I. GENERAL PROVISIONS
The purpose of the prospectus is to provide Green Solartech Ltd. (‘ The Data Controller ‘) shall act in accordance with the provisions of this Privacy notice in the processing of personal data in all areas of the services provided. The Data Controller is committed to protecting the personal data of its users and/or its clients, and considers that it is of utmost importance to respect the rights of its customers. The Data Controller treats personal data confidentially and will take all security, technical and organisational measures to ensure the highest possible level of security of the personal data processed. The data Controller protects personal data by appropriate measures against unauthorised access, alteration, transmission, disclosure, erasure or destruction, and accidental destruction or damage.
The Data controller Has, in particular, taken into account the provisions of article 2011 on Information self-determination and freedom of information when designing these rules. CXII. (‘ The Infotv. ‘) and Regulation (EU) 2016/697 of the European Parliament and of the Council (“GDPR regulation”).
The Prospectus shall enter into force on the date of publication on the data Controller’s website. The Date of publication is 2019. April 05 Day. The Data Controller reserves the right to unilaterally modify the Privacy notice without prior notification to users.
The Data Controller only manages the information provided by users or specified by law for the purposes specified below. In the case of data treatments based on voluntary consent, the user may withdraw this consent at any given session. The scope of the personal data processed must be proportionate to the purpose of the processing and may not extend beyond that.
The Data Manager does not check the personal data provided to him. The user is responsible for the correctness and veracity of The information provided by the User. The data Controller is not responsible for any damage resulting from erroneous or deliberately incorrect data, even if it could have detected the mistaken nature of the information.
Personal data may be handled by the Controller only by authorized personnel, as described in this leaflet. The data Controller does not disclose the personal data it manages to any third party other than the Data Processors specified in the prospectus. The Data Processors shall be entitled to act only in accordance with the contract concluded with the Data controller and the instructions given to it. Data Processors Are entitled to use an additional Data processor only with the consent of the controllers.
Ii. Principles for The processing of personal data
- Should be handled lawfully and fairly and in a transparent manner for the data subject (‘ legality, fairness and transparency ‘);
- Collected for specific, explicit and legitimate purposes and not treated in a manner incompatible with those purposes; 89. In accordance with paragraph 1 of this article, further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes shall not be considered as incompatible with the original purpose (“Purpose limitation”);
- They must be appropriate and relevant for the purposes of the processing and should be limited to what is necessary (“data minima”);
- They must be accurate and, where necessary, kept up to date; All reasonable measures must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or corrected promptly (“accuracy”);
- Kept in a form which permits identification of data subjects only for the time necessary to achieve the purposes for which the personal data are processed; The storage of personal data for a longer period of time may only take place if the processing of personal data is limited to 89. For archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes, in accordance with paragraph 1 of this article, the appropriate technical and Subject to the implementation of organisational measures (‘ limited storage ‘);
- Should be handled in such a way as to ensure adequate security of personal data, unauthorised or unlawful processing, accidental loss, use of appropriate technical or organisational measures, Destruction or damage to the environment (“integrity and confidentiality”).
The Controller is responsible for compliance and must be able to justify such compliance (“accountability”).
|Name of Data Controller:||Green Solartech LTD.|
|Head Office/Mailing address:||1133 Budapest, Ipoly Street 3. 4th Floor 407.|
|Company Registration number|
01 09 301708
|Phone number:||+36 30 964 9900|
Iv. INTERPRETATIVE PROVISIONS
Personal Data: Any data on the basis of which a natural person can be identified;
“Any information relating to an identified or identifiable natural person (data subject); The natural person who is directly or indirectly identifiable, in particular by an identifier such as a name, number, location data, online identification or a natural person’s physical, physiological, genetic, intellectual, economic, cultural, Identifiable by one or more factors relating to the social or economic identity of the [General Data Protection Regulation Article 4].
Affected (user): Any specific natural person identified or identifiable, directly or indirectly, on the basis of personal data.
Consent concerned: The voluntary, explicit and unambiguous consent of the data subject for the processing of personal data or data;
“means the voluntary, specific and appropriate informed and unequivocal expression of the will of the data subject by means of the declaration concerned or by an unambiguous act of affirmativeness to give its consent to the Processing of personal data ” [General Data Protection Regulation Article 4].
Data Management means any operation carried out with personal information, e.g.: recording, categorisation, alteration, transmission, deletion;
“Any operation or set of operations performed on personal data or data files by automated or non-automated means, such as collection, recording, organizing, outage, storage, adaptation or alteration, retrieval, consultation, By use, communication, transmission, dissemination or otherwise making available, alignment or interconnection, restriction, erasure or destruction “ [General Data Protection Regulation Article 4].
Data Controller: A natural or legal person who, alone or jointly with others, determines the purposes and means of the processing, in the case of services referred to In this Prospectus, Green Solartech Kft. Considered
“means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; Where the purposes and means of the processing are determined by union or Member State law, the controller or the specific aspects relating to the designation of the controller may be defined by union or Member State law ‘. [General Data Protection Regulation Article 4].
“Data processor” means the natural or legal person, public authority, agency or any other body which manages personal data on behalf of the controller ‘ [Article 4 of the General Data Protection Regulation]; In the case of services referred to in this Prospectus, data processors may be: Magyar Posta Zrt.;
Data breach: An incident in which personal data held by the controller may be damaged, destroyed, and unauthorized access by unauthorised persons;
“A security breach which results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to personal data transmitted, stored or otherwise handled” [General Data Protection Regulation Article 4].
Website: The https://greensolartech.hu/Web site operated By the data manager and the subpages of this website.
Service (s): Services operated By the data manager and provided by The data controller, which are available on the website.
V. SCOPE, LEGAL BASIS, PURPOSE AND DURATION OF PERSONAL DATA PROCESSED
- Personal data entered in a Contact form, consultation request form
Purpose OF Data processing
It Is required for contact and connection, and for user identification.
Required For contact or contact.
It Is required for contact and connection, and for user identification.
Required For contact or contact.
Perform a Technical operation.
Legal basis for data Processing
The legal basis for the processing of personal data provided in The contact and consultation form is the voluntary consent of the person concerned.
Duration of data Processing
The duration of The processing shall be until the data subject’s consent is withdrawn or a cancellation request or until the Data manager has completed its operation.
- Hosting Provider/IT service provider
Name of data Processor:
Storage Park Ltd.
1122 Budapest, Gaál József Road 24.
Company Registration number
I have (https://tarhelypark.hu/aszf/)
Activity with Data Processing:
Hosting Service, Server service, domain service.
Data processed by The Processor:
Affected Network Identity: The IP address of your computer and the software environment used by the Affected area, the time of your visit, and the address of the pages you are viewing.
Scope Of Data subjects:
Natural persons who Are searching for the website.
Purpose Of Data processing:
Ensure The functionality of the website.
Duration of Data processing,
Deadline for deletion of data:
The data recorded by the hosting service provider will be stored for 30 days and will then be retained as a usage statistic only in anonymised form.
Legal basis For Data processing:
Consent of THE data subject.
Vii. COOKIES (COOKIES)
A cookie or cookie means a file or piece of information that is saved by the user’s Internet browser and stored on the user’s computer. Cookies collect information about the visitors of the website and their devices, on the one hand, and remember the individual settings of the visitor that will be used later.
For tailor-made service, the operator of the data Controller or website is a small data package, called the user/data subject’s consent, on the user’s computer. Cookie and reads back during the subsequent visit. If The browser sends back a previously saved cookie, the operator who manages the cookie has the possibility to link the user’s current visit with the previous one, but only with respect to its content. Cookies make it easier to use the website by improving the user experience. In the Light of the fact that the data recorded by cookies cannot be combined with personal data, so that cookies are not processed by the data Controller. Data management Is for statistical purposes only
The operator of The website will be able to place and analyse cookies only if the visitor (data subject) gives the consent of the site when the website is loaded, thereby allowing the analysis. The legal basis for The processing is therefore the voluntary consent of the data subject.
The Data Controllers system automatically records the following information after accepting cookies:
-IP address of the Connected computer;
-Date and time of Visit;
-HTTP response code;
-Page custom settings;
-Operating system and version number;
-Browser and version number;
You can distinguish between the following types Of cookies:
Session/Staging cookies are designed to allow visitors to browse the Data manager’s website completely and seamlessly, use its functionalities and the services available there. The validity period of these types of cookies lasts until the session (browsing) is complete, when you close the browser, this type of cookie is automatically deleted from your computer or other device used for browsing.
Stored/persistent cookies are cookies that are used every time the user visits the page. The persistent cookies required For analysis show how the user visited the site and what pages and products were viewed, what he did. Depending on The lifetime of the cookie, it remains on the client machine. You can use features such as Google Analytics. These cookies do not contain any personal information and are not suitable for you to identify the visitor.
Viii. GOOGLE ADWORSD, GOOGLE ANALYTICS, FACEBOOK
The Data Manager uses Google Analytics as a third party cookie on its website. By using Google Analytics for statistical purposes, the Data manager collects information about how visitors use the website. Based on The information saved by cookies, Google will evaluate how the User has used the site, and will provide the website operator with reports related to the website activity. The data Is used to improve the website development and user experience. These cookies also remain on the site of the visitor’s computer or other device used for browsing until they expire, or until the visitor deletes them. The duration of cookies created by Google Analytics is 30 days.
A sütik tárolását a felhasználó a böngészőjének megfelelő beállításával megakadályozhatja, azonban ebben az esetben előfordulhat, hogy a honlap minden funkciója nem lesz teljes körűen használható. A felhasználó megakadályozhatja, hogy a Google gyűjtse és feldolgozza a sütik általi, a felhasználó weboldalhasználattal kapcsolatos adatait – beleértve az IP-címet is –, ha letölti és telepíti a következő linken elérhető böngésző plugint. https://tools.google.com/dlpage/gaoptout?hl=hu
Az Adatkezelő a Facebook és a Google AdWords hirdetési rendszerein keresztül úgynevezett remarketing hirdetéseket futtat. Ezek a szolgáltatók cookie-k, webes jelzők és hasonló technológiák használatával gyűjthetnek vagy kaphatnak adatokat az Adatkezelő weboldaláról és egyéb internetes helyekről. Ezeknek az adatoknak a felhasználásával mérési szolgáltatásokat nyújtanak, illetve hirdetéseket tesznek célzottá. Az így célzott hirdetések a Facebook és a Google partnerhálózatában szereplő további weboldalakon jelenhetnek meg. A remarketing listák a látogató személyes adatait nem tartalmazzák, személyazonosításra nem alkalmasak.
Az Adatkezelő a sütiket felhasználja arra, hogy a potenciális felhasználók felé a Google és a Facebook útján egyénre szabott reklámokat jelenítsen meg.
IX. Az adatkezelés biztonsága
Az adatkezelő és az adatfeldolgozó a tudomány és technológia állása és a megvalósítás költségei, továbbá az adatkezelés jellege, hatóköre, körülményei és céljai, valamint a természetes személyek jogaira és szabadságaira jelentett, változó valószínűségű és súlyosságú kockázat figyelembevételével megfelelő technikai és szervezési intézkedéseket hajt végre annak érdekében, hogy a kockázat mértékének megfelelő szintű adatbiztonságot garantálja, ideértve, többek között, adott esetben:
- a személyes adatok titkosítását;
- a személyes adatok kezelésére használt rendszerek és szolgáltatások folyamatos bizalmas jellegének biztosítását, integritását, rendelkezésre állását és ellenálló képességét;
- fizikai vagy műszaki incidens esetén az arra való képességet, hogy a személyes adatokhoz való hozzáférést és az adatok rendelkezésre állását kellő időben vissza lehet állítani;
- az adatkezelés biztonságának garantálására hozott technikai és szervezési intézkedések hatékonyságának rendszeres tesztelésére, felmérésére és értékelésére szolgáló eljárást.
Az érintett tájékoztatása az adatvédelmi incidensről:
- Ha az adatvédelmi incidens valószínűsíthetően magas kockázattal jár a természetes személyek jogaira és szabadságaira nézve, az adatkezelő indokolatlan késedelem nélkül tájékoztatja az érintettet az adatvédelmi incidensről.
- Az érintett részére adott tájékoztatásban világosan és közérthetően ismertetni kell az adatvédelmi incidens jellegét, és közölni kell az adatvédelmi tisztviselő vagy a további tájékoztatást nyújtó egyéb kapcsolattartó nevét és elérhetőségeit; ismertetni kell az adatvédelmi incidensből eredő, valószínűsíthető következményeket; ismertetni kell az adatkezelő által az adatvédelmi incidens orvoslására tett vagy tervezett intézkedéseket, beleértve adott esetben az adatvédelmi incidensből eredő esetleges hátrányos következmények enyhítését célzó intézkedéseket.
Az érintettet nem kell tájékoztatni, ha a következő feltételek bármelyike teljesül:
- The Controller has implemented appropriate technical and organisational protection measures and these measures have been applied in respect of the data covered by the personal data breach, in particular those measures, such as encryption Which render the data unintelligible to persons not authorised to access personal data;
- The controller has taken additional measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;
- The information would require a disproportionate effort. In Such cases, the data subjects shall be informed by publicly disclosed information or a similar measure shall be taken to ensure similarly effective information to those concerned.
IF the controller has not yet informed the data subject of the breach, the supervisory authority, after considering whether the personal data breach is likely to entail a high risk, may order the information of the person concerned.
X. DATA PROTECTION OFFICER
Data protection officer has not been designated. The Data Controller does not constitute a public authority or body with a public mission, its activities do not involve an operation which requires systematic and systematic high-level monitoring of users, and The data Controller does not handle any sensitive data or personal data relating to decisions and offences relating to criminal liability, so the data Controller is not obliged to designate a data protection officer.
Xi. RIGHTS OF DATA SUBJECTS
Right Of access
The data subject may request that the processing of his/her personal data is ongoing and, if so, what personal data of the data Controller, on what legal basis, for what processing purpose, from which source, how long it is handled. The data Controller shall send information to the request, without delay, but within a maximum of 30 (thirty) days, to the e-mail address provided to the data subject, or to the correspondence addresses requested by the person concerned. The data Controller Shall provide the information in a concise, transparent, comprehensible and clear manner.
Right to Rectification
The data subject may ask the Controller to correct, amend or supplement the incomplete data. The Data Manager will promptly and within 30 (thirty) days of the request to do so, provide information about the availability of the data (s) and the e-mail address requested by the person concerned.
Right to Erasor
The data subject may request the deletion of the information (s) relating to him, If the data subject withdraws his consent with respect to the information processed on the basis of the consent, the personal data processed will be erased. The Data Manager will promptly and within 30 (thirty) days of the deletion of the information, provide information about the availability of the data (s), and the email address requested by the person concerned.
We will also delete The personal data of the data subject if it is unlawful for the purposes of the processing, if it is incomplete or incorrect, and this condition cannot legitimately be corrected – provided the deletion is not ruled out by law – or when the personal data are stored Statutory deadline has expired, it has been ordered by the court or the Data Protection Supervisor.
Right to restriction Of processing
If one of the following cases is met, The data subject may request that the data controller restrict the processing:
-The person concerned disputes the accuracy of the personal data, in which case the restriction relates to the period of time that allows the controller to verify the accuracy of the personal data;
-the processing is unlawful and the data subject opposes their erasure and requests instead to restrict their use;
-The controller no longer needs personal data for the purposes of processing, but the data subject requires them to present, enforce or defend legal claims;
-The data subject has objected to the processing, in which case the restriction relates to the period until it is established that the legitimate grounds of the controller prevail over the legitimate grounds of the data subject.
Right to Data Portability
The data subject shall have the right to receive the personal data concerning him or her which he has made available to the data Controller in a structured, commonly used and machine-readable format and to transmit that information to another controller.
Right to Object
The data subject shall have the right to object to the processing. The Data controller shall examine the objection as soon as possible and within 15 days of the submission of the application and take a decision on its merits. You will be informed of the decision to contact the request for e-mail, or to the mailing address requested by the data subject.
Xii. POSSIBILITIES FOR ENFORCEMENT OF DATA
In the event of a breach of its rights, the data subject may bring a court action against the Controller or its activities. The Court acts in the case. The litigation is subject to judicial jurisdiction. The Court is acting out of line. The court in which the controller is domiciled shall be competent but may be brought before the Tribunal of the place of residence or residence of the data subject, at the choice of the data subject.
The data subject may complain to the data Controller or to the National Privacy and Information Authority. The Office’s contact details are as follows:
National Authority for Data Protection and Freedom of Information
Head Office: 1125 Budapest, Szilágyi Erzsebet Avenue 22/C.
Mailing Address: 1530 Budapest, Pf.: 5.
Phone: 06 (1) 391-1400
Fax: 06 (1) 391-1410