Privacy notice

1. Introduction

The purpose of this Privacy Policy is to set out the data management principles and policies of HC Linear Technical Development Ltd (hereinafter referred to as the "Data Controller"), which the company, as the Data Controller, recognizes as binding.

In drafting the provisions of this Privacy Notice, the Data Controller has taken particular account of the provisions of Regulation 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation" or "GDPR"), the provisions of the 2011 Act on the Right to Information Self-Determination and Freedom of Information. Act No. CXII of 2013 ("Infotv."), Act No. V of 2013 on the Civil Code ("Civil Code") and Act No. XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising Activities ("Act No. Grtv.").

The Data Controller reserves the right to change this information at any time and will notify customers of any changes in a timely manner. If the data subject has any questions which are not clear from this notice, he or she may contact the Data Controller at the contact details of the Data Controller, where the Data Controller's staff will answer them to the best of their ability. While the Data Controller is committed to maintaining the highest quality of service, it shall not be liable for any damages resulting from the use of the system. The Data Controller is committed to protecting the personal data of its partners and users, and attaches the utmost importance to respecting the right to information privacy of its customers. The Data Controller treats personal data confidentially and takes all security, technical and organisational measures to guarantee the security of the data.

This Policy and the information on the use of the Website may be amended by the Data Controller from time to time, unilaterally and without prior notice, for various updates. In this regard, it is recommended that you visit the Website regularly and monitor the acceptability of changes.

 

2. Data Controller

Data Controller Name: HC Linear Műszaki Fejlesztő Kft.

Headquarters: H-7624 Pécs, Őz utca 5.

Tax number: 10467701-2-02

Company registration number: 02 09 060132

Registering authority: Cégbírósága Cégbírósága of Pécs General Court

Date of registration: 29.11.2007.

Email: info@hclinear.hu

Contact details of the Privacy Notice: http://www2.hclinear.hu/en/privacy-notices

 

3. Definitions

3.1. Personal data

Any data that can be associated with a specific (identified or identifiable) natural person (data subject), the inference that can be drawn from the data concerning the data subject. The personal data shall retain this quality during processing for as long as the link with the data subject can be established. In particular, a person may be regarded as identifiable where he or she can be identified, directly or indirectly, by reference to a name, an identification mark or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.

3.2. Registration system

A set of personal data, disaggregated by any means - centralised, decentralised, functional or geographical - that is accessible on the basis of specific criteria.

3.3. Data Controller

The natural or legal person or unincorporated body which determines the purposes for which the data are to be processed, takes and implements the decisions concerning the processing (including the means used) or has the processing carried out by a processor on its behalf.

3.4. Data processor

The natural or legal person or unincorporated body that processes personal data on behalf of the Controller.

3.5. Recipient

The natural or legal person, public authority, agency or any other body with whom or to which the personal data are disclosed, whether or not a third party. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients. The processing of those data by those public authorities should be in accordance with the applicable data protection rules for the purposes for which the data are processed.

3.6. Contact

Any specified natural person who is identified or identifiable, directly or indirectly, on the basis of personal data.

3.7. Third party

A natural or legal person or unincorporated body other than the data subject, the controller or the processor.

3.8. Client

A Data Subject who uses a service of the Data Controller.

3.9. User

All natural persons who contact the Data Controller visit its website.

3.10. Data management

Regardless of the process used, any operation or set of operations which is performed on the data, such as collection, recording, recording, organisation, storage, alteration, use, disclosure, transmission, alignment or combination, blocking, erasure and destruction, and prevention of further use of the data. Processing also includes the taking of photographs, audio or video recordings and the recording of physical characteristics that can be used to identify a person (e.g. fingerprints, palm prints, DNA samples, iris scans).

3.11. Profiling

Any form of automated processing of personal data whereby personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with the performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person.

3.12. Renaming

The processing of personal data in such a way that it is no longer possible to identify the natural person to whom the personal data relates without further information, provided that such further information is kept separately and technical and organisational measures are taken to ensure that no link can be established between the personal data and identified or identifiable natural persons.

3.13. Data processing

Carrying out technical tasks related to data processing operations, regardless of the method and means used to carry out the operations and the place of application.

3.14. Contribution

A voluntary and explicit expression of the Data Subject's wishes, based on appropriate information, and giving his or her unambiguous consent to the processing of personal data concerning him or her, either in full or in relation to specific operations.

3.15. Data protection incident

A breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

3.16. Protest

A declaration by the Data Subject objecting to the processing of his or her personal data and requesting the cessation of processing or the erasure of the processed data.

3.17. Data transmission

If the data is made available to a specified third party.

3.18. Data deletion

Making data unrecognisable in such a way that it is no longer possible to recover it.

 

4. Principles of data management

The processing of personal data is lawful only if and to the extent that at least one of the following conditions is met:

•     the Data Subject has given his or her consent to the processing of his or her personal data for one or more specific purposes;
•     processing is necessary for the performance of a contract to which the data subject is a party or for the purposes of taking steps at the request of the data subject prior to entering into the contract;
•     processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
•     processing is necessary for the protection of the vital interests of the Data Subject or of another natural person;
•     the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
•     processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, unless those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

    

The Data Controller shall process personal data in accordance with the principles of good faith, fairness and transparency and in accordance with the provisions of applicable law and this Privacy Notice.

The Data Controller shall use personal data on the basis of the consent of the Data Subject or for the performance of a contract, only for the purpose for which it is intended.

The Controller processes personal data only for the purposes set out in this Privacy Notice and in the applicable legislation. The scope of the personal data processed is proportionate to the purpose of the processing. In all cases where the Controller intends to use the personal data for a purpose other than that for which they were originally collected, the Data Subject shall be informed thereof and shall obtain his or her prior explicit consent or be given the opportunity to object to such use.

The Data Controller does not verify the personal data provided, and the Data Subject providing the data is solely responsible for their correctness.

The personal data of a Data Subject who is under the age of 16 may be processed only with the consent of the person who is the legal guardian of the Data Subject. The Data Controller is not able to verify the eligibility of the person giving consent or the content of the consent, so the Data Subject or the person who is the legal guardian of the Data Subject warrants that the consent is in accordance with the law. In the absence of a declaration of consent, the Data Controller does not collect personal data relating to Data Subjects under the age of 16, except for the IP address used when using the service, which is automatically recorded due to the nature of the Internet services.

The Data Controller shall not transfer the personal data it processes to third parties other than the Data Processors specified in this Privacy Notice. An exception to this provision is the use of data in aggregated statistical form, which does not contain any other form of data that can identify the Data Subject and therefore does not constitute processing or transfer. In certain cases, the Data Controller may make available to third parties the personal data of the Data Subject that are accessible to the Data Subject, in response to a formal judicial or police request, legal proceedings, or in case of infringement or reasonable suspicion of infringement of copyright, property rights or other rights, or in case of prejudice to the interests of the Data Controller, or in order to jeopardise the provision of services, etc.

 

The Data Controller shall ensure the security of personal data, take technical and organisational measures and establish procedural rules to ensure that the personal data recorded, stored or processed are protected and to prevent their accidental loss, unlawful destruction, unauthorised access, unauthorised use, unauthorised alteration or unauthorised disclosure. The Data Controller shall require all third parties to whom it transfers personal data to comply with this obligation.

In view of the relevant provisions of the GDPR, the Data Controller does not appoint a Data Protection Officer.

The service provider is considered a data processor with regard to the data collected on the websites and webshops of customers using its services, and does not perform data processing in this regard. The Client, as Data Controller, can provide information on the scope of personal data processed in this way, the purpose, title and duration of the processing, and the Client is solely responsible for the processing of these data.

 

5. Scope of personal data processed, purpose, legal basis and duration of processing

5.1. Website visitor data, logs

When visiting its own websites, the Data Controller records the IP address of Users, the time of the visit and the address of the page viewed. The Data Controller uses the data to operate a security system, to detect errors, to clarify disputes and to prove abuse. The data will be deleted after 2 months. The Data Controller does not use personally identifiable cookies on its own websites.

5.2. Customer service

The Data Controller provides a customer service for Users. The User gives his/her consent to the processing of his/her personal data, depending on the form of the request. Incoming e-mails, telephone calls, messages sent using the contact forms on the website, online chats together with all data voluntarily provided will be recorded by the Data Controller, stored for a maximum of 5 years and used in connection with the provision of the service.

5.3. Job application

The Data Controller provides the possibility to apply for a job on its website. Data requested when applying: name, telephone number, email address, CV. The personal data provided will be stored electronically until consent is withdrawn at the latest.

 

6. Other data processed by the Data Controller

In order to provide the service, the Data Controller places a data package (so-called "cookie") on the User's computer, the primary purpose of which is to identify the process and load balancing. All cookies are necessary for the basic operation of the website and are not personally identifiable. The User can delete the cookie from his/her computer or set his/her browser to disable the use of cookies. By disabling the use of cookies, the User acknowledges that without a cookie, the functionality of the site is not fully functional. The Data Controller uses the following cookies:

•     SESS* - process identifier, end of session
•     SESSCookieAlert - cookie alert acknowledgement, 365 days
•     Google Analytics - pseudonymised statistics
•     Facebook - related to the Facebook pages of the Websites

 

7. Method and security of data processing

 

The Data Controller processes and stores all personal data electronically and no paper copies of personal data are made. The Data Controller's computer systems and other data storage devices are located at its headquarters (H-7632 Pécs, Őz utca 5.).

The Data Controller undertakes to apply appropriate technical and organisational measures to the full extent of its processing activities, taking into account the state of science and technology and the costs of implementation, the nature, scope, context and purposes of the processing and the varying degrees of probability and severity of the risk to the rights and freedoms of natural persons. The Data Controller shall take appropriate measures to protect the data against, in particular, unauthorised or unlawful access, alteration, disclosure, transmission, disclosure, loss, deletion or destruction, accidental destruction, alteration or damage and inaccessibility resulting from changes in the technology used. The Data Controller shall process the data using a level of data security consistent with current industry best practice, the GDPR, applicable Hungarian law and any other data protection and data security legislation. In the event of loss of data due to the fault of the Data Controller, the Data Controller shall restore the data free of charge.

Electronic messages transmitted over the Internet, regardless of the protocol (email, web, ftp, etc.) are vulnerable to network threats that could lead to fraudulent activity, contract disputes or the disclosure or modification of information. The Data Controller will take all reasonable precautions to protect against such threats. It monitors systems in order to record and provide evidence of any security incidents. System monitoring also allows the effectiveness of the precautions taken to be checked.

 

8. Who can access the data, data transfers, data processing

The data are primarily accessible to the Data Controller and its internal staff, but are not disclosed or made available to third parties, except to data processors and cooperating external service providers.

The Data Controller may use a data processor or cooperate with external service providers to fulfil orders, ensure the operation of services and settle accounts.

 

8.1. External service providers, recipients

In order to provide the service, the Data Controller may cooperate with and transfer personal data to external data controllers, which are. The Controller is not responsible for the data processing practices of external service providers.

• Internet Service Providers Council, H-1132 Budapest, Victor Hugo u. 18-22.
• Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
• Google LLC., 18 Lower Leeson Street, Dublin 2, DO2 HE97, Ireland

 

9. Rights of the Data Subject

9.1. Right of access

The Data Subject has the right to receive feedback from the Data Controller as to whether or not his or her personal data are being processed and, if such processing is taking place, the right to access his or her personal data and the information listed in the Regulation.

9.2 Right to rectification

The Data Subject shall have the right to obtain from the Data Controller, upon his or her request, the rectification of inaccurate personal data relating to him or her without undue delay. Taking into account the purposes of the processing, the Data Subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

9.3 Right to erasure

The Data Subject shall have the right to obtain from the Data Controller, upon his or her request, the erasure of personal data relating to him or her without undue delay, and the Data Controller shall be obliged to erase personal data relating to the Data Subject without undue delay, if one of the following grounds applies:

•      the personal data are no longer necessary for the purposes for which they were collected;
•      the Data Subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
•      the Data Subject objects to the processing of his or her data and there are no overriding legitimate grounds for the processing.

Where the Controller has disclosed the personal data and is obliged to delete it, it shall take reasonable steps, including technical measures, taking into account the available technology and the cost of implementation, to inform the controllers that process the data that the data subject has requested the deletion of the links to or copies or replicas of the personal data in question.

9.4. Right to restriction of processing

The Data Subject shall have the right to obtain from the Controller, at his or her request, the restriction of processing if.

•      the Data Subject contests the accuracy of the personal data;
•      the Data Controller no longer needs the personal data, but the data subject requests them for the purposes of pursuing legal claims.

9.5 Right to data portability

The Data Subject is entitled to receive the personal data relating to him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format, where the processing is based on consent or a contract and the processing is carried out by automated means.

9.6 Right to object

The Data Subject has the right to object to the processing of his or her personal data at any time on grounds relating to his or her particular situation, if the processing of the personal data is in the legitimate interest of the Controller.

 

10. How to enforce your rights

The Data Controller can be contacted with any questions or comments regarding data management at the contact details specified in point 2.

The Data Subject may lodge a complaint directly with the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; email: ugyfelszolgalat@naih.hu; website: www.naih.hu).

In the event of a breach of the Data Subject's rights, the Data Subject may take legal action. The court of law has jurisdiction to decide on the case. The lawsuit may also be brought before the court of the place of residence or domicile of the Data Subject, at the choice of the Data Subject. The Controller shall inform the Data Subject, upon request, of the possibilities and means of legal remedy.

 

11. Applicable law, other provisions

This Privacy Notice is governed by Hungarian law.

If the legislation in force in the User's country imposes more stringent rules on the parties than those set out in this Privacy Policy, the User shall comply with them. However, the User acknowledges and accepts that the Controller's liability shall be based on the law applicable to this Privacy Notice and excludes its liability to the fullest extent possible under applicable law and court decisions for non-compliance with the provisions of the User's country.

This Privacy Notice is for information purposes only, it is not in itself sufficient for a full understanding of the data processing. For questions not clearly answered in this Privacy Notice, the User may request information from the Data Controller using the contact details indicated in point 2.