Privacy policy

Data protection rules

  1. Introduction

Gerbeaud Gastrotomy Inc. (hereinafter referred to as: Gerbeaus. "or" or Company (c) in these Regulations, Rules (b) define the directives and obligations relating to the protection and management of the personal data of natural persons.

Persons working with the Society shall be required to have personal data acquired by them in the course of their activities in accordance with the relevant legal provisions, in particular concerning the protection of natural persons with regard to the processing of personal data and the free flow of such data, and 2016/679 by the European Parliament and the Council (EU) on the repeal of Regulation 95/46/EC. M Regulation (general data protection regulation), hereinafter referred to as: GDPR' (i i) information on the right of self-determination and freedom of information. year CXII. law (hereinafter referred to as: Information. '(treat as directed.

These persons shall, in the course of their activities which necessarily entail the processing of personal data, act in accordance with the provisions of these Regulations in accordance with the specific rules applicable to the activity in question, t ha t, where the special rules provide for a lower level of protection from a data protection point of view than those laid down in these Regulations, this Regulation shall apply, and where the special rule provides for a higher level of protection, the special rules shall apply.

  1. Purpose of the Code

The purpose of this Regulation i s to ensure that the data processing carried out by the Company meets the legal requirements in force. Furthermore, the purpose of the Code is to ensure that personal data are acquired by the Company only in accordance with the relevant legal conditions and that processed personal data managed by the Company can be held by the persons concerned themselves. It also aims to ensure that the rights of the persons concerned are not infringed in the processing and processing of personal data. In view of this, the Code contains, inter alia, the principles and provisions to be taken into account and followed in the activities of the Company. The Gerbeaud Gastronomy Corporation, as the controller, accepts the content of this legal communication as binding and takes into account the specifications in each of its data-processing processes and activities throughout its life. It undertakes to ensure that all data processing relating to its activities meets the requirements laid down in these Regulations and in the national legislation in force and in the acts of the European Union.

Gerbeaud Gastrotomy Inc. data protection rules and information on data processing are kept available at all times for: www.gerbeaud.hu/dataLiquidem Address.

Gerbeaud Co. reserve the right to change this Regulation and this leaflet at any time. He will, of course, inform his partners and employees in good time of any changes.

If you have a question relating to our communication, please write to us and our colleague will answer it.

Gerbeaud Co. i s committed to the protection of the personal data of its clients, partners and employees, attaching particular importance to respecting the right to information of its clients and employees. keep personal data confidential and take all security, technical and organisational measures necessary to ensure the security of the data.

Gerbeaud Co. describe its data management practices below.

  1. Scope of application
    • Scope of the Code

The scope of the Code shall extend to all procedures within the Company for the processing of data.

  • Scope of the Code

The subject-matter of the Code shall apply to all persons working in the territory of the Company whose activities involve the processing of data or to persons engaged in data management activities relating to the activities of the Company who a re employed or intended to work with another legal entity. in other circumstances, as well as persons carrying on the outsourced activity or their employees (who, for the purposes of these Regulations, are subject to the same treatment as an employee of the Company and are thus liable to the obligations arising from these Regulations) These Rules shall apply until they are revoked.

  • Related legislation

The company shall, in the course of its data processing, act in accordance with the requirements of the following legislation, as set out in these internal rules:

Regulation 2016/679 of the European Parliament and of the Council (EU). April 27.) on the protection of natural persons with regard to the processing of personal data and the free flow of such data and repealing Regulation 95/46/EC (General Data Protection Regulation (GDPR)

Information on the right to self-determination and freedom of information year CXII. law (hereinafter Infotv)

(iii) the Civil Code 2013. Annual Law V (hereinafter referred to as Ptk)
2012 on the work charter. Annual Law I (hereinafter referred to as Mt)
Rule 2005 on the protection of persons, property and the conduct of private investigators. year CXXXIII. Law.

  • Annual Law C on Accounting (Accounting). TV.);
  • ANNUAL LINE. law on the prevention and prevention of money laundering and terrorist financing (Pmt);
  • annual CCXXXVII. law on credit institutions and financial undertakings (Hpt).
  1. Description of procedure
    • Essential concepts and definitions

Terms used and defined in this Regulation in accordance with the provisions of GDPR:

  • a GDP (General Data Protection Regulation) the new Data Protection Regulation of the European Union
  • controller a natural or legal person, a public authority body, an agency or any other body which determines the purposes and means for the processing of personal data, individually or jointly with others; where the purposes and means of data management are determined by Union or national law, specific criteria for the appointment of the controller or controller may also be defined by Union or national law;
  • Data all operations or operations carried out on personal data or files by automated or non-automated means, such as collection, recording, structuring, storing, conversion or alteration, consultation, consultation, use, communication, transmission, dissemination or other means of making available, coordination or interconnection, restriction, deletion or destruction;
  • processor the natural or legal person, public authority body, agency or any other body which processes personal data on behalf of the controller;
  • personal data any information relating to an identified or identifiable natural person (concerned); a natural person may be identified who is, directly or indirectly, in particular by an identifier, such as name, number, location data, online identifier or natural person, physical, physiological, genetic, can be identified on the basis of one or more factors relating to its intellectual, economic, cultural or social identity;
  • special personal data: In addition, within the category of personal data, GDPR defines a subcategory, namely the category of special personal data, which according to GDPR requires a higher level of protection than general personal data. GDPR sets stricter conditions for the processing of data relating to specific personal data.

Special personal data shall include, in particular but not limited to:

  • personal data relating to racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data intended to identify natural persons individually, health data and personal data on the sexual life or sexual orientation of natural persons.
  • genetic data: Any personal data relating to the genetic characteristics inherited or acquired by a natural person which contains specific information on the physiology or state of health of that person and which results primarily from the analysis of a biological sample taken from that natural person;

biometric data: Personal data on the physical, physiological or behavioural characteristics of a natural person obtained by any specific technical procedure enabling or confirming the individual identification of a natural person, such a s a facial image or dactyloscopic data;

  • health data: Personal data on the physical or psychological state of a natural person, including information on health services provided to a natural person, which contains information on the state of health of the natural person;
  • the child's personal details: any information, data relating to a child who has not completed his/her life. I.D. that 16. a child who has not completed his/her life, who is a direct or indirect child, in particular an identifier, such as name, number, location data, online identifier, or a natural person, physical, physiological, genetic, mental, economic, can be identified on the basis of one or more factors relating to cultural or social identity;
  • third party the natural or legal person, public authority body, agency or any other body which is not the same as the data subject, the controller, the processor or or persons authorised to handle personal data under the direct control of the controller or processor;

–   concerned: Any natural person identified or identifiable on the basis of personal data;

  • the relevant contribution a voluntary, concrete and appropriate information-based and clear statement of the will of the data subject indicating by means of the declaration concerned or of an act expressing confirmation unambiguously that he/she consents to the processing of personal data concerning him/her;
  • limitation of data management indication of stored personal data with a view to limiting their future management;
  • aliasing the processing of personal data in a way that makes it no longer possible to determine which specific natural person the personal data relate to without further information being used, provided that such additional information is stored separately, and, by taking technical and organisational measures, ensure that such personal data cannot be linked to identified or identifiable natural persons;
  • Profiling: Any form of automated processing of personal data involving personal data for the assessment of certain personal characteristics relating to a natural person, in particular performance a t work, economic situation, health status, personal preferences, interest, used to analyse or predict reliability, behaviour, location or movement characteristics;
  • Transmission: Where the data is made available to a specific third party;
  • Register system personal data in any way, centralised, decentralised or structured in functional or geographical terms, accessible on the basis of specified criteria;
  • Data protection incident : security damage which results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access to personal data transmitted, stored or otherwise processed;
  • General Data Management Directives

The processing of personal data shall be conducted in a lawful and fair manner and in a transparent manner to the data subject. legality, due process and transparency ”).

Personal data shall be collected only for specified, explicit and lawful purposes and shall not be handled in a manner incompatible with those purposes; it shall not be considered incompatible with the original purpose for the purposes of archiving in the public interest, further processing of data for scientific and historical research or statistical purposes, purpose limitation ”).

The purpose of the processing of personal data shall be appropriate and relevant and shall be limited to: data-saving ”).

Personal data must be accurate and up-to-date; inaccurate personal data must be deleted without delay. accuracy ”).

Personal data shall be stored in such a way as to allow identification of data subjects only for the time necessary. Personal data may be stored for a longer period only if they are stored for archiving in the public interest, for scientific and historical research or for statistical purposes (i.e.: restricted storage ”).

The processing of personal data shall be carried out in such a way as to ensure adequate security of personal data by the application of appropriate technical or organisational measures, by the unauthorised or unlawful processing of data, by accidental loss, including protection against destruction or damage, Accountability ”).

The principles of data protection shall apply to all information relating to an identified or identifiable natural person.

The staff member who administers the data of the organisation shall be responsible for disciplinary, damaging, irregular and criminal liability for the lawful management of personal data; if the staff member becomes aware that the personal data he manages are incorrect, incomplete or inaccurate, he shall correct i t, or initiate rectification by the person responsible for recording the data.

  • Responsibility and powers

Responsible for implementing the Code: Employee and manager of all personal data of the Company.

The Data Protection Officer of the Company is responsible for monitoring implementation and maintaining the Code. Data protection officer ) The Data Protection Officer shall support, inter alia, all employees and managers of the Society handling personal data in the organisational and professional fulfilment of data protection requirements.

  • Status and duties of Data Protection Officer

An employee of the Company shall inform the Data Protection Officer if he finds that the data management rules have been breached or a re in danger of being breached. This indication shall clearly identify the data subject area and the person or process in which, or whose activities infringe or threaten data protection rules.

If the staff member of the Company has doubts as to whether a procedure, activity is in breach of data protection rules or if there are no rules in the present Rules on the matter, he shall ask the Data Protection Officer of the Society and ask him for a position. Pending a resolution, the procedure or activity concerned shall not be carried out or carried out. The Data Protection Officer shall act in accordance with his resolution or guidelines, even if issued by the Data Protection Officer in connection with a specific question or case and if published as a general argument as a guideline.

Infringements of data protection rules may result in liability or consequences under labour law (e.g. termination of employment).

The tasks of the Data Protection Officer shall include in particular:

Contribute to, or assist in, decisions on data management and in ensuring the rights of data subjects;

Controls compliance with this Act and other legislation on data management and with the provisions of internal data protection and data security regulations and with data security requirements;

Examine the notifications received, call upon the controller or processor to cease any unauthorised data processing if it is detected;

Establish internal data protection and security rules;

keep internal data protection records;

Provide training in data protection

4.5.  Rules for controllers and processors

4.5.1.                  Distinction of data controller

The controller may be a natural or legal person, a public authority body, an agency or any other body. The originator may also be a natural or legal person, a public authority body, an agency or any other body, but it must be a separate person or organisation from the data controller.

The Data Manager shall define (individually or in conjunction with others) the purposes and means for the management of personal data. The data processor shall: no specify it.

The Data Manager shall always: in his name acts, acts on behalf of the data controller.

The Data Manager by its own decision acts, acts in accordance with the instructions of the data controller (unless Union or Member State law on the data processor also provides for data processing by the data processor), the data controller does not perform logical operations with personal data.

4.5.2.                  Duties of the controller

The Data Manager reported on the nature, scope, circumstances and purposes of the data management and on the rights and freedoms of natural persons, implement appropriate technical and organisational measures to ensure and demonstrate (see principle of accountability) that personal data are managed in accordance with GDPR, taking into account the risk of variable probability and severity.

Such measures shall include:

  • application of internal data protection rules (which goes beyond the establishment of internal data protection rules);
  • preparing an impact assessment before new data treatments with a potentially high risk are initiated;
  • consistent application of the principle of default and built-in data protection;
  • appropriate data protection incident management;
  • establishment of a DPO (profession or person) in the organisation, ensuring conflicts of interest, independence, etc.

These measures shall be reviewed and updated at least annually.

4.5.3.                  Use of processor

If the data controller uses a data controller, it shall only be a person who:

  • provide appropriate guarantees for the fulfilment of the data management requirements of GDPR;
  • be able to implement appropriate technical and organisational measures ensuring the protection of the rights of the persons concerned and provide appropriate guarantees for their implementation.

The data controller may have recourse to a further processor, subject to the prior and written authorisation of the controller, on a case-by-case or general basis.

In the case of a general written authorisation, the data controller shall inform the data controller of any planned change affecting the use or exchange of further data processors, thereby ensuring that the data controller objects to such changes.

The data controller shall be responsible for its activities. The data processor responsible for the further data processing activities shall be fully responsible. The obligations of the additional data processor are the same as those of the data controller.

Where the Company is considered a processor in connection with a processing operation under this point, the provisions laid down for the processor shall apply to the Company accordingly.

 

4.6.  Possible legal basis for data management

The data management of the Company may be based on:

  1. Contribution concerned The volunteer concerned may make a specific, explicit, information-based and clear contribution to the processing of his personal data for one or more specific purposes by means of a declaration or an act expressing confirmation without ambiguity.

Where the processing is based on consent, the controller shall be able to demonstrate that he has consented to the processing of the personal data concerned.

Where the consent of the person concerned is given in the form of a written declaration which simultaneously covers other cases, the application for consent shall be made in a manner which is clearly distinguishable from those other cases, in a clear and easily accessible form, in a clear and simple language. The contribution of the person concerned shall be clearly distinguishable for each case.

Any part of the statement of consent which conflicts with the provisions of GDPR is invalid. The person concerned shall be entitled to withdraw his consent at any time. Withdrawal of consent shall be without prejudice to the lawfulness of consent-based data processing prior to withdrawal. Withdrawal of consent shall be possible in the same simple way as granting it.

  1. Contract performance the data management contract may be performed on a legal basis where the processing is necessary for the performance of a contract in which the data subject is a party or for taking action at the request of the data subject prior to the conclusion of the contract.
  2. Compliance with legal obligations the legal basis for the fulfilment of the legal obligation to manage data may be used if the management is necessary for the fulfilment of the controller's legal obligation. Legal obligation refers to legal provisions of Union or national law.
  3. Reasonable interest: the processing is necessary for the legitimate interests of the controller or of a third party, unless those interests give priority to the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the child concerned is a child.

Prior to the determination of data management on the basis of legitimate interest: The so-called balancing test where the legitimate interest of the controller or of a third party, the interest of the data subject as a counterweight and the fundamental right of the data subject must first be identified and, finally, it must be determined, on the basis of the weighting exercise, whether the personal data can be processed.

legitimate interest, and thus, at the discretion of the controller, personal data may be processed without the individual consent of the data subject and, inter alia, after the withdrawal of his consent, subject to the following conditions: either the processing is carried out with a view to enforcing the legitimate interest of the controller or of a third party, provided that it is established that that interest is exercised for the protection of personal data;

  1. Essential interest: the processing takes place to protect the life of the data subject or the vital interests of another natural person. Personal data may be processed on grounds relating to the vital interests of another natural person only if such data processing cannot be carried out on another legal basis. (For example, in the case of humanitarian disasters, reference may be made to a vital interest, including where necessary for the monitoring of epidemics and their spread).
  2. Public data management data management may be based on a public interest legal basis where the processing is necessary for the performance of a task in the public interest or under the public authority conferred on the controller.

4.7.  Rules on the handling of children's personal data

The processing of personal data directly provided to children for information society services is legal if the child is 16. a lifetime. The 16th. in the case of a child who has not completed his or her life, the processing of the personal data of the children shall be lawful only if the consent has been granted or authorised by the person exercising parental supervision over the child, or is required by law, or in order to protect the legitimate interests of the child.

The Data Manager shall make reasonable efforts, taking into account the available technology, to verify in such cases that the consent has been granted or authorised by the holder of parental supervision of the child.

In view of the fact that children require special protection, all information and communication relating to data processing specifically for children should be written in a clear and comprehensible language which the child can easily understand.

This specific protection should apply mainly to the use of children's personal data for marketing purposes or for the creation of personal or user profiles, and the collection of personal data of children when using services provided directly to them. Prevention and counselling services directly provided to the child do not require the consent of the holder of parental supervision.

4.8.  Treatment of specific categories of personal data

The concept of specific data is not generally defined by GDPR but refers only to certain categories (personal data referring to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership), and genetic and biometric data, health data and personal data relating to the sexual life or sexual orientation of natural persons for the purpose of identifying natural persons individually, or shall be deficient separately.

As a rule, the handling of special data is prohibited.

In comparison, GDPR establishes exceptions, so despite the general ban, it may have access to specific data. i If you:

  • the data subject has given his explicit consent to the processing of those personal data for a specific purpose and the consent is not prohibited by Union or Member State law;
  • the data management is necessary to fulfil the obligations of the controller or the data subject under the legal provisions governing employment and social security and social protection and to exercise his specific rights, where appropriate safeguards to protect the fundamental rights and interests of the data subject a collective agreement under existing Union or Member State law or under the law of a Member State allows this;
  • the processing is necessary to protect the vital interests of the data subject, provided that the data subject is unable to give his consent owing to the physical or legal incapacity of the data subject;
  • the processing relates to personal data which have been expressly disclosed by the data subject;
  • data management is necessary to present, enforce or protect legal needs;
  • the processing of data is necessary for reasons of overriding public interest on the basis of Union law or national law, which is proportionate to the objective pursued, respects the essential content of the right to the protection of personal data and provides for appropriate and specific measures to safeguard the fundamental rights and interests of the data subject;
  • data treatment for preventive health or occupational health purposes, assessment of the worker's ability to work, setting up a medical diagnosis, the provision of health or social care or treatment, or the management of health or social systems and services, under Union or national law or under a contract with a health professional;
  • data processing for archiving in the public interest, for scientific and historical research or for statistical purposes, on the basis of Union or Member State law proportionate to the objective pursued, respects the essential content of the right to the protection of personal data and the fundamental rights of the person concerned and provides for appropriate and concrete measures to safeguard its interests;

Special personal data are handled differently by the Company compared to personal data. Thus, the protection of Special Personal Data is regulated by the Society with special access rights settings, which are logically separate from personal data.

Only the manager of the workplace is entitled to handle the special details of the employees, while the specific particulars of the partners, purchasers and guests of the employees who a re engaged in the performance of the contract are entitled, on request, to have Gerbeaud Kft: deletes the special data.

  • Data

The company shall record only personal data which it provides voluntarily. By providing the personal data of the data subject, it contributes to the inclusion of his personal data in the Data Manager's database in accordance with this Regulation.

The Company shall conduct the following data treatments:

 

  1. Recording of reservations In the case of reservation by telephone, e-mail, online reservation system or in person, the company shall process the following personal details of the persons concerned for the purpose of identification and reservation recording:

(1) the name of the person concerned;

(2) the address of the e-mail concerned;

(3) the telephone number concerned;

(4) other personal data supplied by the data subject under the Note or by other means

(5) information on food allergy or food sensitivity;

(6) A www.gerbeaud.hu www. Anxiety and the www.emile.hu the IP address of the computer concerned during the visit to the website; details of its activity on the website concerned (e.g. tracking the number of banner clicks, location and duration of the login, server data, cookies).

The legal basis for data management for personal data in (1)-(4) is GDPR 6. Treated for the purpose of performing the contract under point (b) of paragraph 1(1); whereas for personal data in point (5), GDPR 9. on the basis of Article 2(a), the explicit contribution of the data subject, the personal data set out in paragraph 6(a), shall be GDPR 6. administer it for the purpose of enforcing its interests under point (f) of paragraph 1(1).

Data handling for reservation purposes shall be carried out in accordance with the CSF reservation agreement, but not later than 90 days after the reservation date.

  1. Signing on Newsletter The Company shall notify its current tenders by means of a newsletter to inform it of its current tenders.

In relation to Data Management, the Company shall handle the following data:

(1) the name of the person concerned;

(2) the e-mail address of the person concerned.

Legal basis for data management: GDPR GDPR 6. the relevant contribution under point (a) of paragraph 1(1).

The processing of the data provided in the course of subscription to the newsletter shall take place until the date on which the data subject's consent to the processing has been withdrawn.

  1. Use of services, purchase of products: In relation to Data Management, the Company shall handle the following data:

(1) the name of the person concerned;

(2) on a case-by-case basis, particulars on the relevant credit card;

(3) occasionally the signature of the person concerned.

(4) if an invoice is requested, any other information (e.g. address of the person concerned) needed to issue an invoice in accordance with current legislation.

Legal basis for data management: The Society for Personal Data is GDPR 6. under Article 1(b), administer for the purpose of performing the contract.

The data relating to the use of the company's services and the purchase of its products shall be processed until the 90th day following the termination of the contract between the company concerned and the company or until the legal obligations of the company are fulfilled.

  1. When establishing and during employment, the company shall, as an employer, keep the following personal data:

personal address, Tail, Tax Card, Social Security Guide, Exit from previous job, Bank Account Agreement, Certificate, Highest Qualifications and Professional Qualifications (mandatory from 2016) a valid lung biopsy (not more than one year old), e. book. Family benefit entitlement, debt declaration, private pension fund membership document, membership renewal declaration (if membership is retained), wages, working hours, sickness, training, employee events

pensioner: proof of payment of pension (date of retirement)

temporary staff: name, tax number or address

The Data Manager shall interpret and apply data protection requirements for labour data management in accordance with the provisions of the Mt and other specific labour law rules. In addition to the general provisions of these Regulations, the provisions of internal rules and documents on labour matters (e.g. personal data management information) shall apply. Some specific labour data management requirements may be included in other relevant professional codes (e.g. rules on the use of mobile devices provided by the employer for personal use, rules on the use of electronic mail systems, e-mail filtering, control of workers).

Personal data of employees exclusively for the purpose of establishing employment, New entrants shall be informed in writing of all facts relating to the management of their data, in particular the purpose and legal basis of the data, on the day of their employment, the person entitled to receive and process the data, the duration of the data processing, the persons who may have access to the data.

Legal basis for data management: The company data are GDPR 6. under Article 1(b), administer for the purpose of performing the contract.

The duration of the data management resulting from or related to the employment relationship shall be until the employment ceases or the employer fulfils its legal obligations.

  1. Job applications, CVs

The Data Manager shall process the data relating to job applications for the sole purpose of evaluating them. The legal basis for data management is the Voluntary Contribution of the data subject, which may be terminated at any time. Personal data contained in the documents submitted in connection with the job application may be made available to Gerbeaud Kft as controller or competent staff, agents and data processors who may be involved in the evaluation of the application.

The Head of Personnel of the Company shall deal with specific data acquired by the Company in the course of applications for a post solely for the purpose of evaluating it.

Applications for employment and the management of CVs shall be governed by the provisions of the Staff Regulations and other documents of the Data Manager.

4.10.  Information

4.10.1.              General requirements

The information provided to the person concerned shall be concise, transparent, understandable and easily accessible. It shall be written or otherwise in a clear and understandable form, in particular in the case of any information addressed to children.

4.10.2.              Information if personal data from the data subject derived (prior notification)

If the personal data originate from the data subject, the Society, as Data Manager, shall provide the data subject with the following information (prior information) at the time of the acquisition of the personal data:

  • the identity and contact details of the data administrator and, if any, of the data administrator's representative (name of the data administrator; postal address, e-mail address, telephone number);
  • the identity and contact details of the DPO (name, e-mail address, telephone number);
  • the purpose of the planned data management (without specific, precise indication, masking of real objectives) and the legal basis for the data management;
  • in the case of data processing based on legitimate interest, the legitimate interests of the data controller or third party;
  • where applicable, the recipients of personal data or categories of recipients;
  • the fact and guarantees of data transmission to a third country, an international organisation;
  • the period of storage of personal data or, where this is not possible, the criteria for determining that period;
  • a description of the rights of access, rectification, deletion and restriction of the processing of personal data relating to the data subject by the data subject and a statement of objection to the processing of such personal data and to the right of the data media concerned;
  • in the case of consent-based data management, the right to withdraw consent at any time;
  • the right to lodge a complaint with the supervisory authority;
  • whether the provision of personal data is based on legislation or a contractual obligation or a precondition for the conclusion of a contract, whether the data subject is obliged to provide personal data and what possible consequences the non-provision of such data may have;
  • the fact (including profiling), logic of automated decision-making and the consequences for the person concerned.

Preliminary information may be dispensed with to the extent that the person concerned already has that information.

As regards the method of information, information may be provided on paper, electronically or orally a t the start of the data processing.

The Data Manager shall be provided in printed form a t the request of the customer/other interested party present in person.

 

  • Data management rights
    • Right of access and information

At the request of the data subject, the data administrator shall provide information on whether his data a re being processed; if so, the data administrator shall inform the data subject of the categories of data being processed, the purpose of data management, the recipients of the data management or the category of recipients by providing access to: the duration of data storage or the criteria for determining the period, the exercise of rights of access, the right to complain to the National Data Protection and Freedom of Information Authority (NAIH), the source of data and the fact that automated decision-making has been taken, including profiling. In the case of data transmission outside the European Union or the European Economic Area, the data subject shall also be informed of the appropriate guarantees provided for the transmission of data.

  • Right to correction

The data subject shall be entitled to ask the data controller for rectification in the event of inaccuracy.

If a correction of the Personal Data managed by the Data Manager is necessary, the data may be requested to be corrected in the relevant writing (by post or by e-mail) by indicating the correct data.

The data subject shall notify the data controller in writing (by post or e-mail) of any change in the Personal Data Sheet managed by the data controller without delay, but not later than five days after the change. The controller shall be liable for any failure or delay in completing this notification.

  • Right to delete

The data subject shall be entitled to have personal data deleted by the data controller without undue delay at his request and the data controller shall be obliged to delete personal data relating to the data subject without undue delay in the GDPR (17). (Article) in specific cases.

In the event that the Data Manager has made the Personal Data public, i.e. communicated them to third parties, when exercising its right to delete the data subject, the Data Manager shall take reasonable steps to inform those additional controllers, to whom the Personal Data were transmitted, that the data subject had requested the deletion of links or copies or copies of those personal data from them.

 

  • Right to limit data processing

The data controller shall restrict data flow upon request if:

The data subject disputes the accuracy of the personal data;

 

Data processing is illegal;

Data controllers no longer need personal data for data processing purposes, but the data subject requires them to present, validate or protect legal needs;

The data subject objected to the data processing.
  • Right to data availability

The data subject shall have the right to receive the personal data relating to him which he has made available to the data controller in a structured, widely used machine-readable format and shall be entitled to transmit those data to another controller without being precluded by the data controller if:

  • data management is based on contributions; and
  • data management is performed in an automated manner.
  • Right to object

The data subject may object to the processing of his personal data for direct business purposes. In that case, personal data may no longer be processed for that purpose.

In exercising the rights listed above, the data subject shall have the right to contact the data administrators.

Contact details of Controller:

Name: Gerbeaud Kft.

Seat 1051 Budapest, Red mart Square 7-8.

Company directory No 01-09-730963

Name of the Registration Court: Capital Court

Tax No 13353779-2-41

Telephone number: +361 429 9000

E-mail: Gerbeaud@gerbeaud.hu

  • Jurisdiction of data management

National Data Protection and Freedom of Information Authority

Postal address: 1530 Budapest, Pf.: 5.

Address: 1125 Budapest, Silk Elizabeth fasor 22/c
Telephone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: Subtitles by LeapinLar

The data importer may bring the data controller before the courts in the event of a breach of his rights. This court is out of order. He may bring proceedings before the court or tribunal competent in the place of residence or residence, at his choice.

  1. Treatment of privacy incidents

A data protection incident may cause physical, property or non-property damage to natural persons in the absence of appropriate and timely action, including loss of control of their personal data or limitation of their rights, discrimination, identity theft or identity any abuse, financial loss, damage to good repute, damage to the confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage to the natural persons in question.

The data controller shall inform the authority of the occurrence of data protection received without undue delay but not later than 72-hour. If the notification is not made within 72-hour, the reasons justifying the delay shall be attached.

A data protection incident shall not be reported to the authority if the data protection incident is unlikely to pose a risk to the rights and freedoms of natural persons.

Where notification of a data protection incident to an authority is required, the notification shall:

  1. (a) the nature of the data protection incident, including, where possible, the categories and approximate number of persons concerned and the categories and approximate number of data involved in the incident, shall be described;
  2. (b) indicate the name and contact details of the DPO or of any other contact person providing further information;
  3. (c) describe the likely consequences of the data protection incident;
    (d) describe the measures taken or planned by the company to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.

If the data protection incident is likely to pose a high risk to the rights and freedoms of natural persons, the company shall, without undue delay, inform the data subject of the data protection incident; the information shall clearly and clearly state to the data subject the nature of the data protection incident and indicate:

  1. (a) the name and contact details of the DPO or of any other contact person providing further information;
    (b)describe the likely consequences of the data protection incident;
    (c) describe the measures taken or planned by the company to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.

The data subject shall not be informed if any of the following conditions are met:

  1. (a) the company has implemented appropriate technical and organisational protection measures and these measures have been applied with regard to data affected by the data protection incident, in particular those measures such as the use of encryption, which render the data incomprehensible to persons not entitled to access personal data;
  2. (b) the company has taken further measures following the data protection incident to ensure that the high risk to the rights and freedoms of the person concerned is no longer likely to materialise;
  3. (c) information would require a disproportionate effort. In such cases, interested parties shall be informed by means of publicly available information or similar measures shall be taken to ensure that those concerned are equally effectively informed.

Where the company employs a data processor, the data processing contract shall stipulate that the data processor shall immediately report to the company the occurrence of his data protection incident.

  1. Data-security

In particular, the data shall be protected by appropriate measures against unauthorised access, alteration, transmission, disclosure, deletion or destruction, accidental destruction and damage, and against inaccessibility as a result of changes in the technique used.

In order to protect the files electronically managed in the registers, it is necessary to ensure by appropriate technical means that the data contained in the registers are not directly interconnectable and attributable to the data subject.

The design and application of data security shall take into account the state of the art at all times. The choice of several possible data management solutions should be one t ha t ensures a higher level of protection of personal data, unless this would create disproportionate difficulties for the controller.

7.     Education, training

The Society, as Data Manager, shall ensure that all senior staff, employees, are familiar with the data protection legislation and with the provisions of these Regulations, are aware of the data protection obligations and the purposes of data management and, where necessary, that: Act according to GDPR, Infotv and this Regulation.

8.     Final and supplementary provisions

Present Rule 2018. May 25th. Effective on its date.

Matters not covered by the Code shall be dealt with in accordance with the legislation in force at all times. The Regulations shall apply in conjunction with the statutory rules and procedures issued by the Society. The rules of procedure shall not be contrary to those laid down in these Regulations.

The Company and its employees shall act in accordance with the provisions of these Regulations, inform and enforce the persons in charge of the statutory position, their employees, any other legal person seeking to work.

Produced by the Company's Data Protection Officer.

The Data Protection Officer of the Company shall be responsible for maintaining these Rules.