3. If the data controller wishes to carry out further data processing on personal data for a purpose other than the purpose of their collection, it must inform the data subject of this different purpose and all relevant additional information before further data processing.
The detailed rules of the right to prior information are contained in Article 13 of the Regulation.
3. Informing the data subject and the information to be made available if the personal data was not obtained by the data controller
3.1. If the data controller did not obtain the personal data from the data subject, the data controller to the data controller within one month of the acquisition of the personal data at the latest; if the personal data is used for the purpose of contacting the data subject, at least during the first contact with the data subject; or if it is expected that the data will be communicated to another recipient, at the latest when the personal data is communicated for the first time, you must inform about the facts and information written in point 2 above, as well as the categories of the personal data concerned, as well as the source of the personal data_cc781905 -5cde-3194-bb3b-136bad5cf58d_ and, where applicable, whether the data comes from publicly available sources.
3.2. The additional rules are governed by the previous point 2 (Right to preliminary information) .
The detailed rules of this information are contained in Article 14 of the Regulation.
4. The data subject's right of access
4.1. The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is in progress, he is entitled to have the personal data and the aforementioned 2-3. get access to the related information written in point (Regulation Article 15).
4.2. If personal data is transferred to a third country or to an international organization, the data subject is entitled to receive information about the appropriate guarantees in accordance with Article 46 of the Regulation regarding the transfer.
4.3. The data controller must provide the data subject with a copy of the personal data subject to data management. For additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs.
Detailed rules regarding the data subject's right of access are contained in Article 15 of the Regulation.
5. Right to rectification
5.1. The data subject is entitled to have the Data Controller correct inaccurate personal data concerning him without undue delay upon request.
5.2. Taking into account the purpose of data management, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.
These rules are contained in Article 16 of the Regulation.
6. The right to erasure (“the right to be forgotten”)
6.1. The data subject has the right to have the data controller delete the personal data concerning him/her without undue delay, and the data controller is obliged to delete the personal data concerning the data subject without undue delay_cc781905-5cde-3194-bb3b -136bad5cf58d_ ha
a) the personal data are no longer needed for the purpose for which they were collected or otherwise processed;
b) the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;
c) the data subject objects to the processing of his data and there is no overriding legal reason for the data processing,
d) personal data were handled unlawfully;
e) personal data must be deleted in order to fulfill the legal obligation prescribed by EU or Member State law applicable to the data controller;
f) the collection of personal data took place in connection with the offering of information society-related services offered directly to children.
6.2. The right to deletion cannot be asserted if data management is necessary
a) for the purpose of exercising the right to freedom of expression and information;
b) for the purpose of fulfilling an obligation under EU or member state law applicable to the data controller, or for the purpose of performing a task performed in the public interest or in the context of the exercise of a public authority conferred on the data controller;
c) on the basis of public interest in the field of public health;
d) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, if the right to erasure would likely make this data management impossible or seriously jeopardize it; obsession
e) to present, enforce and defend legal claims.
Detailed rules regarding the right to deletion are contained in Article 17 of the Regulation.
7. The right to restrict data processing
7.1. In the case of data management restrictions, such personal data may only be processed with the consent of the data subject, with the exception of storage, or to submit, enforce or defend legal claims, or to protect the rights of another natural or legal person, or in the important public interest of the Union or a member state.
7.2. The data subject has the right to request that the Data Controller restricts data processing if one of the following is met:
a) the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the Data Controller to check the accuracy of the personal data;
b) the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use;
c) the Data Controller no longer needs the personal data for the purpose of data management, but the data subject requires them to submit, enforce or defend legal claims; obsession
d) the data subject objected to data processing; in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.
7.3. The data subject must be informed in advance of the lifting of the limitation of data management.
The relevant rules are contained in Article 18 of the Regulation.
8. Notification obligation related to the correction or deletion of personal data or the limitation of data management
The data manager informs all recipients of all corrections, deletions or data management restrictions to whom or to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the data controller informs about these recipients.
These rules can be found under Article 19 of the Regulation.
9. The right to data portability
9.1. Under the conditions set out in the Regulation, the data subject is entitled to receive the personal data concerning him/her provided to a data controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller without being hindered by the the data controller to whom you made the personal data available, if
a) data management is based on consent or a contract; and
b) data management takes place in an automated manner.
9.2. The data subject can also request the direct transmission of personal data between data controllers.
9.3. The exercise of the right to data portability may not violate Article 17 of Regulation (The right to erasure ("the right to be forgotten"). The right to data portability does not apply in the event that data processing is in the public interest or it is necessary for the execution of a task carried out in the context of the exercise of public authority delegated to the data controller. This right may not adversely affect the rights and freedoms of others.
The detailed rules are contained in Article 20 of the Regulation.
10. Right to protest
10.1. The data subject has the right to object to his personal data at any time for reasons related to his own situation in the public interest, in the performance of a public task (Article 6 (1) e)) or in legitimate interest (Article 6 f))_cc781905- against processing based on 5cde-3194-bb3b-136bad5cf58d_, including profiling based on the aforementioned provisions. In this case, the data controller may not process the personal data further, unless the data controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or which are necessary for the presentation, enforcement or defense of legal claims. are connected.
10.2. If personal data is processed for direct business acquisition, the data subject has the right to object at any time to the processing of personal data concerning him for this purpose, including profiling, if it is related to direct business acquisition. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, then the personal data may no longer be processed for this purpose.
10.3. These rights must be explicitly drawn to the attention of the data subject at the latest during the first contact, and the relevant information must be displayed clearly and separately from all other information.
10.4. The data subject can also exercise the right to protest using automated means based on technical specifications.
10.5. If personal data is processed for scientific and historical research purposes or for statistical purposes, the data subject has the right to object to the processing of personal data concerning him for reasons related to his own situation, unless the data processing is necessary for the performance of a task carried out for reasons of public interest.
The relevant rules are contained in the article of Regulation .
11. Automated decision-making in individual cases, including profiling
11.1. The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have a legal effect on him or affect him to a similar extent.
11.2. This right does not apply if the decision:
a) is necessary in order to conclude or fulfill the contract between the data subject and the data controller;
b) is made possible by EU or member state law applicable to the data controller, which also establishes appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; obsession
c) is based on the express consent of the data subject.
11.3. In the cases mentioned in points a) and c) of the preceding , the data controller is obliged to take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention on the part of the data controller , express your point of view and submit an objection to the decision.
Additional rules are contained in Article 22 of the Regulation.
12. Limitations
The EU or Member State law applicable to the data controller or data processor may limit the scope of rights and obligations (Article 12-22, Article 34, Article 5 of the Regulation) if the restriction respects the essential content of fundamental rights and freedoms.
The terms of this restriction are contained in Article 23 of the Regulation.
13. Informing the data subject about the data protection incident
13.1. If the data protection incident likely involves a high risk for the rights and freedoms of natural persons, the data controller must inform the data subject about the data protection incident without undue delay. In this information, the nature of the data protection incident must be described in a clear and understandable manner, and at least the following must be disclosed:
a) the name and contact details of the data protection officer or other contact person providing additional information;
c) the likely consequences of the data protection incident must be described;
d) the measures taken or planned by the data controller to remedy the data protection incident must be disclosed, including, where appropriate, measures aimed at mitigating any adverse consequences resulting from the data protection incident.
13.2. The data subject need not be informed if any of the following conditions are met:
a) the data controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures - such as the use of encryption - that would be unintelligible to persons not authorized to access personal data they make the data;
b) after the data protection incident, the data controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;
c) providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.
Additional rules are contained in Article 34 of the Decree .
14. The right to complain to the supervisory authority (right to an official remedy)
The data subject has the right to file a complaint with a supervisory authority - in particular in the Member State of his or her usual place of residence, workplace or the place of the alleged infringement - if, in the opinion of the data subject, the processing of personal data relating to him/her violates the Regulation. The supervisory authority to which the complaint was submitted is obliged to inform the customer about the procedural developments related to the complaint and its outcome, including whether the customer is entitled to a judicial remedy.
These rules are contained in Article 77 of the Regulation.
15. Right to an effective judicial remedy against the supervisory authority
15.1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons are entitled to an effective judicial remedy against the legally binding decision of the supervisory authority.
15.2. Without prejudice to other administrative or non-judicial legal remedies, all data subjects are entitled to an effective judicial remedy if the competent supervisory authority does not deal with the complaint or does not inform the data subject within three months of the procedural developments related to the submitted complaint or its result.
15.3. Proceedings against the supervisory authority must be initiated before the court of the Member State where the supervisory authority is based.
15.4. If proceedings are initiated against a decision of the supervisory authority in relation to which the Board previously issued an opinion or made a decision within the framework of the uniformity mechanism, the supervisory authority is obliged to send this opinion or decision to the court.
These rules are contained in Article 78 of the Regulation.
16. Right to an effective judicial remedy against the controller or data processor
16.1. Without prejudice to available administrative or non-judicial legal remedies, including the right to file a complaint with the supervisory authority, all data subjects are entitled to an effective judicial remedy if, in their opinion, their rights under this regulation have been violated as a result of the processing of their personal data not in accordance with this regulation.
16.2. Proceedings against the data controller or data processor must be initiated before the court of the Member State where the data controller or data processor operates. Such a procedure can also be initiated before the court of the Member State of the habitual residence of the person concerned, unless the data controller or the data processor is a public authority of a Member State acting in the capacity of public authority.
These rules are contained in Article 79 of the Regulation.
VI. CHAPTER
Legal basis for data management
Registration of data management:
For data management, Infotv. According to Section 5 (1) point a), on the basis of the voluntary consent of the person concerned (hereinafter referred to as the "Respondent"), as well as the CVIII of 2001 on certain issues of electronic commercial services and services related to the information society. takes place on the basis of law.
17.1. By using the service provided by the Data Controller, by registering, by using the Data Controller's website, by filling out some questionnaires, and by voluntarily providing their personal data, the Data Subject consents to data management.
17.2. The consent covers in particular the following data management operations: collecting, recording, recording, organizing, storing, changing, using, transmitting, disclosing, harmonizing or connecting, locking, deleting and destroying data.
17.3. The legal representative can give consent on behalf of a minor who has not reached the age of 14 and an otherwise incapacitated Data Subject. A minor who has reached the age of 14 but has not yet reached the age of 16, as well as a Data Subject with otherwise limited capacity to act, may give consent to data processing with the consent or subsequent approval of their legal representative. The Data Subject, a minor who has reached the age of 16, can give consent independently, the consent or subsequent approval of his legal representative is not required for the validity of his legal declaration. The Data Controller is not in a position to verify the authorization of the consenting person or to learn the content of the declaration of the legal representative, so the Data Subject or his/her legal representative guarantees that the consent complies with the law. When using the service, the Data Controller considers the appropriate consent of the legal representative to be given.
VII. CHAPTER
Purpose of data management
18.1. The purpose of data management:
NAIH-139012/2018. - introducing the Data Controller's services and products to customers, preparing, making and post-communication of portrait films, processing data for the purpose of servicing users, using related services, production of Video Portrait films, data processing under the name Magyarország Videós Arccképcsarnoka;
In this regard, the performance of administrative tasks related to these.
VIII. CHAPTER
Scope of managed data
19.1. In the case of individual data management purposes, the data management carried out by the Data Controller covers the personal data of the Data Subjects listed below:
NAIH-139012/2018. - introducing the Data Controller's services and products to customers, preparing, making and post-communication of portrait films, processing data for the purpose of servicing users, using related services, production of Video Portrait films, data processing under the name Magyarország Videós Arccképcsarnoka;
19.2. The Data Controller may anonymously collect additional demographic or business data from the Data Subjects, which - due to anonymity - are not considered personal data.
19.3. When using the Data Controller's website, the technical information sent by the Data Subject's browser is stored in the Server Log files.
IX. CHAPTER
Duration of data management
20.1. The processing of the Data Subject's personal data lasts from the date of communication of the data until the deletion of the data by the Data Controller.
20.2. In the case of individual data management purposes, the data management carried out by the Data Controller - in the absence of earlier deletion at the request of the Data Subject - covers the period specified below:
NAIH-139012/2018. - introducing the Data Controller's services and products to customers, preparing, making and post-communication of portrait films, processing data for the purpose of servicing users, using related services, production of Video Portrait films, data processing under the name Magyarország Videós Arccképcsarnoka;
from the date of communication of the data to the withdrawal of the Data Subject's consent tart.
20.3. -
20.4. Deletion from the database can also be done at the Data Subject's request, so data management - within the periods specified above - continues until the Data Subject specifically requests the Data Controller to delete his data.
20.5. The Data Controller shall delete the data no later than 30 (thirty) calendar days from the date of receipt of the Data Subject's request.
20.6. The above provisions do not affect the fulfillment of retention obligations defined by law, for example arising from accounting regulations. The data of the services used by the Data Controller's customers also appear on the invoice and other accounting documents, these data cannot be deleted due to accounting regulations.
CHAPTER X
Method of data management
21.1. The Data Subject communicates his/her personal data to the Data Controller by registering, using the Data Controller's website, filling out certain questionnaires, recording them in postal or electronic mail, and possibly in other unique ways.
21.2. The personal data of the Data Subjects are recorded separately according to the individual data management purposes.
21.3. The scope of those who have access to the personal data of the Data Subjects:
- employees of the Data Controller;
- employees of the Data Processors defined below;
- certain authorities in relation to the data requested by them during the official procedures and which must be provided by the Data Controller by law;
- employees of the claims management company commissioned by the Data Controller for the purpose of managing overdue debts;
- other persons based on the Data Subject's express consent.
21.4. The Data Controller undertakes an obligation of strict confidentiality with regard to the personal data it manages without any time limitation, and may not disclose them to a third party, unless the Data Subject consents.
XI. CHAPTER
Request for information, correction, deletion, blocking of data
22.1. The affected
-
you can request information about the management of your personal data;
-
you can request correction of your personal data;
-
you can request the deletion or blocking of your personal data;
-
you can object to the processing of your personal data.
22.2. The Data Controller only informs the Data Subject of Infotv. You can refuse in the cases specified in Section 9, Paragraph (1) and Section 19.
22.3. At the request of the Data Subject, the Data Controller provides information about the data it manages or processes by the Data Processors commissioned by it, the purpose, legal basis and duration of the data processing, the name and address of the Data Processors and their activities related to data processing, as well as who receives them and for what purpose, or received the data. The Data Controller is obliged to provide the information in writing within 30 (thirty) calendar days in the event of a request for this.
22.4. The Data Controller must correct personal data that does not correspond to reality.
22.5. Personal data must be deleted if
-
its handling is illegal;
-
the person affected by the data management requests the deletion of the data;
-
is incomplete or incorrect - and this state cannot be legally corrected - provided that deletion is not precluded by law;
-
the purpose of data management has ceased;
-
the statutory period for data storage has expired;
-
the deletion was ordered by the court or the National Data Protection and Freedom of Information Authority.
XII. CHAPTER
Legal remedy
23.1. The data subject is Infotv. You can object to the processing of your personal data for the reasons specified in § 21. In this case, the Data Controller is obliged to examine the objection within 15 (fifteen) calendar days from the submission of the request and to inform the applicant in writing of its result.
23.2. If the Data Subject does not agree with the Data Controller's decision, or if the Data Controller misses the deadline, the Data Subject may go to court within 30 (thirty) calendar days from the notification of the decision or the last day of the deadline.
23.3. In the event of a violation of his rights, the Data Subject may refer Infotv to a court, specifically to the competent court, the Capital Court in the capital. as defined in § 22.
23.4. You can also file a legal remedy with the National Data Protection and Freedom of Information Authority:
-
Name: National Data Protection and Freedom of Information Authority
-
Headquarters: 1024 Budapest, Szilágyi Erzsébet fasor 22/C.
-
Website:www.naih.hu
-
Phone: +36 (1) 391-1400
-
E-mail:ugyfelszolgalat@naih.hu
XIII. CHAPTER
Unilateral modifiability
24.1. The Data Controller reserves the right to unilaterally modify this data management information.
24.2. The Data Controller publishes the effective version of this data management information on its website. By using the service provided by the Data Controller, the Data Subject accepts the contents of the amended data management information sheet by referring to it.
Dated: Budapest, 2023. January 07
_________________________
PlusTvNews Kft.
Managing Director György Ferenc Both