Privacy Policy

Table of contents

Privacy Policy

I.General provisions

The purpose of the information is to ensure that Kabiri Ltd. (hereinafter referred to as the "Data Controller") acts in accordance with the provisions of this Privacy Policy in all areas of the services it provides when processing personal data. The Data Controller is committed to protecting the personal data of its users and customers, and attaches the utmost importance to respecting the right of information self-determination of its customers. The Data Controller shall keep personal data confidential and shall take all security, technical and organisational measures to ensure the highest possible level of security of the personal data processed. The Data Controller shall take appropriate measures to protect personal data against unauthorised access, alteration, disclosure, disclosure, erasure or destruction and against accidental destruction or accidental damage.

When drafting these rules, the Data Controller has taken particular account of the provisions of Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information
(hereinafter referred to as "the GDPR") and Regulation (EU) 2016/697 of the European Parliament and of the Council ("GDPR Regulation"; hereinafter referred to as "the General Data Protection Regulation").

This Privacy Notice applies to all processing activities of the Data Controller concerning natural persons, in particular to the processing activities carried out on the website [https://www.kabiriszonyeghaz.hu/].
This Notice shall enter into force on the date of its publication on the Controller's website, which shall be 10 May 2019. The Data Controller reserves the right to unilaterally amend the Privacy Notice without prior notice to users.
The Data Controller will process only the data provided by users or specified by law for the purposes set out below. For processing based on voluntary consent, the user may withdraw this consent at any time during the processing. The scope of the personal data processed must be proportionate to the purposes of the processing and may not go beyond those purposes.
The Controller shall not control the personal data provided to it. The User shall be responsible for the data provided by the User and for their accuracy and veracity. The Data Controller shall not be liable for any damage resulting from incorrectly or intentionally provided data, even if the Controller could have been aware of the incorrect nature of the data.
Personal data may be processed by the Data Controller only by its authorised staff, in accordance with the provisions of this notice. The Data Controller shall not transfer the personal data it processes to third parties other than the Data Processors specified in this Notice. Processors are only authorised to act in accordance with the contract concluded with the Controller and the instructions received from the Controller. Processors may only use additional processors with the consent of the Data Controllers.

II. Principles governing the processing of personal data

Personal data:

1.be processed lawfully and fairly and in a transparent manner ("lawfulness, fairness and transparency");

2.be collected only for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes; and. further processing for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes ("purpose limitation") in accordance with Article 89(1);


3. the processing must be adequate, relevant and limited to what is necessary for the purposes for which it is intended ("data minimisation");

4.accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without undue delay ("accuracy");

5. be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be kept for longer periods only if the personal data will be processed for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to the implementation of appropriate technical and organisational measures as provided for in this Regulation to safeguard the rights and freedoms of data subjects ('limited storage');

6. be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage ('integrity and confidentiality'), by implementing appropriate technical or organisational measures.

The controller is responsible for compliance with the above and must be able to demonstrate such compliance ("accountability")

III. Person of the trustee

 

Name of the data controller:Kabiri Ltd.
Address / Mailing address:1122 Budapest, Krisztina körút 11. 1. floor. 7.
Tax number:
 12074578-2-43
Company registration number:
 01 09 463512
E-mail address:info@kabiriszonyeghaz.hu
Phone number:+36 1 212 4143

IV. Interpretative provisions

Personal data: any data by which a natural person can be identified;

'any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person' [Article 4 of the General Data Protection Regulation].

Data subject (user): any natural person who is identified or can be identified, directly or indirectly, on the basis of specific personal data.

Data subject's consent: the data subject's voluntary, explicit and unambiguous consent to the processing of his or her personal data;

"a freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data relating to him or her" [Article 4 of the General Data Protection Regulation].

Processing: any operation carried out on personal data, such as: recording, categorising, altering, transmitting, deleting;

"any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction" [Article 4 of the General Data Protection Regulation].

Data Controller: the natural or legal person who determines the purposes and means of the processing, alone or jointly with others, for the services referred to in this Notice, Green Solartech Ltd;

"a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the controller's designation may also be determined by Union or Member State law" [Article 4 of the General Data Protection Regulation].

Data processor: "any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller" [Article 4 of the General Data Protection Regulation]; for the services referred to in this Policy, data processors may be Magyar Posta Zrt;

Data breach: an unforeseen event that could result in the loss, destruction or unauthorised access to personal data stored by the controller;

"a breach of security leading to the accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed" [Article 4 of the General Data Protection Regulation].

Website: the website https://www.kabiriszonyeghaz.hu/ operated by the Data Controller and the sub-pages of this website.

Service(s): the services operated by the Data Controller and provided by the Data Controller which are available on the Website.

V. Scope, legal basis, purposes and duration of the personal data processed

  1. Personal data provided in the contact form
Personal dataPurpose of data processing
NameIt is necessary for contacting and maintaining contact and for the identification of the user.
E-mail addressRequired for contacting and maintaining contact.
Company nameIt is necessary for contacting and maintaining contact and for the identification of the user.
Phone number.Required for contacting and maintaining contact.
Date of sending messagePerform a technical operation.
  
Legal basis for processing
The legal basis for the processing of personal data provided in the contact form is the voluntary consent of the data subject.
Duration of data processing
The data will be processed until the data subject's consent is withdrawn or until the request for erasure is made, or until the Controller ceases to operate.

VI. Data processors

  1. Hosting service provider / IT service provider
Name of the data processor: Repository
Eu Szolgáltató Kft.
Seat: 1144 Budapest,
Ormánság utca 4.
X. floor 241.
Company registration number: 01 09 909968
Tax number: 23289903-2-43
E-mail address: support@tarhely.eu
Phone number:
+36 1 789 2 789
Privacy Policy: Van (https://tarhely.eu/dokumentumok/adatvedelmi_szabalyzat.pdf)
Activity performed by a data processor: Hosting services, server services, domain services.
The scope of the data processed by the Processor: The network identity of the Data Subject: the IP address of his or her computer and the software environment used by the Data Subject, as well as the time of his or her visit and the address of the pages viewed.
Stakeholders: Natural persons visiting the website.
Purpose of the processing: Ensuring the website works.
Duration of processing, the time limit for deletion of the data: The data recorded by the server operated by the hosting service provider will be stored for 30 days, after which they will be kept in an anonymised form only as visitor statistics.
Legal basis for processing: Consent of the data subject.

VII. Cookies (cookies)

Cookie means files or pieces of information that are downloaded from a website by the user's internet browser and stored on the user's computer. Cookies collect information about visitors to the website and their devices, and also remember visitors' individual preferences, which are used later.

In order to provide a personalised service, the Data Controller or the website operator places a small data package, a so-called cookie, on the user's computer and reads it back during a subsequent visit, subject to the user's / data subject's consent. If the browser sends back a previously saved cookie, the cookie management service provider has the possibility to link the user's current visit to previous visits, but only with regard to its own content. Cookies therefore facilitate the use of a website by improving the user experience. Bearing in mind that the data recorded by cookies cannot be linked to personal data, the Data Controller does not process any personal data by using cookies. The data are processed for statistical purposes only

The operator of the website can only place and analyse cookies if the visitor (data subject) gives his/her consent in the message that pops up when the website is loaded, thus allowing the analysis. The legal basis for the processing is therefore the voluntary consent of the data subject.

The following data is automatically recorded by the Data Controllers' system after acceptance of the cookies:

- The IP address of the connected computer;

- Domain name;

- Date and time of visit;

- Login details;

- HTTP response code;

- Sites visited;

- Custom settings for pages;

- Operating system and version number;

- Browser and version number;

- Screen resolution;

We distinguish between the following types of cookies:

The purpose of session cookies is to enable visitors to browse the website of the Data Controller, use its functions and services fully and smoothly. These types of cookies are valid until the end of the session (browsing), and are automatically deleted from the computer or other device used for browsing when the browser is closed.

Stored/persistent cookies are cookies that are used each time a user visits the site. These persistent cookies are used for analytics purposes and show where the user has been on the website, what pages and products they have visited, what they have done. Depending on the lifetime of the cookie, it remains on the client's computer. They can be used by functions such as Google Analytics. These cookies do not contain any personal data and are not used to identify the visitor.

You can delete the cookie from your computer or disable the use of cookies in your browser. You can usually manage cookies by going to the Tools/Preferences menu of your browser and selecting Privacy settings, and then selecting the cookie or cookie option. By disabling the use of cookies, the user acknowledges that without a cookie the functionality of the site is not fully functional. If the user consents to the setting of cookies and does not subsequently delete them, the cookies will be automatically deleted after 180 days.

VIII. Google adwords, Google analytics Facebook

The Data Controller also uses Google Analytics third party cookies on its website. By using Google Analytics for statistical purposes, the Controller collects information about how visitors use the website. The information stored by the cookies will be used by Google to evaluate how the User has used the website and to provide the website operator with reports on website activity. The data will be used to improve the website and the user experience. These cookies will also remain on the visitor's computer or other browsing device and browser until they expire or until they are deleted by the visitor. The duration of the cookies generated by Google Analytics is limited to 30 days.

You can prevent the storage of cookies by setting your browser to prevent the storage of cookies, but in this case you may not be able to use all the functions of the website. The user can prevent Google from collecting and processing data about the user's use of the website, including IP address, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=hu

The Data Controller runs so-called remarketing ads through the Facebook and Google AdWords advertising systems. These providers may collect or receive data from the Controller's website and other internet sites through the use of cookies, web beacons and similar technologies. They use this data to provide measurement services or to target ads. Such targeted ads may appear on additional websites in the Facebook and Google partner network. Remarketing lists do not contain any personal data of the visitor and are not personally identifiable.

The Data Controller uses cookies to display personalised advertising to potential users via Google and Facebook.

For more information about Google and Facebook's privacy policies, please visit https://policies.google.com/privacy and https://www.facebook.com/about/privacy/

IX. Security of data processing

The controller and the processor shall implement appropriate technical and organisational measures, taking into account the state of the art and the cost of implementation, the nature, scope, context and purposes of the processing and the varying degrees of probability and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of data security appropriate to the level of risk, including, where appropriate:

  1. the encryption of personal data;
  2. the continued confidentiality, integrity, availability and resilience of the systems and services used to process personal data;
  3. in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;
  4. a procedure to test, assess and evaluate regularly the effectiveness of the technical and organisational measures taken to ensure the security of processing.

Informing the data subject about the data breach:

  • Where the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall inform the data subject of the personal data breach without undue delay.
  • The information provided to the data subject shall clearly and prominently describe the nature of the personal data breach and provide the name and contact details of the data protection officer or other contact person who can provide further information; describe the likely consequences of the personal data breach; describe the measures taken or envisaged by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.

The data subject need not be informed if any of the following conditions are met:

  • the data controller has implemented appropriate technical and organisational protection measures and these measures have been applied to the data affected by the personal data breach, in particular measures, such as the use of encryption, which render the data unintelligible to persons not authorised to access the personal data;
  • the controller has taken additional measures following the personal data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;
  • information would require a disproportionate effort. In such cases, the data subjects should be informed by means of publicly disclosed information or by a similar measure which ensures that the data subjects are informed in an equally effective manner.

If the controller has not yet notified the data subject of the personal data breach, the supervisory authority may, after having considered whether the personal data breach is likely to present a high risk, order the data subject to be informed.

X. Data Protection Officer

No Data Protection Officer has been appointed. The Data Controller is not a public authority or a body with public responsibilities, its activities do not involve operations requiring systematic and systematic large-scale monitoring of users, and the Data Controller does not process sensitive data or personal data relating to criminal convictions and offences, and therefore the Data Controller is not obliged to appoint a Data Protection Officer.

XI. Rights of data subjects in relation to data processing

The right of access

The data subject may request to be informed whether his or her personal data are being processed and, if so, which personal data are being processed by the Data Controller, on what legal basis, for what purpose, from what source and for how long. Upon request, the Data Controller shall send information without delay, but within a maximum of 30 (thirty) days, to the e-mail address provided or to the postal address requested by the data subject. The Controller shall provide the information in a concise, transparent, intelligible and clear form.

The right to rectification

The data subject may request the Controller to correct or amend any of his or her data or to complete incomplete data. The Data Controller shall promptly, but not later than within 30 (thirty) days, take action on such a request and send information on the modification of the data(s) to the e-mail address provided or to the postal address requested by the data subject.

The right to erasure

The data subject may request the erasure of the data(s) relating to him or her, If the data subject withdraws his or her consent in respect of the data processed on the basis of the legal basis for consent, the personal data processed will be erased. The Data Controller shall promptly, but no later than within 30 (thirty) days, take measures to delete the data and shall send information on the deletion of the data(s) to the e-mail address provided or to the postal address requested by the data subject.

We will also delete personal data of the data subject if the processing is unlawful, if the purpose of the processing has ceased, if it is incomplete or inaccurate and cannot be lawfully rectified, provided that deletion is not prohibited by law, or if the statutory period for storing the personal data has expired or has been ordered by a court or the Data Protection Commissioner.

Right to restriction of processing

The data subject may request the controller to restrict processing in one of the following cases:

- the data subject contests the accuracy of the personal data, in which case the restriction applies for the period of time necessary to allow the controller to verify the accuracy of the personal data;

- the data processing is unlawful and the data subject opposes the erasure of the data and requests instead the restriction of their use;

- the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims;

- the data subject has objected to the processing, in which case the restriction applies for the period until it is established whether the legitimate grounds of the controller override those of the data subject.

Right to data retention

The data subject shall have the right to receive personal data concerning him or her which he or she has provided to the Controller in a structured, commonly used, machine-readable format and to transmit such data to another controller.

The right to protest

The data subject has the right to object to the processing. The Data Controller shall examine the objection within the shortest possible time from the date of the request, but not later than 15 days, and shall decide whether it is justified. The decision shall be notified to the person who made the request by e-mail or by post to the address requested by the data subject.

XII. Enforcement possibilities in relation to data processing

The data subject may take legal action against the Data Controller or its activities in the event of a breach of his or her rights. The court shall rule on the matter out of turn. The court shall have jurisdiction to hear the case. The court shall act ex officio. The competent court shall be the court in the place where the controller is established, but the action may also be brought, at the choice of the data subject, before the court of the place where the data subject resides or is domiciled.

The data subject may lodge a complaint with the National Authority for Data Protection and Freedom of Information against the Data Controller or the data processing. The contact details of the Authority are:

National Authority for Data Protection and Freedom of Information

Head office: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

Address for correspondence: 1530 Budapest, Pf.: 5.

E-mail: ugyfelszolgalat@naih.hu

Website: http://www.naih.hu

Telephone: 06 (1) 391-1400

Fax: 06 (1) 391-1410