Cookie Policy
on data processing on the interface / website
Imprint
This privacy notice (“Privacy Notice”) provides information about the processing of personal data carried out on the website https://prevotex.hu (“Website”) for certain purposes of processing, at the same time as the data is collected, in order to comply with our obligation to comply with Article 13 of the GDPR.
Privacy Notice the processing of personal data on the Website or in connection with online marketing activities is valid from 1st October 2021 until its withdrawal.
Personal data is any information or part of information relating to a natural person which can be used to identify the data subject, directly (e.g. by name) or indirectly (e.g. by means of a unique personal identifier). Personal data may include, for example: surname, first name, address, IP address, e-mail address, cookie / cookie ID placed by the browser on internet devices.
Persons under the age of 16 may not independently consent to the processing of their personal data. Therefore, in the case of a minor under the age of 16, the personal data of the minor and the consent to their processing are requested from the legal representative. The approval of the legal representative also includes full responsibility for the user activities of the person under the age of 16.
| !! If you are under 16: Do not enter your data on our Website yourself, do not give your consent to the processing of your data! Ask your parents to read this Privacy Notice and provide your data and consent to the processing of your data on your behalf! |
Visitors are reminded that if this information is changed, a notice will be posted on the Website (pop-up window).
Regulation governing matters not detailed in Privacy Notice:
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)(hereinafter referred to as “GDPR”).
Name and contact details of the controller:
Controller of the data processing:
Neve: PREVOTEX Hungary Ltd.
Represented by: Ádám Laczkó Executive Officer
(Executive contact: +36 30 411 6939, adam.laczko@prevotex.hu)
Seat of the data controller: Hungary – 1117 Budapest, Vegyész street 19-25.
Postal address: Hungary – 1117 Budapest, Vegyész street 19-25.
Email: info@prevotex.hu
Phone number: +36 30 343 4433
Homepage of the data controller: http://prevotex.hu
Hereinafter referred to as: “Data Controller”
The Data Controller performs the following processing activities in the course of providing its services:
A.1. Cookies information
The Website uses cookies.
We use cookies to personalize content and ads, to provide social functionality, and to analyze our website traffic. In addition, we share your website usage data with our social media, advertising and analytics partners, who may combine the data with other data you provide to them or collected from other services you use.
Cookies are small text files that a website can use to make the user experience even more effective. By law, we may store cookies on your device if this is absolutely necessary for the operation of our website. We need your consent to use all other types of cookies. This website uses various cookies. Some of the cookies that appear on our website are placed by our third party service providers.
We do not use or allow cookies on the Website that may result in third parties collecting data without the user’s consent.
Where this is done, the Data Controller will only use cookies that clearly identify what data is being processed through the cookie, for what purpose and for which third party.
Where this is done, the Data Controller will only use cookies that clearly identify what data is being processed through the cookie, for what purpose and for which third party. Cookies storing data recorded by the user / Website visitor, authentication session cookies, user-centric cookies, multimedia player session cookies, load balancing session cookies and session cookies for user interface customisation require prior information to the data subject, but do not require the data subject’s consent. Other cookies require the prior consent of the data subject.
With the express consent of the Website visitor as a data subject, we use cookies, tracking codes, metrics, identification solutions, pixels to display advertisements to users / Website visitors via Google, Facebook and LinkedIn. This also applies to the transmission of event data such as pageviews.
The processing takes place without human intervention.
The user can set their web browser to accept all cookies, reject all cookies, or notify the user when a cookie is received. The setting options can usually be found in the “Options” or “Settings” menu of the browsers. By disabling cookies, the user will find that without cookies, the website will not function fully. The detailed information on the English website www.aboutcookies.org will also help you with the settings in the different browsers.
Click on the following link to learn more about
- How to delete, disable or enable cookies in Google Chrome:https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=hu
- How to delete cookies in Firefox: https://support.mozilla.org/hu/kb/weboldalak-altal-elhelyezett-sutik-torlese-szamito
- How to delete, disable or enable cookies in Microsoft Edge: https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies
Google Ads Conversion Tracking
We use an online advertising platform called “Google Ads” and use Google’s conversion tracking service. Google Conversion Tracking is an analytics service provided by Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”). When a user accesses the Website through a Google ad, a conversion tracking cookie is placed on their computer. These cookies have limited validity. When a user / Website visitor browses certain pages of the Website and the cookie has not yet expired, both Google and the Data Controller may see that the user has clicked on the ad. Each Google Ads customer receives a different cookie, so they cannot be tracked through Ads customers’ websites. The purpose of the information obtained through conversion tracking cookies is to generate conversion statistics for Ads conversion tracking customers. This is how customers find out the number of users who clicked on your ad and were redirected to a page with a conversion tracking tag. If you do not wish to participate in conversion tracking, you can opt out by disabling cookies in your browser. It will then not be included in your conversion tracking statistics
Please note that this Service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without your having any right of legal remedy. The following is a list of the countries to which the data is transferred. This can be for various purposes, such as storage or processing: The United States of America.
More information and Google’s privacy statement can be found at: google.de/policies/privacy/
Google Analytics
Our websites use Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on a user’s computer, to help the website analyze how users use the site. The information generated by the cookie associated with a website you use is typically stored and stored on a Google server in the USA. By activating IP anonymization on the website, Google will abbreviate the User’s IP address within the Member States of the European Union or in other States party to the Agreement on the European Economic Area. The full IP address will be transmitted to and truncated to Google’s server in the U.S. only in exceptional cases. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google Analytics does not reconcile the IP address transmitted by the website visitor’s browser with other Google data. The user may prevent the storage of cookies by setting their browser properly, however, in this case, not all functions of our website may be fully available. You may also prevent Google from collecting and processing information about your use of the website (including your IP address) by cookies when a visitor downloads and installs a browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu. We also use Google Analytics to analyze traffic to our website for system development purposes. In this case, we do not collect personal information. We share such information with other Google services for development purposes.
We also use Google Analytics for marketing purposes with the consent of the website visitor as a data subject.
Please note that this Service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without your having any right of legal remedy. The following is a list of the countries to which the data is transferred. This can be for various purposes, such as storage or processing: The United States of America.
Facebook ads
We use Facebook’s advertising system as a Data Controller, and we also use the Facebook pixel solution within its framework. Facebook ads are a service of Facebook Inc. (4 Grand Canal Square, Dublin Ireland). When a user / Website visitor visits our Website, a cookie will be placed on their computer after consent. The validity of these cookies is limited. When a user browses certain pages of the Website and the cookie has not yet expired, both Facebook and the Data Controller can see which User has visited the Website and what pages they have viewed. Each visitor receives a different Facebook cookie. The purpose of the information, which we obtain through the use of Facebook cookies, is to enable us to display ads more accurately to our Website visitors and to provide us with conversion information. If a user / Website visitor does not wish to participate in conversion tracking, you can disable it by disabling the ability to set cookies in your browser. It will not be included in your visit or conversion tracking statistics thereafter. With the help of the cookie installed by the Facebook pixel, we also collect events, such as page visits, after the express consent of the visitors of our Website. If a Website visitor withdraws their consent to the operation of Facebook pixels, the associated cookies will be deleted from your browser after reloading the Website.
Please note that this Service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without your having any right of legal remedy. The following is a list of the countries to which the data is transferred. This can be for various purposes, such as storage or processing: The United States of America.
Within Facebook, the user can change their own advertising preferences via this link: https://www.facebook.com/ads/preferences. https://www.facebook.com/privacy
LinkedIn ads
LinkedIn Insight Tag
If you have given your consent, the LinkedIn Insight Tag conversion tracking and retargeting service will be used on this Website. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The service is for analytics, retargeting and marketing purposes. We use cookies for this purpose.
This list contains all (personal) data collected through or through this service.
Linking URL
IP address
Device information
Browser information
Timestamp
The information we obtain through the LinkedIn Insight Tag is designed to help us display ads more accurately to our Website visitors and to provide us with conversion information. If a user / Website visitor does not wish to participate in conversion tracking, you can disable it by disabling the ability to set cookies in your browser. It will not be included in your visit or conversion tracking statistics thereafter. With the express consent of our Website visitors, we also collect events such as page visits from visitors to our Website using a cookie installed by the LinkedIn Insight Member. If a Website visitor withdraws their consent to the operation of a LinkedIn Insight Member, the associated cookies will be deleted from your browser after reloading the Website.
Please note that this Service may transfer data outside the European Union and the European Economic Area and to a country that does not offer an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without your having any right of legal remedy. The following is a list of the countries to which the data is transferred. This can be for various purposes, such as storage or processing: The United States of America.
To read LinkedIn’s privacy policy, click here:
https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com
To read LinkedIn’s cookie policy, click here: https://www.linkedin.com/legal/cookie_policy?src=li-other&veh=www.linkedin.com
A.2. A.2. Server logging
Purpose of data processing:
The purpose of data processing is to check the operation of the services during the visit to the http://prevotex.hu Website, and to check the visitor data in order to prevent abuse.
Legal basis of the data processing:
Legitimate economic interest of the Data Controller in the security of the provision of services (Article 6 (1) (f) GDPR).
Recipients of personal data:
Data Controller staff and data processors (see: Data processors)
Data processors:
Websupport Magyarország Kft. (seat: 1132 Budapest, Victor Hugo street 18-22.) – Hosting service
Transfers of personal data to international organisations or third countries:
No data is transferred to a third country.
Information About Data Subject’s Rights
The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her and may object to the processing of such personal data.
Categories of personal data concerned:
The data generated and provided by the system, such as the date and time, as well as the visitor’s IP address, the name, version, and operating system. The system also logs information about which page the visitor came from.
The envisaged duration of the storage of personal data and the criteria for determining its duration:
Pending the obligation to erase, the exercise of the right to object or to be erased, or the erasure by the server hosting provider, but no later than 12 months after the contact.
A.3. Contact by e-mail
Purpose of data processing:
The purpose of the data management is to answer the questions asked in the message, to provide a contact point at info@prevotex.hu.
Legal basis of the data processing:
Your consent (Article 6 (1) (a) GDPR).
The data subject shall have the right to withdraw his or her consent at any time, at our previous contacts.
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Recipients of personal data:
Data Controller staff and data processors (see: Data processors)
Data processors:
Websupport Magyarország Kft. (seat: 1132 Budapest, Victor Hugo street 18-22.) – Hosting service
Infosector Kft. (seat: 2013 Pomáz, Kond street 14.) – System administrator (Microsoft 365 licence)
Microsoft Ireland Operations Limited Company (seat: Írország, D02 R296 Dublin 2, Sir John Rogerson’s Quay 70.)– Microsoft 365 mail, document storage services
Online ERP Hungary Kft. (seat: 1145 Budapest, Szugló street 9-15. 5. / 516.)– Odoo ERP system service (Online ERP Hungary Kft. the data is stored on Odoo’s IT system, which is located in Odoo SA’s Odoo Cloud system (Odoo S.A., seat: Chaussée de Namur, 40 Grand Rosière1367, Belgium). Physical location of servers: Google Cloud Provider, europe-west1-b zone, Belgium, Saint-Ghislain.
Transfers of personal data to international organisations or third countries:
Microsoft: Data is transferred to a third country.
Data available to a Microsoft mail or document storage service provider may also be transmitted through U.S. servers located in a third country.
Microsoft Ireland Operations Limited Company is a party to the Privacy Shield Agreement.
In the Schrems II judgment, the CJEU annulled EU Commission Decision 2016/1250 on the transfer of personal data to the United States (Privacy Shield). This means that European data controllers / data exporters who have previously worked with US service providers (eg newsletter sending, hosting) for which Privacy Shield has provided an adequate level of protection have lost this legal tool.
Without Privacy Shield, the use of SCCs is the only alternative legal remedy available that can be switched to in order not to have to discontinue / terminate the use of service providers in the United States.
The SCC and DPA (Data Processing Agreement) documents for Microsoft Ireland Operations Limited Company are available at:
On 15 January 2021, the EDPS and the EDPB adopted Joint Opinions on two sets of contractual clauses (SCCs). One opinion on the SCCs for contracts between controllers and processors and one on the SCCs for the transfer of personal data to third countries.
In addition, the EDPB and the EDPS stated that The Controller-Processor SCCs will have an EU-wide effect and aim to ensure full harmonisation and legal certainty across the EU when it comes to contracts between controllers and processors.
In general, the EDPS and the EDPB note that the draft SCCs present a reinforced level of protection for individuals but are of the view that several provisions could be improved or clarified.
The statement is available here:
https://edps.europa.eu/sites/edp/files/edpsweb_press_releases/edpb-edps_pressrelease_onsccs_en.pdf
Information About Data Subject’s Rights:
The data subject may request the Data Controller to access, rectify, delete or restrict the processing of personal data concerning him or her and his or her right to data portability.
Consequences of refusing data processing:
The provision of data is not obligatory, failure to provide it means that you will not be able to contact the Data Controller.
Categories of personal data concerned:
Surname and first name, e-mail address, other information provided by the data subject in the “message” and data generated and provided by the system, such as date and time.
The envisaged duration of the storage of personal data and the criteria for determining its duration:
Obligation to erase, withdrawal of consent, but not later than after the expiry of the limitation period.
A.4. Complaint handling
The user and other visitors to the Website can contact the Data Controller with their complaints or comments by sending an e-mail to the Data Controller’s e-mail address info@prevotex.hu or by sending a message on the Website within the menu page “Contact”. The person responsible can only take action in the event of complaints and comments that arise directly in connection with the service. The person responsible can only take action in the event of complaints and comments that arise directly in connection with the service.
Purpose of data processing:
The purpose of data processing is to fully investigate the data subject’s complaint.
Legal basis of the data processing:
Processing is necessary for compliance with a legal obligation (Article 6 (1) (c) GDPR), Section 169 paragraph (2) of the Act C of 2000 on Accounting, in the event of a complaint by the final consumer of the Consumer Protection Act, Section 17/A(7).
Recipients of personal data:
Data Controller staff.
Transfers of personal data to international organisations or third countries:
No data is transferred to a third country.
Information About Data Subject’s Rights:
The data subject may request the Data Controller to access, rectify, delete or restrict the processing of personal data concerning him or her and his or her right to data portability.
Consequences of refusing data processing:
Making a complaint / notification is voluntary, but for processed data, the data processing is covered by the the Consumer Protection Act.
Categories of personal data concerned:
Name, address, e-mail address, telephone number, data on the service or product used or affected by the complaint, details of the invoice, details of the complaint.
The envisaged duration of the storage of personal data and the criteria for determining its duration:
Obligation to erase, withdrawal of consent, however, at the latest after contact, at the end of the limitation period, that is, in the case of a written complaint, 5 years from the receipt of the complaint, 5 years from the date of the record of the oral complaint, in the case of an account, 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting.
A.5. Send newsletter / eDM
Purpose of data processing:
The purpose of data management is to promote and advertise the services and products of Prevotex Kft., to deliver its news, to present and advertise our service.
Legal basis of the data processing:
Consent of a natural person subscribing to our newsletter / eDM (Article 6 (1) (a) GDPR). Information About the Right to Withdraw Consent
The data subject shall have the right to withdraw his or her consent at any time, at our previous contacts. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Recipients of personal data:
Data Controller staff and data processors (see: Data processors)
Data processors:
The Rocket Science Group, LLC (675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA) – MailChimp Hosting and Newsletter Software
YourBrand Ltt. – YourBrand (seat: Hungary – 2161 Csomád, Levente street 14. A. building)– Marketing activity
Transfers of personal data to international organisations or third countries:
Email Newsletter Software: Data is transferred to a third country.
Data available to the operator of the MailChimp Hosting and Email Newsletter Software may also be transmitted through US servers located in a third country.
The Rocket Science Group, LLC is a party to the Privacy Shield Agreement.
In the Schrems II judgment, the CJEU annulled EU Commission Decision 2016/1250 on the transfer of personal data to the United States (Privacy Shield). This means that European data controllers / data exporters who have previously worked with US service providers (eg newsletter sending, hosting) for which Privacy Shield has provided an adequate level of protection have lost this legal tool.
Without Privacy Shield, the use of SCCs is the only alternative legal remedy available that can be switched to in order not to have to discontinue / terminate the use of service providers in the United States.
The operator of the newsletter program has switched to SCCs: these are in fact model contracts in the form of an EU Commission decision, which give data subjects the above-mentioned rights by imposing contractual obligations on the data importer that go beyond their own national law, including give those concerned the rights they would otherwise have in the EU under the GDPR.
The SCC and DPA (Data Processing Agreement) documents for Microsoft Ireland Operations Limited Company are available at:
Mailchimp and European Data Transfers: https://eepurl.com/dyikdv
On 15 January 2021, the EDPS and the EDPB adopted Joint Opinions on two sets of contractual clauses (SCCs). One opinion on the SCCs for contracts between controllers and processors and one on the SCCs for the transfer of personal data to third countries.
In addition, the EDPB and the EDPS stated that The Controller-Processor SCCs will have an EU-wide effect and aim to ensure full harmonisation and legal certainty across the EU when it comes to contracts between controllers and processors.
In general, the EDPS and the EDPB note that the draft SCCs present a reinforced level of protection for individuals but are of the view that several provisions could be improved or clarified.
The statement is available here:
https://edps.europa.eu/sites/edp/files/edpsweb_press_releases/edpb-edps_pressrelease_onsccs_en.pdf
Information About Data Subject’s Rights:
The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her, and to exercise his or her right to data portability.
Information on automatic decision making, including profiling:
After sending the news / eDM e-mail, Prevotex Ltd. monitors the activity of the subscribers in connection with the newsletter, such as opening it or, for example, whether the reader clicked on the link in the e-mail, thus assessing the reader’s interests and close topic groups, creating a profile for the reader to do so.
Prevotex Ltd. also informs its subscribers that by applying these activities it performs automated decision-making and profiling, in which case the data subject has the right to request human intervention from the Data Controller, as well as to express his / her opinion and object to the decision on our contacts.
Significance of the profiling used in subscribing to and sending out news / eDM mail and the consequences for the data subject: the data subject will receive content corresponding to his or her interests in the letters addressed to him or her.
Possible consequences of refusing to provide data: The person concerned may also receive content about the offers and news of Prevotex Ltd. and its partners that may not be of interest to him at all.
Consequences of refusing data processing:
The information is not obligatory, failure to provide it means that we will not be able to deliver our newsletter / eDM letter.
Categories of personal data concerned:
Surname and first name, e-mail address, and data generated and provided by the system, such as date and time, detailed information on whether the letters were opened or read.
The envisaged duration of the storage of personal data and the criteria for determining its duration:
Obligation to erase, withdrawal of consent, but not later than 18 months after the last act of activity.
A.6. Prize game
Our relevant competition policy and the relevant privacy notice will be published on the platform where the competition takes place and where the data subjects, i.e. those interested in the competition and participants, provide their data.
A.7. Data processing on social networking sites
We use social networking sites to keep in touch with people interested in our services, for example, we can see the name registered on Facebook/LinkedIn social networking platforms and the public profile picture of the user, if the person concerned has registered on these social networking platforms and has allowed the operator of the social networking platform to do so in his/her settings. The processing of data takes place on the social platforms, so the duration of the processing, the way in which the data are processed, and the possibilities for deleting and modifying the data are governed by the rules of the social platform concerned.
We publish our privacy notice for our social platforms, such as our Facebook page, LinkedIn profile, on the relevant social platform, on the interface where the data processing takes place and always where the data subjects, i.e. the users of the social platform or profile, provide their data.
On a social platform where the operator of the platform becomes a joint controller with the Data Controller, such as our Facebook page, we will also disclose the essential elements of the joint processing agreement on our social platform, taking into account the rules and possibilities of that platform.
Our Facebook page:
https://www.facebook.com/prevotex/
Our LinkedIn profile:
https://www.linkedin.com/company/prevotex/
Purpose of data processing:
The purpose of data processing is to promote the services of Prevotex Ltd., to advertise, to send news, to introduce yourself, to build community.
Legal basis of the data processing:
Consent of a natural person subscribing to our newsletter / eDM (Article 6 (1) (a) GDPR). Information About the Right to Withdraw Consent
You can withdraw your consent at any time by unfollowing / unliking the page, by deleting your post. The user can delete his/her own comments at any time. The withdrawal of consent does not affect the lawfulness of our prior processing.
Recipients of personal data:
Data Controller staff and data processors (see: Data processors), and the operator of the social platform, e.g. Facebook, the readers of the social platform’s message boards, news feeds, posts, etc., because users can see each other’s posts and learn different information about each other depending on the social platform’s rules and settings.
Information about the recipients of the data processed on the various social platforms is provided on the social platform interface.
- Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
- Facebook Inc. (4 Grand Canal Square, Dublin Ireland)
- LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland)
Transfers of personal data to international organisations or third countries:
Facebook Inc.: Data is transferred to a third country.
The SCC and DPA (Data Processing Agreement) documents of Facebook Inc. are available here:
https://www.facebook.com/about/privacy/update/printable
Google LLC.: Data is transferred to a third country.
The SCC and DPA (Data Processing Agreement) documents of Google LLC are available here:
https://cloud.google.com/terms/data-processing-terms
LinkedIn Ireland Unlimited Company: Data is transferred to a third country.
The SCC and DPA (Data Processing Agreement) documents of LinkedIn Ireland Unlimited Company are available here:
https://www.linkedin.com/legal/privacy-policy
Information About Data Subject’s Rights:
The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her, and to exercise his or her right to data portability.
The consequence of refusal to process:
Providing this information is optional, failure to do so will mean that we will not be able to contact you on our community portals.
Categories of personal data concerned:
We process data that varies from one social platform to another, depending on the structure and data management settings and policies of the social platform, which we provide detailed information about in our notice on the relevant social platform. In most cases, we will process the name used on the social platform and any data made public by the data subject, such as profile data, comments, likes, likes, etc.
The envisaged duration of the storage of personal data and the criteria for determining its duration:
Obligation to erase, withdrawal of consent.
Data processing is carried out on social platforms, so the duration of data processing, the method of data processing and the possibility to delete and modify data are governed by the rules of the relevant social platform.
A.8. Data processing related to surveys, questionnaires, feedback
The Data Controller may publish a questionnaire to assess satisfaction with its own services. The completion of these questionnaires and surveys and the sending of feedback is always voluntary, the provision of data is not mandatory.
Purpose of data processing:
The Data Controller, on a case-by-case basis, at its own discretion, intends to use questionnaires and surveys to assess the expectations and satisfaction of its customers / customers interested in its services or the Data Controller, and to adapt, provide and improve its services and product range in accordance with the needs based on the results.
The purpose of the processing is to collect information on specific issues, such as the quality of the services we provide to you, and for statistical purposes.
In many cases, questionnaires, surveys and opinion polls are filled in and answered anonymously. If we ask for your name and contact details in the survey, we will not use this information for any form of marketing without your consent.
Legal basis of the data processing:
The legal basis for the processing of the data provided in the questionnaire (hereinafter referred to as “Questionnaire Data”) is to pursue our legitimate interest in monitoring and improving our services to our users and, based on the results, in matching our services and their needs (Article 6 (1) (f) GDPR).
Recipients of personal data:
Data Controller’s staff and data processors (see: Data processors)
Data processors:
Websupport Magyarország Kft. (seat: 1132 Budapest, Victor Hugo street 18-22.) – Hosting service
Transfers of personal data to international organisations or third countries:
No data is transferred to a third country.
Information About Data Subject’s Rights:
The data subject may request the controller to access, rectify, erase or restrict the processing of personal data relating to him or her and may object to the processing of such personal data.
The consequence of refusal to process:
Providing this information is optional, failure to provide it will mean that we will not be able to take your views into account when improving and developing our services.
Categories of personal data concerned:
Questionnaire Data, ie information that you provide when completing a questionnaire or answering a survey or opinion poll, or when giving an assessment and opinion. The Questionnaire Data may include your full name, exact address, e-mail address and other personal information and information provided during the completion of the questionnaire (such as the date and content of the evaluation, the service evaluated, the answer to the question).
The envisaged duration of the storage of personal data and the criteria for determining its duration:
Personal data collected by answering the questionnaire surveys will be deleted within 3 years from the date of the submitted or answered questionnaire, the other data will be stored anonymised for statistical purposes.
Adequate security
In designing the security system of the Data Controller, it took into account the state of science and technology, the nature, scope, circumstances, purposes of the data processing, and the varying probability and severity of the risk to the rights and freedoms of natural persons.
The Data Controller, together with the server operators, shall ensure the security of the data by technical, organisational and organisational measures that provide a level of protection appropriate to the risks associated with the processing. The data shall be protected against unauthorised access, alteration, disclosure, transmission, disclosure, erasure or destruction and against accidental destruction or accidental damage.
In order to ensure the security of personal data stored on the computers or network of the Data Controller, the data can only be accessed with a valid, personal, identifiable authorisation, at least with a user name and password, and the Data Controller will regularly ensure that passwords are changed.
What do Data Subject’s Rights?
We welcome your questions and requests regarding the processing of your personal data
by post:
PREVOTEX Hungary Ltd.
Hungary – 1117 Budapest, Vegyész street 19-25.
by e-mail: info@prevotex.hu
or
by telephone: +36 30 343 4433
Data subjects may exercise the following rights throughout the processing:
Right of access by the data subject
The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data, and request an electronic copy.
Right to rectification
The data subject may request the rectification of his or her personal data.
Right to erasure (‘right to be forgotten’)
The Data Controller erase the personal data if its processing is illegal, the data subject requests it, the processed data is incomplete or incorrect – and this condition cannot be legally remedied – provided the deletion is not excluded by law, the purpose of data processing is terminated or expired, it was ordered by a court or the National Data Protection and Freedom of Information Authority.
Right to restriction of personal data
Where appropriate, the data subject may request the restriction of processing pending the outcome of their request.
For example, if you object to processing based on legitimate interests or question the accuracy of the data processed.
Objection to the processing of personal data
The data subject may object to processing based on legitimate interest. In this case, the processing shall cease, except where the processing is justified by compelling legitimate grounds which override the rights of the data subject or where the processing is necessary for the establishment, exercise or defence of legal claims.
Data portability
For processing based on the consent of the data subject or the performance of a contract, the data subject has the right to data portability. On this basis, the data subject is entitled to receive personal data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable format and to transmit these data to another controller without hindrance from the controller to which he or she has provided the personal data. You may also request the transfer of your personal data to another controller. However, the exercise of this right must not adversely affect the rights and freedoms of others.
Automated decision-making and profiling
The data subject has specific rights in the case of automated decision-making or profiling. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Procedure of the Data Controller
The controller shall, without undue delay and at the latest within one month of receipt of the request, inform the data subject of the measures taken or the reasons for non-action. If the application is complex, the deadline may be extended by a further two months. Information and action are free of charge, except for clearly unfounded or excessive requests. Copies of the personal data processed will be free of charge in the first case, and we will charge a fee equal to our costs for any further copies.
Legal remedies:
The national supervisory authority in Hungary is Nemzeti Adatvédelmi és Információszabadság Hatóság
H-1055 Budapest,
Falk Miksa street 9-11.
Postal address: 1363 Budapest, Pf. 9. 9.
Phone: +36 (1) 391-1400
ugyfelszolgalat@naih.hu
The data subject may also take the controller to court if his or her rights are infringed.
The court has jurisdiction to hear the case. The lawsuit may also be brought, at the choice of the data subject, before the court of the place of residence of the data subject (for a list of courts and their contact details, please consult the following link: http://birosag.hu/torvenyszekek).
Dated: Budapest, 18 Marc 2024
Prevotex Ltd.
