This regulation and information sheet contains the rules and obligations of natural persons regarding the handling of their personal data, as well as information for natural persons on the handling of their personal data, including its exact nature, the purpose of data processing, the names of the persons and organizations that have access to their data, and during data processing the about the security measures used for their protection.The operator of the Website does not appoint a data protection officer due to the fact that it is not obliged to do so based on the rules of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the GDPR Regulation), as it is not a public authority or a body performing public tasks and its main activity does not cover the for continuous, large-scale monitoring of individuals, and does not handle special data in large numbers as part of its main activity.
During the operation of the website and the contractual relationship with customers, as well as other contacts, the data manager manages the customer's data for the purpose of contacting them at their request and providing them with appropriate services.
The data controller intends to fully comply with the legal requirements for the management of personal data, in particular with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council.
This data management regulation and information sheet on the protection of personal data of natural persons and the free flow of data was prepared based on Regulation (EU) 2016/679 of the European Parliament and of the Council, and is also subject to Regulation CXII of 2011. on the content of the law on the right to self-determination of information and freedom of information. Scope of the regulations and information
These rules and information are valid for an indefinite period of time, can be modified by the Data Controller, and are valid until revoked. Its personal scope covers the officials, employees, agents and subcontractors of the Website operator and the natural persons to whom its data management activities apply. The data management activities recorded in these regulations are aimed at the personal data of customers. Purpose of the regulations and information
The purpose of this regulation is to record the regulations of the Website operator with regard to data management activities in order to protect the basic rights and freedoms of customers, as well as to ensure the proper handling of personal data.
Furthermore, the important purpose of issuing the regulations is that, by familiarizing them with and complying with them, the employees, agents and subcontractors of the website operator handle the data of natural persons legally, in accordance with the GDPR Regulation. Data controller
Name: Ágnes Erdélyi
Address: 2900 Komárom, Dobó István u. 44.
Website name and address: Á-Kontír Accounting Office (https://a-kontir.hu)
Availability of the data management information: website
Activity: Provision of information and content on the Internet through a website
Email address: erdelyi.agnesezt_nem_kerjuk@a-kontirezt_nem_kerjuk.hu
Contact by phone: +36 30ezt_nem_kerjuk 560 ezt_nem_kerjuk04 32
Data management guidelines and general rules
For natural persons, data management must be transparent, so they must see how their personal data is collected, used, accessed or in what other way, and to what extent. The processing of personal data must be carried out legally and fairly, as well as in a transparent manner for the data subject, so the goal is to collect personal data only for a specific, clear and legitimate purpose. The purposes of processing personal data must be appropriate and relevant and must be limited to what is necessary. Personal data must be accurate and up-to-date. Every effort must be made to promptly delete or correct inaccurate personal data. The storage of personal data must take place in a form that allows the identification of the data subjects only for the time required or required by law.
The processing of personal data must be carried out in such a way that adequate security of personal data is ensured by applying appropriate technical or organizational measures, including protection against unauthorized or illegal processing, accidental loss, destruction or damage of data.
The principles of data protection must be observed for all personal data management and the data controller is responsible for compliance with these principles.
Because natural persons can be linked by them with online identifiers provided by used devices, applications, devices and protocols, such as IP addresses and cookie identifiers, therefore these data combined with other information are suitable and can be used to create a profile of natural persons and to identify that person.
Data processing may only take place if the data subject gives his voluntary, specific, informed and clear consent to the processing of personal data concerning the natural person by means of a clear affirmative action, for example a written - including electronically - or oral statement. Such consent is also considered if the person concerned checks a relevant box while viewing a website, or makes relevant technical settings, or any other statement or action that clearly indicates consent. Silence, a pre-ticked box or inaction does not constitute consent. If the data subject gives his consent after an electronic request, the request must be clear and concise, and it must not unnecessarily prevent the use of the given service.
Children's personal data deserve special protection, as they may be less aware of the risks and consequences associated with the handling of personal data and the related guarantees and rights. This special protection shall be applied mainly to the use of children's personal data for marketing purposes and the purpose of creating personal or user profiles, as well as to the collection of children's personal data during the use of services provided directly to them.
Personal data must be managed in such a way as to ensure an adequate level of security and confidentiality, and to prevent unauthorized access to personal data and the tools used to manage personal data, as well as their unauthorized use.
All reasonable steps shall be taken to correct or delete inaccurate personal data.
The processing of personal data for purposes other than the original purpose of their collection is only permitted if the data processing is compatible with the original purposes of the data processing for which the personal data were originally collected. In this case, there is no need for a separate legal basis other than the one that enabled the collection of personal data.
If the data management is based on consent, the data controller must be able to prove that the data subject has consented to the processing of his personal data. If the data subject gives his consent in the context of a written statement that also applies to other matters, the request for consent must be communicated in a way that is clearly distinguishable from these other matters. The data subject has the right to withdraw his consent at any time. Withdrawal of consent does not affect the legality of data processing based on consent prior to withdrawal. Before giving consent, the data subject must be informed of this. It should be possible to withdraw consent in the same way as to give it. In determining whether the consent is voluntary, the fact must be taken into account as much as possible, among other things, whether consent to the processing of personal data that is not are necessary for the performance of the contract.
The processing of personal data in relation to information society-related services offered directly to children is legal if the child has reached the age of 16. In the case of a child under the age of 16, the handling of the children's personal data is legal only if and to the extent that the consent was given or authorized by the person exercising parental supervision over the child.
If the data controller can prove that it is not in a position to identify the data subject, it will inform the data subject accordingly if possible.
The principle of fair and transparent data management requires that the data subject receives information about the fact and purposes of data management.
If the personal data is collected from the data subject, the data subject must also be informed whether he is obliged to disclose the personal data, as well as the consequences of not providing the data.
Information related to the handling of personal data concerning the data subject must be provided to the data subject at the time of data collection, or, if the data was not collected from the data subject but from another source, it must be made available within a reasonable time frame, taking into account the circumstances of the case. The data subject has the right to access the data collected about him and to simply and at reasonable intervals, to establish the legality of the data management and to exercise this right in order to control it. All interested parties must be guaranteed the right to know, in particular, the purposes of the processing of personal data, as well as the period of time for which the processing of personal data applies.
The data subject has the right to request that their personal data be deleted and no longer processed, if the collection or processing of personal data in another way is no longer necessary in connection with the original purposes of the data management, or if the data subjects have withdrawn their consent to the processing of the data.
If personal data is processed for the purpose of direct business acquisition, the data subject must be given the right to object to the processing of personal data for this purpose at any time free of charge.
The data controller is obliged to establish deletion or regular review deadlines in relation to data management.
It is the duty of the data controller to implement appropriate and effective measures for the legality and security of data management, and he must be able to prove that the data management activities comply with the applicable legislation.
According to the GDPR Regulation, the data controller or the data processor keeps an appropriate record of the data management activities carried out on the basis of its authority, however, the company employing fewer than 250 people is not obliged to keep a record, if the data management is likely not to pose a risk to the rights and freedoms of the data subjects, the data management is of an occasional nature, or does not cover the processing of personal data classified as special or criminal.
The data must be protected by appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as against becoming inaccessible due to changes in the technology used. When planning and applying data security, the current state of technology must be taken into account. Among several possible data management solutions, the one that ensures a higher level of protection of personal data must be chosen, unless it would represent a disproportionate difficulty for the data controller.
The right to request information: The data subject can request information via the provided contact details about what kind of data the Website operator manages, on what legal basis, for what data management purpose, from what source, and for how long. Upon your request, information must be sent to the provided contact information immediately, but within 30 days at most.
Right to rectification: The data subject can request the modification of any of his data via the contact details provided. Upon your request, action must be taken immediately, but within no more than 30 days, and information must be sent to the contact address provided. The affected person has the right to have the data controller correct or supplement inaccurate personal data concerning him or her without undue delay upon request.
Right to erasure: The data subject can request the erasure of his/her data via the contact details provided. Upon request, this must be done immediately, but within 30 days at most, and information must be sent to the contact address provided. The data subject has the right to request that the data controller delete inaccurate personal data concerning him without undue delay, and the data controller is obliged to delete the personal data concerning the data subject without undue delay, if there is no other legal basis for data processing. The data subject must be informed if the provision of his data is a legal condition for the provision of the given service, since in this case he may also be unable to use the service by requesting the deletion of his data.
Right to blocking and restriction: The data subject can request the blocking of their data via the contact details provided. The blocking lasts as long as the specified reason makes it necessary to store the data. Upon request, this must be done immediately, but within 30 days at most, and information must be sent to the contact address provided.
The right to object: The data subject can object to data processing via the contact details provided. The objection must be examined as soon as possible, but no later than 30 days after the submission of the application, a decision must be made regarding its validity and information about the decision must be sent to the contact address provided. Information on the data management practices of the website operator The website operator states that the purposes of the data management carried out by it and the basis of the data management:
during the operation of the website, you can provide appropriate additional services to the persons visiting the site, contact them, record their data in case of application, which data processing is based on the specific and clear consent of the person visiting the website. in the case of an order, contact information and data required for invoicing
It comes down to data management scope of personal data processed:
in case of making a contact on the website: name, e-mail address, telephone number
The Website operator annually reviews the correctness of data management and the necessity of its existence. The group of persons involved in data management are website visitors and users of website services.
The Website operator states that the data provided to it and the consent to data management can be given by a person who has reached the age of 16, or a person exercising parental supervision over a child who has not reached the age of 16. Duration of data management and deletion of data.
The duration of data management always depends on the specific user goal, but the data must be deleted immediately if the originally set goal has already been achieved. The person concerned can withdraw their consent to data management at any time by sending a letter to the contact e-mail address. If there is no legal obstacle to the deletion, in this case your data will be deleted.
The data required for invoicing cannot be deleted for the period prescribed in accordance with the legislation in force.
The data controller and its employees, agents, subcontractors, as data processors, are entitled to access the data.
The person concerned may request from the data controller access to the personal data relating to him, their correction, deletion or limitation of processing, and may object to the processing of such personal data, as well as assert his right to data portability.
The person concerned may withdraw his data processing consent at any time, but this does not affect the legality of the data processing carried out on the basis of the consent before the withdrawal.
Modification or deletion of personal data can be initiated by e-mail, phone or letter using the contact options provided above.
The person concerned can submit a complaint to the National Data Protection and Freedom of Information Authority.
The data controller informs the data subject without undue delay, but no later than within 30 days of receipt of the request related to data management. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months.
Based on the rules of the GDPR Regulation, the website operator was not obliged to conduct a data protection impact assessment.
Based on the rules of the GDPR Regulation, the Website operator is not obliged to appoint a data protection officer, since the main activities do not include data management operations that, due to their nature, scope or goals, require regular and systematic, large-scale monitoring of the data subjects.
According to the rules of the GDPR Regulation, the website operator is not obliged to keep data management records, taking into account that it is a company employing less than 250 people, and the data management carried out is not likely to pose a risk to the rights and freedoms of the data subjects, the data management is of an occasional nature and does not fall into a special category for the processing of personal data related to classified or criminal offenses.
In order to protect data, the Website operator does everything required by the relevant legislation and current technical possibilities. Thus, personal data provided in paper form is destroyed immediately after processing and is not kept. The website uses security solutions, the data stored on the computer is password protected. Data protection incident
In case of illegal handling or processing of personal data, there is an obligation to report to the supervisory authority. The data controller must report the data protection incident to the supervisory authority without undue delay - if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is likely to pose no risk to the rights of the natural person. The data subject must be informed without delay if the data protection incident is likely to involve a high risk to the rights and freedom of the natural person, in order to be able to take the necessary precautions
A data protection incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled. In the absence of adequate and timely measures, a data protection incident can cause physical, financial or non-financial damage to natural persons, including the loss of control over their personal data or the restriction of their rights, discrimination, identity theft or identity abuse.
The website operator sets up its procedure for data protection incidents in such a way that it obligatorily expects all data processors and employees to report within 24 hours for Ágnes Erdélyi if you have experienced a data protection incident. The Website operator will then immediately take the necessary steps in connection with notifying the supervisory authority or the person concerned.
The purpose of data management is website operation and contact.
The group of people involved in data management is the visitors and users of the website.
Data management takes place until consent is withdrawn. Consent to data management can be revoked at any time in a letter sent to the contact e-mail address. The data is deleted when consent to data management is withdrawn, unless otherwise provided in these Regulations. Consent to data management can be revoked at any time in a letter sent to the contact e-mail address.
The data controller and its employees are entitled to access the data. Data storage method: electronic. Modification or deletion of personal data can be initiated by e-mail, phone or letter using the contact options provided above. The provision of personal data is absolutely necessary for identification in databases and for maintaining contact.
Scope of processed data:
Name, e-mail, phone
The specific purpose of the data management data
Scope of processed data:
IP address Date of sending contact form
The specific purpose of data management data:
Technical information operation.
The user's data management consent can be given by intentionally ticking the empty checkbox on the website that is specifically for this purpose. The person concerned can object to the processing of his personal data, in this regard he is entitled to the procedure according to the data management information detailed above and this information sheet, as well as the legislation described in the information sheet.
Social media is a media tool where the message is spread through social users. Social media uses the Internet and online exposure to transform users from content receivers to content editors. Social media is a web application interface that hosts user-generated content, such as Facebook, Google+, Twitter, Pinterest, etc. Social media can include public speeches, lectures, presentations, product or service presentations. The forms of information published in social media can be forums, blog posts, image, video and audio materials, message boards, e-mail messages, etc. In accordance with the above, the range of processed data may include the user's public profile picture in addition to personal data. The scope of those affected: all registered users. The purpose of data collection is to promote the website or its related website. The legal basis for data management is the voluntary consent of the data subject. Duration of data management: according to the regulations that can be viewed on the given social media page. Data deletion deadline: according to the regulations that can be viewed on the given social media page. They are entitled to access the data: according to the regulations that can be viewed on the given social media page. Rights related to data management: according to the regulations that can be viewed on the given social media page. Data storage method: electronic.It is important to take into account that when the user uploads or submits any personal data, he gives the operator of the social site a worldwide license to store and use such content. Therefore, it is very important to make sure that the user has full authorization to communicate the published information.
László Zámbó e.v.
2890 Tata, Május 1. út 41. MF/3.
The provided personal data is stored by the server operated by the hosting provider. Only the employees of the Website operator and the employees of the server can access the data, but they are all responsible for the safe handling of the data. Name of the activity: hosting service, server service. The purpose of data management is to ensure the operation of the website. The processed data: the personal data provided by the data subject. The duration of the data management and the deadline for deleting the data. The data is managed until the end of the operation of the website, or in accordance with the contractual agreement between the operator of the website and the hosting provider. If necessary, the affected person can contact the storage provider and request the deletion of their data. The legal basis for data management is the consent of the person concerned, or data management based on legislation.
Igmándi út 35.