PRIVACY POLICY
By using our website, you agree to the use of cookies in accordance with the Cookie Policy.


PRIVACY POLICY

PRIVACY POLICY
ON THE RIGHTS OF THE NATURAL PERSONS CONCERNED
REGARDING THE HANDLING OF YOUR PERSONAL DATA


CONTENTS

INTRODUCTION
CHAPTER I - NAME OF THE DATA PROCESSOR
II. CHAPTER - NAME OF DATA PROCESSORS
1. Our company's IT service provider
2. Our company's accounting service provider
3. Postal services, delivery, parcel delivery
III. CHAPTER - DATA MANAGEMENT RELATED TO EMPLOYMENT RELATIONSHIP
1. Labor and personnel records
2. Data management related to aptitude tests
3. Management of the data of employees applying for recruitment, applications, resumes
4. Data management related to checking the use of e-mail accounts
5. Data management related to the control of computers, laptops and tablets
6. Data management related to the control of Internet use at work
7. Data management related to checking the use of company mobile phones
8. Data management related to workplace camera surveillance
IV. CHAPTER - DATA MANAGEMENT RELATED TO CONTRACT
1. Management of the data of contractual partners - registration of customers and suppliers
2. Contact details of natural person representatives of legal entities, customers, buyers, and suppliers
3. Visitor data management on the Company's website
4. Information on the use of cookies
5. Contact via the Company's website
6. Data management for direct marketing purposes
V. CHAPTER - DATA PROCESSING BASED ON LEGAL OBLIGATION
1. Data management for the purpose of fulfilling tax and accounting obligations
2. Payer data management
3. According to the Archives Act, data management for documents of lasting value
4. Data management for the purpose of fulfilling anti-money laundering obligations
VI. CHAPTER - SUMMARY INFORMATION ABOUT YOUR RIGHTS CONCERNED
VII. CHAPTER - DETAILED INFORMATION ABOUT YOUR RIGHTS
VIII. CHAPTER - SUBMISSION OF THE SUBJECT'S REQUEST, MEASURES OF THE DATA CONTROLLER
INTRODUCTION

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, as well as on the repeal of Regulation 95/46/EC (hereinafter: the Regulation), stipulates, that the Data Controller takes appropriate measures in order to provide the data subject with all information related to the processing of personal data in a concise, transparent, understandable and easily accessible form, clearly and comprehensibly formulated, and that the Data Controller facilitates the exercise of the rights of the data subject.

The obligation of the data subject to be informed in advance about the right to self-determination of information and CXII of 2011 on freedom of information. is also required by law.

We comply with this legal obligation by providing the information below.

The information must be published on the company's website or sent to the person concerned upon request.

CHAPTER I.

NAME OF DATA PROCESSOR

The publisher of this information, also the Data Controller:

Company name: H.C.L. Ltd.
Headquarters: 1144 Budapest, Kőszeg u. 20.
Company registration number: 01-09-368262
Tax number: 12020744-2-42
Representative: László Tamás Király
Phone number: +36-1-363-5978
Fax: +36-1-222-0726
E-mail address: telikert(at)hcl.hu
Website: www.telikert.eu
(hereinafter: Company)

II. CHAPTER
NAME OF DATA PROCESSORS

Data processor: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller; (Article 4, 8 of the Regulation)

The use of the data processor does not require the prior consent of the data subject, but information is required. Accordingly, we provide the following information:

1. Our company's IT service provider

For the maintenance and management of its website, our company uses a data processor who provides IT services (hosting services) and within this framework - for the duration of our contract with him - manages the personal data provided on the website, the operation performed by him is the storage of personal data on the server.

The name of this data processor is as follows:

Company name: Ufo-Tech Kft.
Headquarters: 8000 Székesfehérvár, Adonyi u. 96.
Company registration number: 07-09-011750
Tax number: 13622019-2-07
Representative: Krisztián Újfalusi
Phone number: +36-30-2156737
Fax: +36-22-786358
E-mail address: szamlazas(at)ufotech.hu
Website: www.ufotech.hu

2. Our company's accounting service provider

In order to fulfill its tax and accounting obligations, our Company uses an external service provider with an accounting service contract, who also manages the personal data of natural persons who have a contract or payment relationship with our Company, for the purpose of fulfilling the tax and accounting obligations imposed on our Company.

The name of this data processor is as follows:

Company name: Németh and TSA. Ltd.
Headquarters: 1104, Budapest, Mádi u. 133.
Company registration number: 01-09-078734
Tax number: 10611333-2-42
Representative: Csilla Némethné Futás
Phone number: +36-1-2626758
as well as
Company name: Teréz Szilágyi e.v.
Headquarters: 1172, Budapest, Tóalmás u. 72. TT/6
Registration number: 52034961
Tax number: 68639936-1-42
Representative: Teréz Szilágyi
Phone number: +36-1-3635978

3. Postal services, delivery, parcel delivery

These data processors receive from our Company the personal data necessary for the delivery of the ordered product (name, address, telephone number of the person concerned), and use this to deliver the product.

These service providers:

Hungarian post

Courier service: TNT
Company name: TNT Express Hungary Kft.
Headquarters: 1185 Budapest, International Airport Terminal 1
Company registration number: 01-09-068137
Tax number: 10376166-2-44
Representative: Tamás Kakuk
Phone number: +36-1-885-4400

III. CHAPTER
DATA MANAGEMENT RELATED TO EMPLOYMENT

1. Labor and personnel records

(1) Only such data may be requested and kept on record from employees, as well as occupational medical suitability examinations, which are necessary for the establishment, maintenance and termination of employment, as well as for the provision of social welfare benefits and which do not infringe the employee's personal rights.

(2) The Company processes the following data of the employee for the purpose of establishing, fulfilling or terminating an employment relationship under the legal title of asserting its legitimate interests as an employer (Article 6 (1, paragraph f) of the Regulation):
1. name
2. birth name,
3. date of birth,
4. his mother's name,
5. residential address,
6. his nationality,
7. tax identification number,
8. TAJ number,
9. pensioner identification number (in the case of a retired employee),
10. telephone number,
11. e-mail address,
12. identity card number,
13. the number of the official ID card confirming the residential address,
14. your bank account number,
15. online ID (if any)
16. starting and ending date of starting work,
job title 17,
18. a copy of a document certifying your education and professional qualifications,
photo 19,
20. resume,
21. the amount of your salary, data related to salary payment and other benefits,
22. the debt to be deducted from the employee's salary based on a legally binding decision or legislation, or his written consent, or the entitlement thereof,
23. evaluation of the employee's work,
24. the manner and reasons for the termination of the employment relationship,
25. depending on the job, his moral certificate
26. summary of job suitability tests,
27. in the case of private pension fund and voluntary mutual insurance fund membership, the name of the fund, its identification number and the employee's membership number,
28. in the case of a foreign employee, passport number; the name and number of the document certifying the right to work,
29. data recorded in the records of accidents involving employees;
30. data required for the use of welfare services and commercial accommodation;
31. data recorded by the camera used by the Company for security and property protection purposes.

(3) The employer only handles data relating to illness and trade union membership for the purpose of fulfilling the right or obligation specified in the Labor Code.

(4) Recipients of personal data: the manager of the employer, the exercise of employer authority, the employees and data processors of the Company performing labor tasks.

(5) Only the personal data of senior employees may be forwarded to the owners of the Company.

(6) Period of storage of personal data: 3 years after termination of employment.

(7) Before data processing begins, the data subject must be informed that data processing is based on the Labor Code and the enforcement of the legitimate interests of the employer

2. Data management related to aptitude tests

(1) The employee may only be subject to a fitness test that is prescribed by a rule relating to an employment relationship, or which is necessary in order to exercise a right or fulfill an obligation specified in a rule relating to an employment relationship. Before the examination, the employees must be informed in detail about, among other things, what kind of skills and abilities the aptitude test is aimed at assessing, and what means and methods are used for the examination. If a law requires the examination to be carried out, the employees must be informed of the title of the law and the exact location of the law.

(2) The employer can fill out the test forms for work suitability and readiness with the employees both before the establishment of the employment relationship and during the existence of the employment relationship.

(3) In order to provide and organize the work processes more efficiently, the questionnaire, which is clearly related to the employment relationship, can only be completed with a larger group of employees, suitable for researching psychological or personality traits, if the data revealed during the analysis cannot be linked to individual specific employees, i.e. the test is done anonymously data processing.

(4) Scope of personal data that can be processed: the fact of job suitability and the necessary conditions for this.

(5) Legal basis for data management: legitimate interest of the employer.
(6) The purpose of processing personal data is: establishing and maintaining an employment relationship, filling a position.

(7) Recipients of personal data and categories of recipients: The results of the examination can be seen by the examined employees and the specialist conducting the examination. The employer can only receive information on whether the examined person is suitable for the job or not, and what conditions must be provided for this. However, the employer may not know the details of the investigation or its complete documentation.

(8) Duration of processing personal data: 3 years after termination of employment.

3. Management of the data of employees applying for recruitment, applications, resumes

(1) The range of personal data that can be processed: the natural person's name, date of birth, place, mother's name, residential address, qualification data, photo, telephone number, e-mail address, employer's record of the applicant (if any).

(2) The purpose of processing personal data: application, evaluation of applications, conclusion of an employment contract with the selected candidate. The person concerned must be informed if the employer did not choose him for the given position.

(3) Legal basis for data management: consent of the data subject.

(4) Recipients of personal data and categories of recipients: managers and employees who are entitled to exercise employer rights at the Company and perform labor duties.

(5) Period of storage of personal data: Until the application or tender is evaluated. The personal data of applicants who are not selected must be deleted. The data of the person who withdrew their application or application must also be deleted.

(6) The employer may only retain the tenders based on the express, clear and voluntary consent of the person concerned, provided that their retention is necessary in order to achieve the purpose of data management in accordance with the legislation. This consent must be requested from the applicants after the end of the admission procedure.

4. Data management related to checking the use of e-mail accounts

(1) If the Company provides an e-mail account to the employee - the employee may use this e-mail address and account exclusively for the purpose of his job duties, in order for the employees to keep in touch with each other or to correspond with clients on behalf of the employer. , with other persons and organizations.
(2) The employee may not use the e-mail account for personal purposes, and may not store personal letters in the account.
(3) The employer is entitled to check the entire content and use of the e-mail account regularly - every 3 months - and the legal basis for data management is the legitimate interest of the employer. The purpose of the audit is to verify compliance with the employer's provision regarding the use of the e-mail account, as well as to verify the employee's obligations (Mt. § 8, § 52).
(4) The manager of the employer or the exerciser of the employer's rights is entitled to the inspection.
(5) If the circumstances of the inspection do not exclude the possibility of this, it must be ensured that the employee can be present during the inspection.
(6) Before the inspection, the employee must be informed about the employer's interest in the inspection, who can carry out the inspection on behalf of the employer, - according to which rules the inspection can take place (adherence to the principle of gradualism) and what the procedure is, - what his rights are and you have legal remedies in relation to the data management associated with the verification of the e-mail account.
(7) During the inspection, the principle of gradation must be applied, so it must first be established from the e-mail address and subject that it is related to the employee's job duties and not for personal purposes. The employer may examine the content of e-mails for non-personal purposes without restriction.
(8) If, contrary to the provisions of these regulations, it can be established that the employee used the e-mail account for personal purposes, the employee must be requested to delete the personal data immediately. In the event of the employee's absence or lack of cooperation, the employer will delete the personal data during the inspection. Due to the use of the e-mail account contrary to these regulations, the employer may apply labor law legal consequences to the employee.
(9) The employee may use the rights described in the chapter on the rights of the data subject of these regulations in connection with the data management associated with the control of the e-mail account.

5. Data management related to the control of computers, laptops and tablets

(1) The employee may use the computer, laptop, or tablet provided by the Company for the purpose of work exclusively for the performance of his job duties, the Company prohibits the use of these for private purposes, the employee may not manage or store any personal data or correspondence on these devices. The employer can check data stored on these devices. Regarding the inspection of these devices by the employer and the legal consequences, the former 1.4. the provisions of point

6. Data management related to the control of Internet use at work

(1) The employee may only view websites related to his work duties, the employer prohibits the use of the internet at work for personal purposes.
(2) The Company is entitled to online registrations performed on behalf of the Company as a job task, and during the registration, the ID and password referring to the company must be used. If the provision of personal data is also necessary for registration, the Company must initiate their deletion upon termination of the employment relationship.
(3) The employer may check the employee's use of the internet at work, which and its legal consequences are referred to in 1.4. the provisions of point

7. Data management related to checking the use of company mobile phones

(1) The employer does not allow the use of the company mobile phone for private purposes, the mobile phone can only be used for work-related purposes, and the employer can check the phone number and data of all outgoing calls, as well as the data stored on the mobile phone.

(2) The employee must notify the employer if the company mobile phone has been used for private purposes. In this case, the check can be carried out by the employer requesting a call log from the telephone service provider and asking the employee to put the numbers called on the document for private calls
unrecognizable. The employer can stipulate that the costs of calls for private purposes are borne by the employee.

(3) In other respects, the inspection and its legal consequences are referred to in 1.4. the provisions of point

8. Data management related to workplace camera surveillance

(1) Our company uses an electronic surveillance system at its headquarters, premises, and premises open to customers for the purpose of protecting human life, physical integrity, personal freedom, business secrets and asset protection, which enables image, sound, or image and sound recording. does, based on this, the behavior of the person concerned, which is recorded by the camera, can also be considered personal data.

(2) The legal basis for this data management is the enforcement of the legitimate interests of the employer and the consent of the data subject.

(3) Notices and information about the fact of the application of the electronic monitoring system in a given area must be placed in a clearly visible place, clearly legible, in a way that facilitates the orientation of third parties who wish to appear in the area. The information must be provided for each camera. This information contains information on the fact of the surveillance carried out by the electronic asset protection system, as well as the purpose of making and storing the video and audio recordings recorded by the system containing personal data, the legal basis for data management, the place where the recording is stored, the duration of the storage, the user (operator) of the system also information about his person, the range of persons entitled to access the data, as well as the provisions regarding the rights of the data subjects and the procedure for their enforcement.

(4) Pictures and audio recordings of third parties entering the monitored area (customers, visitors, guests) may be taken and managed with their consent. Consent can also be given by suggestive behavior. Indicative behavior, in particular, if the natural person staying there enters the monitored area despite the notice or explanation about the use of the electronic monitoring system posted there.

(5) Recordings can be kept for a maximum of 3 (three) working days if they are not used. Use is considered if the recorded image, sound, or image and sound recording, as well as other personal data, is intended to be used as evidence in court or other official proceedings.

(6) The person whose right or legitimate interest is affected by the recording of image, sound, or image and sound recording data may, within three working days from the recording of the image, sound, and image and sound recording, request by proving his right or legitimate interest , so that the data is not destroyed or deleted by its manager.

(7) It is not possible to use an electronic monitoring system in a room in which the monitoring may violate human dignity, so in particular in changing rooms, showers, toilets or, for example, a medical room, or in the corresponding waiting room, and also in a room that is used for employees' breaks between work was designated for the purpose of completion.

(8) If no one is legally allowed to be in the workplace - especially outside of working hours or on holidays - then the entire area of the workplace (such as changing rooms, toilets, rooms designated for breaks between work) can be monitored.

(9) In addition to those authorized to do so by law, the management staff, the manager and deputy of the employer, as well as the workplace manager of the monitored area, are entitled to view the data recorded by the electronic monitoring system for the purpose of uncovering violations and checking the operation of the system.


IV. CHAPTER
DATA MANAGEMENT RELATED TO CONTRACT

1. Management of the data of contractual partners - registration of customers and suppliers

(1) The Company processes the name, birth name, date of birth, mother's name, address, tax identification number, tax number, entrepreneur, primary producer of the natural person contracted with it as a buyer or supplier for the purpose of concluding, fulfilling, terminating the contract, and providing contractual discounts. identity card number, identity card number, residential address, address of headquarters, location, telephone number, e-mail address, website address, bank account number, customer number (customer number, order number), online identifier (list of customers, suppliers, main purchase lists), This data processing is considered lawful even if the data management is necessary to take steps at the request of the data subject prior to the conclusion of the contract. Recipients of personal data: the Company's employees performing tasks related to customer service, employees performing accounting and taxation tasks, and data processors. Duration of processing personal data: 5 years after the termination of the contract.

(2) The data subject must be informed before the start of data management that the data management is based on the legal title of the performance of the contract, this information can also be provided in the contract.

(3) The data subject must be informed about the transfer of his personal data to the data processor.

2. Contact details of natural person representatives of legal entity clients, buyers, suppliers

(1) Scope of personal data that can be processed: name, address, telephone number, e-mail address, online identifier of the natural person.
 
(2) The purpose of processing personal data: fulfillment of the contract concluded with the Company's legal entity partner, business relationship, legal basis: the consent of the person concerned.

(3) Recipients of personal data and categories of recipients: employees of the Company performing tasks related to customer service.

(4) Duration of storage of personal data: up to 5 years after the existence of the business relationship or the quality of representative of the person concerned.

3. Visitor data management on the Company's website

(1) Cookies are short data files placed on the user's computer by the visited website. The purpose of the cookie is to make the given information communication and Internet service easier and more convenient. There are many types, but they can generally be classified into two large groups. One is the temporary cookie, which the website places on the user's device only during a specific session (e.g. during the security identification of internet banking), the other type is the permanent cookie (e.g. the language setting of a website), which until then remains on the computer until the user deletes it. Based on the guidelines of the European Commission, cookies [unless they are absolutely necessary for the use of the given service] can only be placed on the user's device with the user's permission.

(2) In the case of cookies that do not require the user's consent, information must be provided during the first visit to the website. It is not necessary for the full text of the information about cookies to appear on the website, it is sufficient if the website operators briefly summarize the essence of the information and refer to the availability of the full information via a link.

(3) In the case of cookies that require consent, the information may also be linked to the first visit to the website, in the event that the data management associated with the use of cookies already begins with the visit to the website. If the application of the cookie is related to the use of a function specifically requested by the user, then the information may also appear in connection with the use of this function. In this case too, it is not necessary for the full text of the cookie information to appear on the website, a brief summary of the essence of the information and a link to the availability of the full information is sufficient.

4. Information on the use of cookies

(1) In accordance with general Internet practice, our Company also uses cookies on its website. A cookie is a small file containing a string of characters that is placed on a visitor's computer when they visit a website. When you visit the website again, thanks to the cookie, the website can recognize the visitor's browser. Cookies can also store user settings (e.g. selected language) and other information. Among other things, they collect information about the visitor and his device, remember the visitor's individual settings, and can be used, e.g. when using online shopping carts. In general, cookies facilitate the use of the website, help the website to provide users with a real web experience and be an effective source of information, and also ensure that the website operator can control the operation of the website, prevent abuses and ensure that the services provided on the website are undisturbed and of an adequate standard.
(2) During the use of the website, our company's website records and manages the following data about the visitor and the device used for browsing:
• the IP address used by the visitor,
• the type of browser,
• characteristics of the operating system of the device used for browsing (set language),
• date of visit,
• the visited (sub)page, function or service.
(3) Accepting and authorizing the use of cookies is not mandatory. You can reset your browser settings to reject all cookies or to notify you when a cookie is currently being sent. Although most browsers automatically accept cookies by default, they can usually be changed to prevent automatic acceptance and offer a choice each time.
You can find information about the cookie settings of the most popular browsers at the links below
• Google Chrome: https://support.google.com/accounts/answer/61416?hl=hu
• Firefox: https://support.mozilla.org/hu/kb/sutik-engedelizeze-es-tiltasa-amit-weboldak-haszn
• Microsoft Internet Explorer 11: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-11
• Microsoft Internet Explorer 10: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-10-win-7
• Microsoft Internet Explorer 9: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-9
• Microsoft Internet Explorer 8: http://windows.microsoft.com/hu-hu/internet-explorer/delete-manage-cookies#ie=ie-8
• Microsoft Edge: http://windows.microsoft.com/hu-hu/windows-10/edge-privacy-faq
• Safari: https://support.apple.com/hu-hu/HT201265
However, we would like to point out that certain website functions or services may not function properly without cookies.

(4) The cookies used on the website are not in themselves suitable for identifying the user.

(5) Cookies used on the company website:

1. Technically necessary session cookies
These cookies are necessary so that visitors can browse the website, use its functions smoothly and fully, the services available through the website, so - among others - in particular, the comments of the actions performed by the visitor on the given pages during a visit. The duration of the data management of these cookies applies only to the visitor's current visit, this type of cookie is automatically deleted from the computer when the session ends or when the browser is closed.
Managed data: AVChatUserId, JSESSIONID, portal_referer.
The legal basis for this data management is Act CVIII of 2001 on certain issues of electronic commercial services and information society services. Act (Elkertv.) 13/A. (3) of §
The purpose of data management is to ensure the proper functioning of the website.

2. Cookies requiring consent:
These provide an opportunity for the Company to remember the user's choices regarding the website. The visitor can prohibit this data management at any time before using the service and during the use of the service. These data cannot be linked to the user's identification data and cannot be transferred to third parties without the user's consent.

  2.1. Cookies facilitating use:
The legal basis for data management is the visitor's consent.
Purpose of data management: Increasing the efficiency of the service, increasing the user experience, making the use of the website more convenient.
The duration of data management is 6 months.

2.2. Performance cookies:
Google Analytics cookies - you can find information about this here:
https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage

Google AdWords cookies - you can find information about this here:
https://support.google.com/adwords/answer/2407785?hl=en 

5. Contact via the Company's website

(1) On the website, the natural person who initiates contact can give his consent to the processing of his personal data by filling out the relevant data sheet. Pre-checking the box is prohibited.

(2) The range of personal data that can be processed: the natural person's name (surname, first name), address, telephone number, e-mail address, online identifier.

(3) The purpose of processing personal data:
1. Fulfillment of the services provided on the website.
2. Contact by electronic, telephone, SMS and postal inquiry.
3. Information about the Company's products, services, contract terms and promotions.
4. Advertising can be sent electronically or by post during the information process.
5. Analysis of the use of the website.

(4) The legal basis for data management is the consent of the data subject.

(5) Recipients of personal data and categories of recipients: the Company's employees performing design and proposal preparation tasks and employees performing tasks related to marketing activities, the Company's IT service provider and hosting employees as data processors.

(6) Duration of storage of personal data: until the existence of the registration / service, or until the consent of the data subject is withdrawn (deletion request).

6. Data management for direct marketing purposes

(1) If a separate law does not provide otherwise, advertising by the method of directly contacting a natural person as the recipient of the advertisement (direct acquisition of business), thus in particular by means of electronic correspondence or other equivalent means of individual communication - Act XLVIII of 2008. with the exception defined by law - it can only be disclosed if the recipient of the advertisement clearly and specifically consented to it in advance.

(2) The range of personal data that can be processed by the Company for the purpose of advertising recipient inquiries: name, address, telephone number, e-mail address, online identifier of the natural person.
 
(3) The purpose of processing personal data is to carry out direct marketing activities related to the Company's activities, i.e. the regular or periodic sending of advertising publications, newsletters, current offers in printed (postal) or electronic form (e-mail) to the contact details provided during registration.

(4) Legal basis for data management: consent of the data subject.

(5) Recipients of personal data and categories of recipients: employees of the Company performing tasks related to customer service as data processors, employees of the Company's IT service provider providing server services, employees of the Post Office in the case of postal delivery.

(6) Period of storage of personal data: until withdrawal of consent.

V. CHAPTER 
DATA PROCESSING BASED ON LEGAL OBLIGATION

1. Data management for the purpose of fulfilling tax and accounting obligations

(1) The Company handles the legally defined data of natural persons entering into a business relationship with it as a customer or supplier for the purpose of fulfilling legal obligations, tax and accounting obligations prescribed by law (bookkeeping, taxation). The processed data is in accordance with CXXVII of 2017 on general sales tax. TV. § 169 and § 202 in particular: tax number, name, address, tax status, pursuant to § 167 of Act C of 2000 on accounting: name, address, designation of the person or organization ordering the business operation , the signature of the voucher issuer and the person certifying the implementation of the provision, as well as the inspector, depending on the organization; the signature of the receiver on the stock movement receipts and money management receipts, and the payer's signature on the receipts, CXVII of 1995 on personal income tax. based on the law: entrepreneur ID number, primary producer ID number, tax identification number.

(2) The period of storage of personal data is 8 years after the termination of the legal relationship giving the legal basis.

(3) Recipients of personal data: the Company's employees and data processors performing tax, accounting, payroll, and social security tasks.

2. Payer data management

(1) For the purpose of fulfilling legal obligations, the Company manages the personal data of those concerned - employees, their family members, employees, recipients of other benefits - prescribed in tax laws for the purpose of fulfilling tax and contribution obligations prescribed by law (tax, tax advance, assessment of contributions, payroll, social security, pension administration) data with whom your payer (2017: CL. Act on the Taxation System (Art.) 7.§ 31.) is in contact. The scope of the processed data is determined by § 50 of Art., highlighting separately: the natural person's natural personal identification data (including the previous name and title), gender, citizenship, the natural person's tax identification number, social security identification number (Social security number). If the tax laws attach legal consequences to this, the Company may process the employees' health (Szja tv.§ 40.) and trade union (Szja tv. § 47.(2) b./) data for the purpose of fulfilling tax and contribution obligations (payroll, social security administration).

(2) The period of storage of personal data is 8 years after the termination of the legal relationship giving the legal basis.

(3) Recipients of personal data: the Company's employees and data processors performing tax, payroll, social security (paying) duties.

3. According to the Archives Act, data management for documents of lasting value

(1) The fulfillment of the Company's legal obligations is governed by Act LXVI of 1995 on public records, public archives and the protection of private archive material. Act (Archives Act), with the aim of ensuring that the permanent part of the Company's archival material remains intact and usable for future generations. Time of data storage: until transfer to the public archive.

(2) Recipients of personal data and other issues of data management are governed by the Archives Act.

4. Data management for the purpose of fulfilling anti-money laundering obligations

(1) In order to prevent and prevent money laundering and terrorist financing, the Company manages its customers, their representatives, and beneficial owners in accordance with Act LIII of 2017 on the Prevention and Prevention of Money Laundering and Terrorist Financing. data specified in the Act (Pmt.): a) natural person a) family and first name, b) birth family and first name, c) citizenship, d) place and time of birth, e) mother's birth name, f) residential address, in the absence of this, place of residence , g) the type and number of your identification document; the number of your official identity card confirming your address, a copy of the presented documents. (§7).

(2) Recipients of personal data: the Company's employees performing tasks related to customer service, the Company's manager and the Company's Pmt. designated person according to

(3) Duration of storage of personal data: 8 years from the termination of the business relationship or from the completion of the transaction order. (Pmt. § 56(2))

VI. CHAPTER

SUMMARY OF YOUR RIGHTS

In this chapter, for the sake of clarity and transparency, we briefly summarize the rights of the data subject, the detailed information on the exercise of which is provided in the next chapter.

Right to prior information
The data subject has the right to receive information about the facts and information related to data management before the start of data management.
(Articles 13-14 of the Regulation)
We provide information on the detailed rules in the next chapter.

The data subject's right of access
The data subject is entitled to receive feedback from the Data Controller as to whether his personal data is being processed, and if such data processing is ongoing, he is entitled to access the personal data and related information specified in the Regulation.
(Regulation Article 15).
We provide information on the detailed rules in the next chapter.

Right to rectification
The data subject is entitled to have the Data Controller correct inaccurate personal data concerning him without undue delay upon request. Taking into account the purpose of the data management, the data subject is entitled to request the completion of incomplete personal data, including by means of a supplementary statement.
(Regulation Article 16).

The right to erasure ("the right to be forgotten")
1. The data subject has the right to request that the Data Controller delete the personal data concerning him without undue delay, and the Data Controller is obliged to delete the personal data concerning the data subject without undue delay if one of the reasons specified in the Order exists.
(Regulation Article 17)
We provide information on the detailed rules in the next chapter.

The right to restrict data processing
The data subject is entitled to request that the Data Controller restricts data processing if the conditions specified in the order are met.
(Regulation Article 18)
We provide information on the detailed rules in the next chapter.

Notification obligation related to the correction or deletion of personal data or the limitation of data management
The Data Controller informs all recipients of all corrections, deletions or data management restrictions to whom or to whom the personal data was disclosed, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the Data Controller informs about these recipients.
(Regulation Article 19)

The right to data portability
Under the conditions set out in the Regulation, the data subject is entitled to receive the personal data relating to him/her provided to a Data Controller in a segmented, widely used, machine-readable format, and is also entitled to forward this data to another Data Controller without being hindered by the the Data Controller to whom the personal data was made available.
(Regulation Article 20)
We provide information on the detailed rules in the next chapter.

The right to protest
The data subject has the right to object to his personal data at any time for reasons related to his own situation under point e) of Article 6 (1) of the Regulation (the data processing is in the public interest or necessary for the performance of a task carried out in the framework of the exercise of public authority conferred on the Data Controller) or point f) (the data management is necessary to enforce the legitimate interests of the Data Controller or a third party.
(Regulation Article 21)
We provide information on the detailed rules in the next chapter.

Automated decision-making in individual cases, including profiling
The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have a legal effect on him or affect him to a similar extent.
(Regulation Article 22)
We provide information on the detailed rules in the next chapter.

Restrictions
The EU or Member State law applicable to the Data Controller or data processor may limit the provisions of Articles 12-22 through legislative measures. Article and Article 34, as well as Articles 12–22. in accordance with the rights and obligations defined in Article
(Regulation Article 23)
We provide information on the detailed rules in the next chapter.

Informing the data subject about the data protection incident
If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the Data Controller shall inform the data subject of the data protection incident without undue delay.
(Regulation Article 34)
We provide information on the detailed rules in the next chapter.

The right to lodge a complaint with the supervisory authority (right to an official remedy)

The data subject has the right to file a complaint with a supervisory authority - in particular in the Member State of his or her usual place of residence, workplace or the place of the alleged infringement - if, in the opinion of the data subject, the processing of personal data relating to him/her violates the Regulation.
(Regulation Article 77)
We provide information on the detailed rules in the next chapter.

The right to an effective judicial remedy against the supervisory authority

All natural and legal persons are entitled to an effective judicial remedy against the legally binding decision of the supervisory authority concerning them, or if the supervisory authority does not deal with the complaint, or does not inform the person concerned about the procedural developments related to the submitted complaint or its result within three months.
(Regulation Article 78)
We provide information on the detailed rules in the next chapter.

The right to an effective judicial remedy against the controller or processor

All data subjects are entitled to an effective judicial remedy if, in their judgment, their rights according to this regulation have been violated as a result of the handling of their personal data not in accordance with this regulation.
(Regulation Article 79)
We provide information on the detailed rules in the next chapter.

VII. CHAPTER

DETAILED INFORMATION ABOUT YOUR RIGHTS

Right to prior information

The data subject has the right to receive information about the facts and information related to data management before the start of data management

A) Information to be made available if personal data is collected from the data subject

1. If the personal data concerning the data subject is collected from the data subject, the data controller shall provide the data subject with all of the following information at the time of obtaining the personal data:
a) the identity and contact details of the data controller and, if any, the representative of the data controller;
b) contact details of the data protection officer, if any;
c) the purpose of the planned processing of personal data and the legal basis of data processing;
d) in the case of data management based on point f) of Article 6, paragraph (1) of the Regulation (validation of legitimate interests), the legitimate interests of the data controller or a third party;
e) where appropriate, recipients of personal data, or categories of recipients, if any;
f) where applicable, the fact that the data controller wishes to transfer the personal data to a third country or an international organization, as well as the existence or absence of the Commission's compliance decision, or Article 46, Article 47 or Article 49 of the Regulation (1 ) in the case of data transmission referred to in the second subparagraph of paragraph 1, indicating the appropriate and suitable guarantees, as well as a reference to the methods for obtaining a copy of them or their availability.
2. In addition to the information mentioned in point 1, at the time of obtaining the personal data, in order to ensure fair and transparent data management, the data controller informs the data subject of the following additional information:
a) on the period of storage of personal data, or if this is not possible, on the criteria for determining this period;
b) the data subject's right to request from the data controller access to personal data relating to him, their correction, deletion or restriction of processing, and to object to the processing of such personal data, as well as the data subject's right to data portability;
c) in the case of data processing based on point a) of Article 6 (1) (consent of the data subject) or point a) of Article 9 (2) (consent of the data subject) of the Regulation, the right to withdraw consent at any time, which is not affects the legality of data processing carried out on the basis of consent before withdrawal;
d) on the right to submit a complaint to the supervisory authority;
e) whether the provision of personal data is based on legislation or a contractual obligation or is a prerequisite for the conclusion of a contract, as well as whether the data subject is obliged to provide the personal data, and what possible consequences the failure to provide data may have;
f) the fact of automated decision-making referred to in paragraphs (1) and (4) of Article 22 of the Regulation, including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of such data management for the data subject what are the expected consequences.
3. If the data controller wishes to carry out further data processing on personal data for a purpose other than the purpose of their collection, he must inform the data subject of this different purpose and all relevant additional information mentioned in paragraph (2) before further data processing.
4. The 1-3. points do not apply if and to the extent that the data subject already has the information.
(Regulation Article 13)

B) Information to be made available if the personal data was not obtained from the data subject

1. If the personal data was not obtained from the data subject, the data controller provides the data subject with the following information:
a) the identity and contact details of the data controller and, if any, the representative of the data controller;
b) contact details of the data protection officer, if any;
c) the purpose of the planned processing of personal data and the legal basis of data processing;
d) categories of personal data concerned;
e) recipients of personal data, or categories of recipients, if any;
f) where applicable, the fact that the data controller wishes to forward the personal data to a recipient in a third country or to an international organization, and the existence or absence of the Commission's compliance decision, or the provisions of Article 46, Article 47 or Article 49 of the Regulation. in the case of data transmission referred to in the second subparagraph of paragraph (1) of Article 2, the indication of appropriate and suitable guarantees, as well as a reference to the methods for obtaining a copy of them or their availability.

2. In addition to the information mentioned in point 1, the data controller provides the data subject with the following additional information necessary to ensure fair and transparent data management for the data subject:
a) the period of storage of personal data, or if this is not possible, the criteria for determining this period;
b) if the data management is based on point f) of Article 6 (1) of the Regulation (legitimate interest), on the legitimate interests of the data controller or a third party;
c) the data subject's right to request from the data controller access to personal data relating to him, their correction, deletion or limitation of processing, and to object to the processing of personal data, as well as the data subject's right to data portability;
d) in the case of data processing based on point a) of Article 6 (1) (consent of the data subject) or point a) of Article 9 (2) (consent of the data subject) of the Regulation, the right to withdraw consent at any time, which it does not affect the legality of data processing carried out on the basis of consent before the withdrawal;
e) the right to submit a complaint addressed to a supervisory authority;
f) the source of the personal data and, where appropriate, whether the data comes from publicly available sources; and
g) the fact of automated decision-making referred to in paragraphs (1) and (4) of Article 22 of the Regulation, including profiling, as well as, at least in these cases, comprehensible information about the applied logic and the significance of such data management and for the data subject what are the expected consequences.

3. The data controller provides the information according to points 1 and 2 as follows:
a) taking into account the specific circumstances of the handling of personal data, within a reasonable time from the acquisition of the personal data, but within one month at the latest;
b) if the personal data is used for the purpose of contacting the data subject, at least during the first contact with the data subject; obsession
c) if it is expected that the data will be communicated to another recipient, at the latest when the personal data is communicated for the first time.

4. If the data controller wishes to carry out further data processing on personal data for a purpose other than the purpose of their acquisition, the data subject must be informed of this different purpose and all relevant additional information mentioned in point 2 before further data processing.

5. The 1-5. point does not have to be applied if and to the extent that:
a) the data subject already has the information;
b) the provision of the information in question proves to be impossible or would require a disproportionately large effort, especially in the case of data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, taking into account the conditions and guarantees contained in Article 89 (1) of the Regulation, or if the obligation referred to in paragraph (1) of this article would likely make it impossible or seriously jeopardize the achievement of the goals of this data management. In such cases, the data controller must take appropriate measures - including making the information publicly available - in order to protect the rights, freedoms and legitimate interests of the data subject;
c) the acquisition or disclosure of the data is expressly required by the EU or Member State law applicable to the data controller, which provides for appropriate measures to protect the legitimate interests of the data subject; obsession
d) personal data must remain confidential on the basis of the obligation of professional confidentiality prescribed by an EU or member state law, including the obligation of confidentiality based on legislation.
(Regulation Article 14)

The data subject's right of access

1. The data subject has the right to receive feedback from the Data Controller as to whether his personal data is being processed, and if such data processing is in progress, he is entitled to receive access to the personal data and the following information:
a) the purposes of data management;
b) categories of personal data concerned;
c) the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations;
d) where appropriate, the planned period of storage of personal data, or if this is not possible, the criteria for determining this period;
e) the right of the data subject to request from the Data Controller the correction, deletion or restriction of processing of personal data concerning him and to object to the processing of such personal data;
f) the right to submit a complaint addressed to a supervisory authority;
g) if the data were not collected from the data subject, all available information about their source;
h) the fact of automated decision-making referred to in paragraphs (1) and (4) of Article 22 of the Regulation, including profiling, as well as, at least in these cases, comprehensible information regarding the applied logic and the significance of such data management and the data subject looking at the expected consequences.

2. If personal data is transferred to a third country or to an international organization, the data subject is entitled to receive information about the appropriate guarantees in accordance with Article 46 of the Regulation regarding the transfer.

3. The Data Controller provides a copy of the personal data that is the subject of data management to the data subject. For additional copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject submitted the request electronically, the information must be provided in a widely used electronic format, unless the data subject requests otherwise. The right to request a copy must not adversely affect the rights and freedoms of others.
(Regulation Article 15)

The right to erasure ("the right to be forgotten")

1. The data subject has the right to request that the Data Controller delete the personal data concerning him without undue delay, and the Data Controller is obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:
a) the personal data are no longer needed for the purpose for which they were collected or otherwise processed;
b) the data subject withdraws the consent that forms the basis of the data management pursuant to point a) of Article 6 (1) or point a) of Article 9 (2) of the Regulation, and there is no other legal basis for the data management;
c) the data subject objects to the data processing based on Article 21(1) of the Regulation and there is no overriding legitimate reason for data processing, or the data subject objects to the data processing based on Article 21(2);
d) personal data were handled unlawfully;
e) personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Data Controller;
f) the collection of personal data took place in connection with the offering of information society-related services referred to in Article 8 (1) of the Regulation.

2. If the Data Controller has disclosed the personal data and is obliged to delete it pursuant to point 1 above, it will take reasonable steps, including technical measures, taking into account the available technology and implementation costs, in order to inform the Data Controllers handling the data, that the data subject requested from them the deletion of the links to the personal data in question or the copy or duplicate of this personal data.

3. Points 1 and 2 do not apply if data management is necessary:
a) for the purpose of exercising the right to freedom of expression and information;
b) for the purpose of fulfilling the obligation according to EU or member state law applicable to the Data Controller requiring the processing of personal data, or for the execution of a task carried out in the public interest or in the context of the exercise of public authority vested in the Data Controller;
c) in accordance with points h) and i) of Article 9 (2) and Article 9 (3) of the Regulation on the basis of public interest affecting the field of public health;
d) in accordance with Article 89 (1) of the Regulation, for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, if the right mentioned in point 1 would likely make this data management impossible or seriously endanger it; obsession
e) to present, enforce and defend legal claims.
(Regulation Article 17)

The right to restrict data processing

1. The data subject has the right to request that the Data Controller restrict data processing if one of the following is met:
a) the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the Data Controller to check the accuracy of the personal data;
b) the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use;
c) the Data Controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims; obsession
d) the data subject has objected to data processing in accordance with Article 21 (1) of the Regulation; in this case, the restriction applies to the period until it is determined whether the Data Controller's legitimate reasons take precedence over the data subject's legitimate reasons.

2. If data management is subject to restrictions based on point 1, such personal data, with the exception of storage, will only be processed with the consent of the data subject, or for the presentation, enforcement or defense of legal claims, or for the protection of the rights of another natural or legal person, or the Union, or can be handled in the important public interest of a member state.

3. The Data Controller informs the data subject, at whose request the data processing was restricted based on point 1, of the lifting of the data processing restriction in advance.
(Regulation Article 18)

The right to data portability

1. The data subject has the right to receive the personal data concerning him/her provided to a Data Controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another Data Controller without being hindered by that Data Controller , to which you provided the personal data, if:
a) the data management is based on consent according to point a) of Article 6 (1) or point a) of Article 9 (2) of the Regulation, or on a contract according to point b) of Article 6 (1) of the Regulation; and
b) data management takes place in an automated manner.

2. When exercising the right to data portability in accordance with point 1, the data subject is entitled to - if this is technically possible - request the direct transfer of personal data between Data Controllers.

3. The exercise of this right may not violate Article 17 of the Regulation. The aforementioned right does not apply in the event that the data processing is in the public interest or is necessary for the execution of a task performed in the context of the exercise of the public authority delegated to the Data Controller.

4. The right mentioned in point 1 may not adversely affect the rights and freedoms of others. (Regulation Article 20)

The right to protest

1. The data subject has the right to object to his personal data at any time for reasons related to his own situation under point e) of Article 6 (1) of the Regulation (data processing is in the public interest or is necessary for the performance of a task performed in the framework of the exercise of public authority conferred on the Data Controller) or point f) (the data processing is necessary to enforce the legitimate interests of the Data Controller or a third party), including profiling based on the aforementioned provisions. In this case, the Data Controller may no longer process the personal data, unless the Data Controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are necessary for the presentation, enforcement or defense of legal claims are connected.
 
2. If personal data is processed for direct business acquisition, the data subject has the right to object at any time to the processing of his personal data for this purpose, including profiling, if it is related to direct business acquisition.

3. If the data subject objects to the processing of personal data for the purpose of direct business acquisition, then the personal data may no longer be processed for this purpose.
4. The right mentioned in points 1 and 2 must be specifically brought to the attention of the data subject during the first contact at the latest, and the relevant information must be displayed clearly and separately from all other information.

5. In connection with the use of services related to the information society and deviating from Directive 2002/58/EC, the data subject may also exercise the right to object using automated means based on technical specifications.

6. If personal data is processed for scientific and historical research purposes or for statistical purposes in accordance with Article 89 (1) of the Regulation, the data subject is entitled to object to the processing of personal data concerning him for reasons related to his own situation, except if the data management is necessary for the execution of a task carried out for reasons of public interest.
(Regulation Article 21)

Automated decision-making in individual cases, including profiling

1. The data subject has the right not to be covered by the scope of a decision based solely on automated data management, including profiling, which would have legal effects on him or affect him to a similar extent.

2. Point 1 does not apply if the decision:
a) necessary for the conclusion or fulfillment of the contract between the data subject and the Data Controller;
b) it is made possible by EU or member state law applicable to the Data Controller, which also establishes appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; obsession
c) is based on the express consent of the data subject.

3. In the cases referred to in points a) and c) of point 2, the Data Controller is obliged to take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention on the part of the Data Controller, to express his point of view, and file an objection against the decision.

4. The decisions referred to in point 2 cannot be based on the special categories of personal data referred to in Article 9 (1) of the Regulation, unless points a) or g) of Article 9 (2) apply and the rights of the data subject, appropriate measures were taken to protect his freedoms and legitimate interests.
(Regulation Article 22)

Restrictions

1. The EU or Member State law applicable to the Data Controller or data processor may limit the provisions of Articles 12-22 of the Regulation by means of legislative measures. Article and Article 34, as well as Articles 12–22. with regard to its provisions in accordance with the rights and obligations set out in Article 5, the scope of the rights and obligations contained in Article 5, if the restriction respects the essential content of fundamental rights and freedoms, as well as a necessary and proportionate measure for the protection of the following in a democratic society:
a) national security;
b) national defense;
c) public safety;
d) prevention, investigation, detection or prosecution of crimes, as well as the implementation of criminal sanctions, including protection against threats to public safety and the prevention of these threats;
e) other important general public interest objectives of the Union or a Member State, in particular an important economic or financial interest of the Union or a Member State, including monetary, budgetary and tax issues, public health and social security;
f) protection of judicial independence and judicial proceedings;
g) in the case of regulated occupations, the prevention, investigation and detection of ethical violations and the conduct of related procedures;
h) in the cases mentioned in points a)-e) and g) - even occasionally - control, investigation or regulatory activities related to the performance of public authority tasks;
i) the protection of the data subject or the protection of the rights and freedoms of others;
j) enforcement of civil law claims.

2. The legislative measures referred to in point 1 contain, where appropriate, detailed provisions at least:
a) for the purposes of data management or categories of data management,
b) categories of personal data,
c) the scope of the restrictions introduced,
d) guarantees aimed at preventing misuse, unauthorized access or transmission,
e) to define the Data Controller or to define the categories of Data Controllers,
f) for the duration of data storage, as well as applicable guarantees, taking into account the nature, scope and purposes of data management or data management categories,
g) risks affecting the rights and freedoms of the data subjects, and
h) the right of the data subjects to receive information about the restriction, unless this may adversely affect the purpose of the restriction.
(Regulation Article 23)

Informing the data subject about the data protection incident

1. If the data protection incident likely involves a high risk for the rights and freedoms of natural persons, the Data Controller shall inform the data subject of the data protection incident without undue delay.

2. In the information given to the data subject referred to in point 1, the nature of the data protection incident must be clearly and comprehensibly described, and at least the information and measures mentioned in points b), c) and d) of Article 33, paragraph (3) of the Regulation must be communicated.

3. The data subject need not be informed as mentioned in point 1, if any of the following conditions are met:
a) the Data Controller has implemented appropriate technical and organizational protection measures, and these measures have been applied to the data affected by the data protection incident, in particular those measures - such as the use of encryption - that would be incomprehensible to persons not authorized to access personal data they make the data;
b) after the data protection incident, the Data Controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject referred to in point 1 is unlikely to materialize in the future;
c) providing information would require a disproportionate effort. In such cases, the data subjects must be informed through publicly published information, or a similar measure must be taken that ensures similarly effective information to the data subjects.

4. If the Data Controller has not yet notified the data subject of the data protection incident, the supervisory authority, after considering whether the data protection incident is likely to involve a high risk, may order the data subject to be informed or establish that one of the conditions mentioned in point 3 has been met.
(Regulation Article 34)

The right to complain to the supervisory authority

1. Without prejudice to other administrative or judicial remedies, all data subjects have the right to file a complaint with a supervisory authority - in particular in the Member State of their habitual residence, workplace or the place of the suspected infringement - if, in the judgment of the data subject, the personal data concerning them handling violates this regulation.
2. The supervisory authority to which the complaint was submitted is obliged to inform the customer about the procedural developments related to the complaint and its result, including that the customer is entitled to legal remedies based on Article 78 of the Decree.
(Regulation Article 77)

The right to an effective judicial remedy against the supervisory authority

1. Without prejudice to other administrative or non-judicial remedies, all natural and legal persons are entitled to an effective judicial remedy against the legally binding decision of the supervisory authority.
2. Without prejudice to other administrative or non-judicial legal remedies, all data subjects are entitled to an effective judicial remedy if the competent supervisory authority based on Article 55 or 56 of the Regulation does not deal with the complaint, or does not inform the data subject within three months of the 77 on procedural developments or the result of a complaint submitted pursuant to Article .
3. Proceedings against the supervisory authority must be initiated before the court of the Member State where the supervisory authority is headquartered.

4. If proceedings are initiated against a decision of the supervisory authority in relation to which the Board previously issued an opinion or made a decision within the framework of the uniformity mechanism, the supervisory authority is obliged to send this opinion or decision to the court.
(Regulation Article 78)

The right to an effective judicial remedy against the controller or processor

1. Without prejudice to the available administrative or non-judicial legal remedies, including the right to complain to the supervisory authority according to Article 77 of the Regulation, all data subjects are entitled to an effective judicial remedy if, in their opinion, their personal data has been handled in a way that does not comply with this Regulation your rights under this regulation have been violated.
2. Proceedings against the data manager or data processor must be initiated before the court of the Member State where the data manager or data processor operates. Such a procedure can also be initiated before the court of the Member State of the habitual residence of the person concerned, unless the data controller or the data processor is a public authority of a Member State acting in the capacity of public authority.
(Regulation Article 79)

VIII. CHAPTER
SUBMISSION OF THE APPLICATION OF THE CONCERNED,
PROCEDURES OF THE DATA CONTROLLER

1. The Data Controller shall inform the data subject without undue delay, but in any case within one month of the receipt of the request, of the measures taken as a result of his request to exercise his rights.

2. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months. The Data Controller shall inform the data subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request.

3. If the data subject submitted the application electronically, the information must be provided electronically, if possible, unless the data subject requests otherwise.

4. If the Data Controller does not take measures following the data subject's request, it shall inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, and of the fact that the data subject may file a complaint with a supervisory authority and seek legal remedies with his right.

5. The Data Controller provides information according to Articles 13 and 14 of the Regulation and information about the rights of the data subject (Articles 15-22 and 34 of the Regulation) and measures free of charge. If the data subject's request is clearly unfounded or - especially due to its repeated nature - excessive, the Data Controller, taking into account the administrative costs associated with providing the requested information or information or taking the requested measure:
a) may charge a fee of HUF 6,350, or
b) may refuse to take action based on the request.
It is the responsibility of the Data Controller to prove that the request is clearly unfounded or exaggerated.

6. If the Data Controller has reasonable doubts about the identity of the natural person submitting the request, it may request the provision of additional information necessary to confirm the identity of the person concerned.

H.C.L. Industrial and Innovation Ltd.

May 23, 2018

mce