The Data Controller declares that the data processed by it shall be processed in accordance with the currently applicable legislation pursuant to the Fundamental Law of Hungary, Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information and the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”).
The Data Controller shall at all times respect the rights of its employees, its connected persons, its clients and contractors as contractual partners, and the visitors to the site https://www.r34dy.io/ . It shall treat all data and facts of which it becomes aware as confidential and shall process them only on the basis of the performance of a contract, a legal requirement and the prior informed consent of the data subject.
PRINCIPLES OF DATA MANAGEMENT
The Controller will process personal data in accordance with the following principles:
The data are processed lawfully and fairly and in a transparent manner for the data subject.
Data processing is based on the principle of data minimisation, which requires that processing is adequate, relevant and limited to what is necessary for the purpose for which it is intended.
Data management must be accurate and, where necessary, up to date. In this context, it shall take all reasonable steps to ensure that inaccurate data are erased or rectified without undue delay.
Personal data are stored for a limited period of time, for the time necessary to achieve its purpose.
Ensure the protection against unauthorised or unlawful processing and accidental loss, destruction or damage of personal data.
Personal data will only be processed for the purposes and in the manner set out here, in order to exercise the rights and fulfil the obligations stipulated herein. The Controller declares that it will comply with these purposes at all stages of its processing.
The Data Controller shall process only personal data that are necessary for the purpose of the processing, suitable for the achievement of that purpose, and kept only to the extent and for the duration necessary for the achievement of that purpose.
Ensure adequate security of personal data against unauthorised or unlawful processing, accidental loss, destruction or damage by applying appropriate technical or organisational measures.
INFORMATION TO STAKEHOLDERS
By publishing this Statement, the Data Controller takes appropriate measures to ensure that data subjects receive all the information relating to the processing of personal data in a concise, transparent, intelligible and easily accessible form, in clear and plain language.
Employees, partners and Data Processors of the Data Controller who assist the Data Controller in the performance of their work are under a duty of confidentiality towards third parties in relation to personal data that they become aware of in the course of their work and in the performance of their duties.
1. Data security: the combination of technical, personnel and organisational measures and procedures to protect the security criteria of data, such as confidentiality, integrity and availability.
2. Processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. restriction of processing: marking of stored personal data for the purpose of restricting their future processing;
4. controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
The Data Controller under this Notice:
The Data Controller under this Notice:
R3ADY Zártkörűen Működő Részvénytársaság
2040 Budaörs, Hegyalja utca 17.
1116 Budapest, Sztregova utca 1.
Company registration number:
The data controller operates its website independently and stores personal data on its own (cloud-based) server.
5. data processing: the performance of technical tasks related to data processing operations, regardless of the method and means used to perform the operations and the place of application, provided that the technical task is performed on the data;
Data processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the Data Controller on the basis of a contract of engagement with the Data Controller.
The data necessary for accounting and payroll processing is managed by Timilon Bt. (registered office: 1016 Budapest, Derék utca 2.; tax number: 28472913-2-41; representative: Garainé Polgár Andrea, managing director).
The Data Controller declares that its contracted processors shall use the personal data solely on the basis of the instructions of the Data Controller and in accordance with the purpose for which they are processed and shall not perform any other processing operation other than that purpose. The processing will respect the personal data of the data subjects and the provisions of this Privacy Statement.
6. data destruction: the complete physical destruction of the data medium containing the data;
7. erasure: making data unrecognisable so that it is no longer possible to recover it;
8. transfer: the data are made available to a specified third party;
9. data blocking: the marking of data with an identification mark for the purpose of limiting its further processing permanently or for a limited period of time;
10. data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed;
11. confidentiality (secrecy): the characteristic of data that only a predefined group of users (authorised users) are allowed access to it, and that access by all others is illegal;
12. loss of confidentiality: loss of confidentiality is called disclosure, where confidential data become known and/or accessible to unauthorised persons;
13. security incident: any event that may have an adverse effect on the confidentiality, integrity or availability of an IT device or the data stored on it;
14. recipient: the natural or legal person, public authority, agency or any other body, whether or not a third party, to whom the personal data are disclosed. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
15. GDPR: General Data Protection Regulation (EU) 679/2016 of the European Parliament and of the Council of 27 April 2016;
16. third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;
17. consent: a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
18. Info Act.: Act CXII of 2021 on the Right to Information Self-Determination and Freedom of Information;
19. Integrity: the criterion of existence, authenticity, integrity, and intrinsic completeness of data, which ensures that the data, information or program can only be altered by those who are authorised to do so and cannot be altered without being detected.
20. personal data: any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
21. objection: a statement by the data subject objecting to the processing of his or her personal data and requesting the cessation of the processing or the deletion of the processed data;
I PROCESS YOUR PERSONAL DATA FOR THE FOLLOWING PURPOSES:
Processing based on the performance of a contract [Article 6(1)(b) GDPR]
The scope of performance of a contract includes the agreement concluded by the Data Controller with its suppliers, principals or persons acting on its behalf as contractual partners.
Personal data of contractual partners:
name(s); address; contact person; telephone number; e-mail address
The purpose of the processing of the data is the conclusion of relevant written contracts (orders, services), the performance of contracts and the provision of contact details.
The Data Controller stores some of the personal data provided, on paper at its headquarters/branch office and in digital form, on a digital cloud server. The personal data are processed from the conclusion/establishment of the contract throughout the contractual relationship until the termination or expiry of the contract or the limitation period of the contractual relationship. The Dara Controller shall not transfer personal data processed within this scope.
Processing based on a legal requirement [Article 6(1)(c) GDPR]
It processes the following personal data of its contractual partners in accordance with the legal requirements on accounting, VAT and taxation:
name(s); address/place of residence; tax number
The data of contractual partners are processed for the purpose of issuing invoices on performance of orders.
The Data Controller stores part of the personal data provided on paper at its headquarters/plant and in digital form on a cloud-based digital server and transfers it to the Data Processor in charge of accounting and payroll.
The Data Controller issues invoices to its clients using an online invoicing program. The issued invoices, with the data content contained therein, are managed as long as the invoice is kept for accounting purposes.
Consent-based processing [Article 6(1)(a) GDPR]
The Data Controller, through its website, allows visitors to the website at https://www.r34dy.io/contact to contact the Website through the interface. In this context, the following personal data of the interested party are processed:
name; e-mail address; company name; telephone number
The Data Controller stores the personal data provided in digital format on a digital cloud server. The personal data provided for the purpose of contacting, will be kept for the duration of the contact, up to a maximum of 1 year. The Controller will not transfer personal data processed in this context.
ACCESS, USE AND TRANSFER OF DATA
❖ Personal data stored about Data Subjects may only be accessed by the person to whom they are necessary to performance of its obligations. The Controller shall record in report the name of the person who processed the personal data or who is otherwise entitled to access the personal data, the reason for access and the time of access.
❖ The Data Controller shall use personal data only for the purposes for which they are collected and shall not go beyond the purpose for which it was collected, the Data Controller may nevertheless use data processed for legitimate interests or collected for the purposes of entering into a contract for a purpose other than the original purpose, provided that this new processing is compatible with the original purpose of the processing.
In this context, the Data Controller shall take into account.
^ the relationship between the original purposes and the new/planned data management purposes;
^ the circumstances of data collection;
^ the type and nature of the data (are the data in question special ones?);
^ the possible consequences of the envisaged further processing (what will be the impact on data subjects);
^ the existence of appropriate safeguards (e.g. encryption or pseudonymisation).
Personal data processed on the basis of consent or legal obligation cannot be used for other purposes.
Use also means the use of personal data as evidence in judicial or other official proceedings. If the Data Controller is required by a public authority or a court to provide and disclose the personal data, the Data Controller shall disclose the personal data if all the conditions for doing so are met.
❖ The Data Controller obtains certain personal data from its contractual partners indirectly, and transfers personal data to its contractual partners (data transfer).
The Data Controller does not transfer personal data processed by it to third countries or international organisations, but undertakes to inform the data subjects in advance of any such transfer that may take place anytime, and to comply with Chapter V of the GDPR when transferring data, to ensure that the level of protection guaranteed to natural persons is not compromised in any way.
RIGHTS OF DATA SUBJECTS AND THEIR ENFORCEMENT
Detailed information about the data subjects, the Data Controller and the Data Processor, the scope and purpose of the data processed, their rights and the means of enforcing them are set out in this chapter.
a) right of access ~ in the process of data processing, the Data Subject has the right to access the data stored about him or her and to be informed of the purposes, legal basis, storage and storage period of the data processed about him or her. The right to information includes the right to rectification, erasure, restriction of processing and the right to be informed of the possibility to lodge a complaint with a supervisory authority. The Data Controller shall not refuse to comply with any request to exercise the rights of the data subject unless it can be shown that the data subject cannot be identified. The Controller may charge a reasonable fee based on administrative costs for additional copies requested by the data subject.
b) the right to rectification ~ the Data Subject has the right to request that inaccurate or incomplete data relating to him or her be rectified by the Data Controller on the basis of a supplementary declaration.
c) the right to erasure (right to be forgotten) ~ at the Data Subject’s request, the Data Controller shall erase the data stored about him/her if one of the following grounds applies:
(i) the personal data are no longer necessary for the purposes for which they were collected or otherwise handled;
(ii) the data subject withdraws the consent on which the processing is based and there is no other legal basis for the processing;
(iii) the data subject objects to the processing and there are no overriding legitimate grounds for further processing;
(iv) the Controller unlawfully processed the personal data;
(v) the data must ne deleted to meet applicable legal obligation
The personal data processed by the Controller shall be deleted within a short period of time after the legal basis for the processing ceases to exist, including in the case of processing based on consent, upon withdrawal of consent.
d) right to block data – The Data Controller shall block personal data if the data subject so requests or if, on the basis of the information available to him or her, it is likely that the deletion would harm the data subject’s legitimate interests.
The personal data blocked in this way may be processed only for as long as the processing purpose that precluded the deletion of the personal data persists.
e) the right to restriction – if the personal data processed about the Data Subject are inaccurate, unlawful, unnecessary or the Data Subject objects to the processing, the Data Subject may request that the Controller restrict the processing of such data.
f) right to data portability – refers to the right of the Data Subject to receive the data provided by him or her in machine-readable form (pdf, doc, excel, txt) in order to make it available to another controller.
g) the right to object – if the processing of the Data Subject is necessary for the purposes of the interests of the Controller or a third party, if the personal data are used or disclosed for direct marketing, public opinion polling or scientific research purposes; and in other cases provided by law, the Data Subject may object at any time to the processing of his or her personal data processed for such purposes.
The Data Controller shall take the following actions regarding the objection lodged within the shortest possible time from the date of the request, but not later than 15 days.
• decide whether it is justified, and
• inform the applicant in writing of its decision.
The Data Controller shall take appropriate measures to protect the data against, in particular, unauthorised access, alteration, disclosure, deletion or destruction, accidental destruction or damage, and inaccessibility resulting from changes in the technology used.
In doing so, it will comply with the IT security policies in force and will require its Processors to do the same.
In the event of a personal data breach, it will develop a data breach policy, which sets out how to report a data breach, who is responsible for dealing with it and the relevant time limits.
Keeps records of the data protection incidents that occur.
In the event of a violation of their rights, data subjects may lodge a complaint with the National Authority for Data Protection and Freedom of Information (headquarters: 1055 Budapest, Falk Miksa u. 9-11; telephone +36 (1) 391-1400, fax +36 (1) 394-1410, e-mail: firstname.lastname@example.org) 1.1.1.
The Data Controller shall compensate for any damage caused to others by unlawful processing of the Data Subjects’ data or by breach of data security requirements. If the Data Controller infringes the Data Subject’s right to privacy by unlawfully processing the Data Subject’s data or by breaching data security requirements, the Data Subject may claim damages and/or compensation for damages in court.
The Data Controller may use personal data and information lawfully recorded in the course of negotiations and/or litigation between the two parties in order to avoid disputes that may arise.
ABOUT COOKIES AND THEIR USAGE
The contents of the website https://www.r34dy.io/ is accessible to anyone without providing any personal data.
The following so-called “cookies” are used on the websites operated by the Data Controller:
– Necessary and functional cookies ~ used for basic functionality and to remember user preferences
This includes analytical cookies, such as the Google Analytics cookie, which collect and report information from statistical data about the use of the Controller’s website without identifying visitors individually to Google, and which allow the Controller to measure the use and performance of its website and to improve its operation based on the data collected. Session cookie, which stores the visitor’s location, browser language, payment currency. Its lifetime is from the time the browser is closed or up to 2 hours. Mobile version, design cookie, which detects the device used by the visitor and helps to facilitate transparency on mobile phones. Lifetime 365 days. Backend ID cookie, which identifies the backend server serving the site. Its lifetime is until the browser is closed.
If you do not wish to receive certain types of cookies, you can set your browser to prevent the setting of a unique identifier or to warn you when the website wishes to send a cookie.
To find out more about these features and to fine-tune your cookie settings, please refer to your internet browser instructions or help screen, or use the link below to turn on and off online behavioural advertising from each service provider: http://www.youronlinechoices.com/hu/ad-choices