M1 Autohof Ltd. (hereinafter: Service Provider, Data Controller) submits to the following information.
Prior to the start of the processing, the data subject shall be clearly and fully informed of all facts relating to the processing of his or her data, in particular the purpose and legal basis of the processing, the person authorized to process and process it and the duration of the processing.
The information should also cover the data subject’s rights and remedies.
The purpose of the site is to organize shooting ranges and other services for the Service Provider’s end users. In view of this, the Service Provider shall record primarily the data necessary for the performance of the contract in connection with the operation.
The Data Controller is entitled to unilaterally amend this Prospectus at any time taking into account the applicable legal regulations. Amendments to the Prospectus shall enter into force upon publication.
Terms and definitions used in the Code
Affected: an identified or identifiable natural person (identifiable person, directly or indirectly, in particular an identifier such as name, number, location data, online identification or physical, physiological, genetic, intellectual, economic, cultural or social identity, based on one or more factors);
Personal data: any information about the data subject;
Data management: any operation or combination of operations, whether automated or not, performed on personal data or files, such as collection, recording, filing, sorting, storing, transforming or altering, retrieving, accessing, using, communicating, distributing or otherwise making available by item, alignment or connection, restriction, deletion or destruction;
Data Controller: any natural or legal person who, either individually or jointly with others, determines the purposes and means of the processing of personal data;
Data Controller: any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
Third party: any natural or legal person, public authority, agency or any other body which is not the data subject, the controller, the data processor or the persons authorized to process personal data under the direct control of the data controller or processor;
Privacy Incident: a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access of personal data transmitted, stored or otherwise processed;
Data relating to Data Controller and Data Processors
The Data Controller:
name: M1 AUTOHOF Kft.
tax number: 25111190-1-13
seat: 2252 Tóalmás, Liget utca 42.
represented by Daniel Csontos
e-mail address: firstname.lastname@example.org
IT Service Provider, Administrator:
name: Intelliweb Kft.
tax number: 14215111-2-02
represented by András Zoltán Kapoli
seat: 7627 Pécs, Wass Albert út 23.
the action he performs: hosting the website, storing personal data.
The Data Contrller shall act in full respect of the following principles when handling the Data of the Data subject:
The processing of the data must be carried out in a lawful and fair manner and in a manner that is transparent to the data subject (‘legality, due process and transparency’);
data must be collected for specified, explicit and legitimate purposes and not processed in a way incompatible with those purposes (“purpose limitation”);
they must be appropriate and relevant to the purposes for which the data are processed and must be limited to what is necessary (‘data-saving’);
they must be accurate and, where necessary, kept up to date (“accuracy”);
it must be kept in a form which permits identification of data subjects for no longer than is necessary for the purpose for which the personal data processing is carried out (“limited storage”);
shall be handled in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, through the use of appropriate technical or organizational measures (“integrity and confidentiality”).
the controller is responsible for complying with the above principles and must be able to justify such compliance (“accountability”).
The Data Controller has developed its Code of Conduct as described above, and is constantly reviewing and modifying it as necessary.
The individual data management goals and their conditions
The Controller processes personal data for the following purposes:
Booking of time booking for parking services
The Data Controller allows the data subjects to pre-book the date of using the service, thus ensuring that they can use the service at a time of their choice.
Purpose of data management: Identifying users and verifying their access rights.
Legal basis for data management: Establishing a contract to which one of the parties is a party.
Recipients of personal data, categories of recipients: Employees of the Data Controller.
Scope and purpose of the data processed: name (last name, first name) – identification; billing address – identification; account number identification on deposit receipt, telephone number contact.
Stakeholders: Any natural person who makes use of career booking.
Duration of data management: For 5 years after booking.
Management of contract customer data
Purpose of data management: Provide relevant information and support to the data subject and maintain contacts to maintain, perform and properly terminate contract preparation. Eg request for quotation, offer, negotiation based on offer, acceptance of offer
Legal basis for data management: If the request for information is aimed at the creation, maintenance, modification, preparation of termination of the contract, the legal basis for the data management is the contract. If the request for information is for a non-contractual purpose, the data management is based on voluntary consent.
Recipients of Personal Data, Categories of Recipients: Employees of Data Controller who are involved in the provision of information, contract preparation, contract execution.
Scope and purpose of the data processed: name – identification; e-mail address – contact, clarification of request, provision of information; telephone number – contact, clarification of demand, provision of information; question / request content – input data for the answer.
Stakeholders: Any natural person who contacts the Data Controller and requests from the Data Controller contract-related information / quotes by providing his / her personal data and any natural person with whom the Controller enters into a contract, either in writing or by implication.
Duration of data management: Until the existence of the contract or after its termination, until the expiry of the rights arising from the contract based on the legitimate interests of the data controller and the expiry of the retention period in accordance with the accounting rules.
Legal entity customer data management for natural person representatives
Purpose of Data Management: Collaboration of the Data Controller with persons designated by the partner of the legal entity and general business relations with them.
Legal basis for the data management: The data controller has a legitimate interest in fulfilling the obligations arising from the contract between the parties.
Recipients of personal data, categories of recipients: Employees of the Data Controller and of the contract partner acting in performance of the contract.
Scope and purpose of the data processed: name – identification; e-mail address – contact; phone number contact.
Stakeholders: All natural persons appointed by the Data Controller and the legal entity contracted by the Data Controller to act as agents, contact persons, actor for the performance of the contract.
Duration of data management: 5 years after termination of contract or business relationship.
Customer support activities in person, by phone, via email
The Data Controller performs customer service activities in person, by telephone, or by e-mail. If, during the course of these inquiries, the data subject is adequately served and the personal data of the data subject are not recorded, no data processing will take place. If the service can only be implemented by recalling the data subject or sending information by e-mail and the data provided by the Data Controller is recorded in a paper-based call log or electronic interface, the data management is implemented.
Purpose of data management: To provide information to the data subjects personally, by telephone and e-mail.
Legal basis for the data management: Consent of the data subject. Consent shall be deemed to have been given if the data subject has provided the Data Controller with the data required for the recall and if he / she has contacted the Data Controller by e-mail.
Recipients of personal data, categories of recipients: Data Controller employees.
Scope of data processed: name – identification; telephone contact; e-mail address – contact; date, hour, minute – identification.
Stakeholders: Any natural person who personally contacts, via telephone or e-mail, the Data Manager’s Customer Support staff.
Duration of data processing: Within 3 months from the date of reply.
Data management associated with a discount coupon or voucher
The Data Controller allows the data subjects to purchase a gift voucher for the use of the Service, or the Data Controller to provide a discount in the form of a coupon for the use of a service of the volume specified by the Data Controller.
Purpose of Data Management: The data management related to the device supporting the use of the Data Manager’s service is performed in a regular framework.
Legal basis for the data management: Consent of the data subject.
Recipients of personal data, categories of recipients: Employees of the Data Controller.
Scope and purpose of the data processed: name (first name) – identification; e-mail address – identification, delivery of the coupon to the data subject; postal address – identification, delivery of the coupon
Duration of data management: For 5 years after requesting the coupon.
Specific categories of personal data (such as those based on racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic and biometric data that uniquely identify natural persons, health data, and the sexual life of natural persons or personal data related to sexual orientation), except for certain data required by law in the employment relationship and health data deemed relevant and provided by the data subject in connection with the use of the Data Controller, the Data Controller does not request or process.
Apart from these exceptions, any such data made available or made available to the Data Controller in any way will not be recorded by the Data Controller. If such data has entered any system of the Data Controller without the knowledge of the Data Controller, it shall be immediately deleted from the System as soon as it is detected.
It is possible to view content published on the Data Controller’s website that is accessible to anyone without entering personal information. The website automatically records the following information about visitors: visitor’s IP address, time of visit, subpages and content viewed on the website. This data is used by the data controller solely for the purpose of analyzing the website and checking the secure operation of the website.
Data Manager provides default and built-in data protection. To this end, the Data Controller shall take appropriate technical and organizational measures to:
regulates access to data precisely.
grant access only to persons who need the data to perform the task, and only to the minimum necessary to perform the task.
choose carefully the data processor (s) he is entrusted with, and ensure that the data is protected by an appropriate data processing contract.
ensure the integrity (authenticity), authenticity and protection of the data processed.
Data transmission, data processing, access
The Data Controller shall endeavor not to disclose to the Third Party any Personal Data. In some cases, however, data disclosure is unavoidable. The Data Controller discloses data to a third party primarily in the following cases:
Data transfer to authority (ies): The Data Controller may be subject to reporting obligations arising from statutory provisions in connection with the establishment, performance and termination of contracts. Other data releases based on a government request or suspicion of a crime may also occur.
In addition to the circumstances set out above, you may disclose your Data to a third party in accordance with applicable legal regulations.
Physical storage of data
The data is managed and processed and the data is backed up in Hungary.
The Data Controller shall store the Data of the Data subject for the time specified above for each data management purpose, after which the data will be destroyed. The period of data storage is subject to the prevailing legal regulations, ie, if a legal requirement requires the storage of data beyond the period specified above, the Data Controller is entitled to store the data for the period specified by law.
Measures taken by the controller in the field of data protection
The Controller shall take all reasonable measures to protect personal data against, inter alia, unauthorized access or alteration.
In order to secure access to data stored in electronic form, file, cloud, Data Controller shall establish and update strong password protection with sufficient security and frequency.
During the automated processing of personal data, the Data Controller shall provide additional measures.
Care must be taken to ensure that the information stored on paper media is not made known to anyone else (eg, using a cover page, folders, folding the document, etc.) by reasonable means while performing the activity.
The Data Controller shall ensure, through regular training, that the human factor required to establish and maintain data security is maintained at a high level. Education should make data security a part of daily routine by developing good practices. (Eg laptop, phone containing personal information cannot be left in a vehicle, left unattended, etc.)
Rights of the Data Subject
The Data subject has the following rights with respect to data management:
Right to Transparent Information: Prior to and during data processing, the Data Subject has the right to be informed about the data being processed and about the data processing itself, including this Code.
Right of access to stored data: The data subject shall have the right to request information on the data stored and on certain elements of the data management (in particular: existence, purpose, legal basis, scope of data processed, disclosure to third parties, data storage time, , data source, profiling, automated decision making, warranties, etc.).
Right of rectification: in the event of incorrect data, the data subject may initiate the rectification of the data.
Right of deletion: the Data subject may request the deletion of data if:
the data is not required for the original purpose for which it was collected
the data subject’s consent to data management is withdrawn
the Data subject protests against the data management and there is no other reason for the data management
data management is illegal
a legal obligation requires cancellation
data was collected in connection with the provision of an information society service.
Right to object: Data subject may object to the processing of data in the public interest or based on a legitimate interest, in which case the Data Controller is only entitled to continue processing the data if it is justified by compelling legitimate reasons overriding the data subject or legal claim. You may object at any time to the processing of data for direct marketing purposes and may no longer process the data.
Right to Restrict Data Management: In the case of unlawfully processed data or in other cases permitted by law, a restriction on data management may be requested.
Right to data portability: In the case of data processing by consent or contract, which is subject to automatic data processing, the data subject shall have the right to request the disclosure of the data provided by him in a structured, widely used, machine-readable format.
Right of Withdrawal: The Data subject may withdraw his or her consent at any time.
You may exercise the rights of the data subject above at any time. Requests to this effect can be made in writing to the Data subject at email@example.com. The Data Controller shall have the right to identify the Data Subject prior to responding (in order to verify that the request originates from the data subject. The Data Controller shall examine the incoming requests and promptly, but no later than one month, in the longer term – settles or rejects it (stating reasons) The data controller shall inform the Data subject of the outcome of the decision in writing.
The Controller will delete the incoming mail, together with the sender’s name and e-mail address and other voluntarily entered personal data, within a maximum of 5 years from the date of settlement of the case.
If any objection, complaint or request regarding the personal data of the data subject has not been satisfactorily resolved, or the data subject considers at any time that there has been or may be an imminent breach of the law governing the processing of personal data, the National Data Protection and Information .
Contact details of the National Privacy and Freedom of Information Authority:
Headquarters: 1125 Budapest, Szilágyi Erzsébet fasor 22 / c.
Mailing address: 1530 Budapest, Pf. 5
Phone: +36 1 391 1400
Telefax: +36 1 391 1410