The present Privacy Policy (hereinafter referred to as: “Privacy Policy”) describes the data processing on the website https://www.technolynx.com/ (hereinafter referred to as: “Website”) operated by TechnoLynx Kft. (seat: H-1173 Budapest, Pesti út 91-105. A. lház. Fsz. 1. ajtó; registration number: Cg.01-09-349717; represented by: Balázs Keszthelyi managing director solely, hereinafter referred to as: “Company”) especially the characteristics of data collection, storage and use.
This Privacy Policy is effective from February 2025. The Company keeps the current version of the Privacy Policy permanently available on the Website and at its registered office.
The Privacy Policy has been prepared in line with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “GDPR”), with due consideration of the provisions of Act CXII of 2011 on Informational Self-determination and Freedom of Information (hereinafter referred to as: “Privacy Act”). The definitions of this Privacy Policy are the same as the ones set out in Article 4 of the GDPR, also supplemented by certain points of the interpretative provisions mentioned in Article 3 of the Privacy Act. The provisions of GDPR, and where it is prohibited by the Privacy Act, alternatively, the provisions of Privacy Act shall be applicable in issues not regulated in this Privacy Policy.
The Company places special importance on the secure handling of personal data of their clients and visitors of the Website. The Company is entitled to prepare an extract from the content of this Privacy Policy in connection with each data processing and may also ensure that the data subjects by signing the extract document declare that they have read and acknowledged the contents of the extract.
The Company reserves the right to amend this Privacy Policy. If the amendment affects the use of personal data provided by the data subject, the Company shall inform the data subject of the changes in an appropriate form (e.g. e-mail). If the details of the data processing also change due to the amendment of the Privacy Policy, the Company will separately request the consent of the data subject.
Please read this Privacy Policy carefully and only engage the services available on the Website if you agree with the following.
The Company – while providing its services – pays particular attention to personal data protection, complies with the mandatory legal provisions, and processes data in a secure and fair manner.
The Company processes personal data as set out in point 2 of this Privacy Policy. The Company shall treat the personal data disclosed to it confidentially, shall take into account the principles of legality, due process and transparency under the GDPR, and shall treat personal data purpose-bound, with the principle of data saving in mind. The Company shall also comply with the principle of limited storing, protect the confidentiality and integrity of personal data, and consider the principle of accuracy under the GDPR.
The Company ensures the security of the data, and takes the necessary technical and organizational measures, also implements the procedural rules that are needed to enforce the provisions laid down in GDPR, the Privacy Act and the data and confidentiality rules provided in other legislation. The Company protects personal data from unauthorized access, modification, transmission, publication; unauthorized or accidental deletion and destruction; damages and also from becoming inaccessible as a result of changes in the technologies used.
The Company protects data files that are processed electronically in various registers, by ensuring that they are stored in different registers, and cannot be directly interconnected and associated with the data subject, unless it is permitted by law.
The Company provides opportunity to contact them during the Website after clicking on the “Contact” link on the Website.
Purpose of the processing: Manage and answer contact requests.
Categories of personal data concerned: Data subject’s name, company name, e-mail address and message to the Company.
Data Subjects: Persons contacting the Company through the Website.
Legal basis for the processing: The legal basis for data processing is the Data Subject’s consent under Article 6 (1) (a) of the GDPR.
Period of storage: Until the Data Subject’s consent is withdrawn.
Method of the processing: Electronic.
Source of the personal data: Data collected from the Data subject
Automated decision-making and profiling: The Company does not use automated decision-making and does not perform profiling.
Who has access to the personal data? Responsible employees and possible data processors of Company. The current list of data processors of the Company is listed in Section 4 of this Privacy Policy.
Data transfer to third countries or international organisations: There is no data transfer to third countries or international organisations.
The Company provides an opportunity for newsletter subscribers to receive various additional information about the Company’s services at regular intervals through newsletters.
Purpose of the processing: To inform newsletter subscribers.
Categories of personal data concerned: Name and e-mail address of the newsletter subscriber.
Data Subjects: Persons subscribing to newsletters.
Legal basis for the processing: The legal basis for data processing is the data subject’s consent under Article 6 (1) (a) of the GDPR.
Period of storage: Until the data subject’s consent is withdrawn.
Method of the processing: Electronic.
Source of the personal data; Data collected from the data subject.
Possible consequence of failure to provide data: If Data Subject does not provide the data, then Company cannot send them newsletters.
Automated decision-making and profiling: The Company does not use automated decision-making and does not perform profiling.
Who has access to the personal data? Responsible employees and possible data processors of the Company. The current list of data processors of the Company is listed in Section 4 of this Privacy Policy.
Data transfer to third countries or international organisations: There is no data transfer to third countries or international organisations.
The Company operates a Facebook page on the website https://www.facebook.com/, which is available at the following link: https://www.facebook.com/technolynx.ltd . On this Facebook page the Company shares information and images relating to Company’s professional portfolio, services, products and publishes videos. Visitors to the Facebook page can express their opinions about the products and services of the Company. The Company collects data and analyses the activity of visitors on the Facebook page with the site analysis function.
With respect to personal data collected during the use of Meta Business Suite, the Company and Meta Platforms Ireland Limited are considered joint controllers under Article 26 of the GDPR, as the Company and Meta Platforms Ireland Limited jointly define the purposes and means of data processing. Meta Platforms Ireland Limited assumes primary responsibility for the processing of analytical data under the GDPR.
If data subjects exercise their rights against the Company in relation to the processing of analytical data, or if the supervisory authority contacts the Company in relation to the processing of analytical data, the Company shall forward such requests to Meta Platforms Ireland Limited without delay, but no later than 7 calendar days. The Company will not act or respond on behalf of Meta Platforms Ireland Limited.
The Company shall ensure that it has an appropriate legal basis for the processing of analytical data in accordance with the GDPR. The Company does not request specific personal data processed by Meta Platforms Ireland Limited during the analytics, the Company sees only the statistics and reports prepared by Meta Platforms Ireland Limited, not the personal data on which they are based.
Further information on the joint data management agreement between the Company and Meta Platforms Ireland Limited for the Facebook page can be found at: https://www.facebook.com/legal/terms/information_about_page_insights_data
Purpose of the processing: Data processing relating to the use of the Facebook page.
Categories of personal data concerned: In principle, the Company only handles statistical data, such as the number of people who liked the page, the number of new likes, the number of people who have read, liked, commented on or shared the post, and the number of who marked it as spam; in terms of visits to the Facebook page, the number of times the page was viewed, the number of times they came to the Facebook page from an external page, the number of times the video was viewed, the most viewed videos in relation to the videos posted on the Facebook page. Regarding the people who liked the Facebook page it also processes age, gender, and location as statistical data.
Data Subjects: Visitors of the Facebook page.
Legal basis for the processing: Processing activities are based on the data subject’s consent under Article 6(1) point (a) of the GDPR
Period of storage: Until the withdrawal of the data subject’s consent
Method of the processing: Electronic.
Source of the personal data: Data collected from the data subject.
Who has access to the personal data? Responsible employees and possible data processors of the Company. The current list of data processors of the Company is listed in Section 4 of this Privacy Policy.
Data transfer to third countries or international organisations: Data is transferred to Meta Platforms Ireland Limited.
The Company operates an Instagram page on which is available at the following link: https://www.instagram.com/technolynx_ltd/?igsh=djl0ODdyMnF4ejVs# . On this Instagram page the Company shares information and images relating to Company’s professional portfolio, services, products and publishes videos. Visitors to the Instagram page can express their opinions about the products and services of the Company. The Company collects data and analyses the activity of visitors on the Instagram page with the site analysis function.
With respect to personal data collected during the use of Meta Business Suite, the Company and Meta Platforms Ireland Limited are considered joint controllers under Article 26 of the GDPR, as the Company and Meta Platforms Ireland Limited jointly define the purposes and means of data processing. Meta Platforms Ireland Limited assumes primary responsibility for the processing of analytical data under the GDPR.
If data subjects exercise their rights against the Company in relation to the processing of analytical data, or if the supervisory authority contacts the Company in relation to the processing of analytical data, the Company shall forward such requests to Facebook Ireland Ltd. without delay, but no later than 7 calendar days. The Company will not act or respond on behalf of Meta Platforms Ireland Limited.
The Company shall ensure that it has an appropriate legal basis for the processing of analytical data in accordance with the GDPR. The Company does not request specific personal data processed by Meta Platforms Ireland Limited during the analytics, the Company sees only the statistics and reports prepared by Meta Platforms Ireland Limited, not the personal data on which they are based.
Further information on the joint data management agreement between the Company and Meta Platforms Ireland Limited for the Instagram page can be found at: https://help.instagram.com/155833707900388
Purpose of the processing: Data processing relating to the use of the Instagram page.
Categories of personal data concerned: In principle, the Company only handles statistical data, such as the number of people who liked the page, the number of new likes, the number of people who have read, liked, commented on or shared the post, and the number of who marked it as spam; in terms of visits to the Instagram page, the number of times the page was viewed, the number of times they came to the Instagram page from an external page, the number of times the video was viewed, the most viewed videos in relation to the videos posted on the Instagram page. Regarding the people who liked the Instagram page it also processes age, gender, and location as statistical data.
Data Subjects: Visitors of the Instagram page.
Legal basis for the processing: Processing activities are based on the data subject’s consent under Article 6(1) point (a) of the GDPR
Period of storage: Until the withdrawal of the data subject’s consent
Method of the processing: Electronic.
Source of the personal data: Data collected from the data subject.
Who has access to the personal data? Responsible employees and possible data processors of the Company. The current list of data processors of the Company is listed in Section 4 of this Privacy Policy.
Data transfer to third countries or international organisations: Data is transferred to Meta Platforms Ireland Limited.
The Company operates a LinkedIn page on which is available at the following link: https://www.linkedin.com/company/technolynx/?originalSubdomain=hu . On this LinkedIn page the Company shares information and images relating to Company’s professional portfolio, services, products and publishes videos. Visitors to the Instagram page can express their opinions about the products and services of the Company. Furthermore, the Company uses LinkedIn to post job advertisements. The Company collects data and analyses the activity of visitors on the LinkedIn page with the site analysis function.
With respect to personal data collected during the use of LinkedIn, the Company and LinkedIn Ireland Unlimited Company are considered joint controllers under Article 26 of the GDPR, as the Company and LinkedIn Ireland Unlimited Company jointly define the purposes and means of data processing. LinkedIn Ireland Unlimited Company assumes primary responsibility for the processing of analytical data under the GDPR.
If data subjects exercise their rights against the Company in relation to the processing of analytical data, or if the supervisory authority contacts the Company in relation to the processing of analytical data, the Company shall forward such requests to LinkedIn Ireland Unlimited Company without delay, but no later than 7 calendar days. The Company will not act or respond on behalf of LinkedIn Ireland Unlimited Company.
The Company shall ensure that it has an appropriate legal basis for the processing of analytical data in accordance with the GDPR. The Company does not request specific personal data processed by LinkedIn Ireland Unlimited Company during the analytics, the Company sees only the statistics and reports prepared by LinkedIn Ireland Unlimited Company, not the personal data on which they are based.
Further information on the joint data management agreement between the Company and LinkedIn Ireland Unlimited Company for the Instagram page can be found at: https://www.linkedin.com/legal/privacy-policy
Purpose of the processing: Data processing relating to the use of the Instagram page.
Categories of personal data concerned: In principle, the Company only handles statistical data, such as the number of people who liked the page, the number of new likes, the number of people who have read, liked, commented on or shared the post, and the number of who marked it as spam; in terms of visits to the LinkedIn page, the number of times the page was viewed, the number of times they came to the Instagram page from an external page, the number of times the video was viewed, the most viewed videos in relation to the videos posted on the Instagram page. Regarding the people who liked the Instagram page it also processes age, gender, and location as statistical data.
Data Subjects: Visitors of the LinkedIn page.
Legal basis for the processing: Processing activities are based on the data subject’s consent under Article 6(1) point (a) of the GDPR
Period of storage: Until the withdrawal of the data subject’s consent
Method of the processing: Electronic.
Source of the personal data: Data collected from the data subject.
Who has access to the personal data? Responsible employees and possible data processors of the Company. The current list of data processors of the Company is listed in Section 4 of this Privacy Policy.
Data transfer to third countries or international organisations: Data is transferred to LinkedIn Ireland Unlimited Company.
Purpose of the processing: Preparing, executing and performing contracts with sole proprietors, legal entities, or entities without legal personality.
Categories of personal data concerned: Contracting party’s name, signature, bank account number, bank details, regarding sole proprietors their registration number, name, registered office, contact information and other possible data specified in the documents.
Data Subjects: Company’s contracting partners, customers.
Legal basis for the processing: The legal basis for data processing is Article 6 (1) (b) of the GDPR.
Period of storage: In principle, the Company processes personal data for 5 years from the termination of the contract, and for 8 + 1 years in case of accounting documents.
Method of the processing: On paper and/or electronic form.
Source of the personal data: Data collected from the data subject.
Automated decision-making and profiling: The Company does not use automated decision-making and does not perform profiling.
Who has access to the personal data? Responsible employees and possible data processors of the Company. The current list of data processors of the Company is listed in Section 4 of this Privacy Policy.
Data transfer to third countries or international organisations: There is no data transfer to third countries or international organisations.
The Company keeps a register of its contractual partners. In principle, the Company can process the personal data contained in the contracts only until the performance of the contract, in accordance with Article 6 (1) point (b) of the GDPR.
The Company’s contractual partners also include legal entities whose data in principle do not qualify as personal data, and the Company stores them for the purpose of the performance of the contract. However, the data of the contact person specified in the contract, as well as the data of the contact persons of various authorities who are not in a contractual relationship with the Company, are only the employees and subcontractors of the Company. The Company stores and registers the contact person’s data based on the legitimate interest of the Company according to the interest balancing test performed, in order to facilitate the activities of the Company.
Purpose of the processing: The purpose of data processing is to register the contractual partners of the Company and their contact persons, and to register the contact persons of authorities.
Categories of personal data concerned: The contracting party’s name, phone number, e-mail address, contact of the contact person (name, e-mail address, phone number).
Data Subjects: The Company’s contractual partners, customers and their contact person.
Legal basis for the processing: With regard to the contracting party, corresponding to Article 6 (1) (b) of the GDPR, the execution and performance of the contract; with regard to the contact person of the contracting party, the legitimate interest of the Company pursuant to Article 6 (1) (f) of the GDPR.
Period of storage: For 5 years after the performance of the contract.
Method of the processing: On paper and/or electronic form.
Source of the personal data: Data collected from the data subject.
Possible consequence of failure to provide data: If the data subject does not provide the data, the Company will not be able to perform the contract, and to contact the contractual partners, customers.
Automated decision-making and profiling: The Company does not use automated decision-making and does not perform profiling.
Who has access to the personal data? Responsible employees and possible data processors of Company. The current list of data processors of the Company is listed in Section 4 of this Privacy Policy.
Data transfer to third countries or international organisations: There is no data transfer to third countries or international organisations.
Issuing an accounting document is necessary due to the Company’s economic activity. Given that the Company may also contract with sole proprietors in addition to legal entities or entities without legal personality, and that certain data of sole proprietors may be considered personal data, it is necessary for the Company to have personal data processed in connection with the management of accounting documents.
Purpose of the processing: Issuance, storage and accounting of invoices.
Categories of personal data concerned: Data specified in Act C of 2000 on Accounting and Act CXXVII of 2007 on the value-added tax, especially the data subject’s name, date and period of the transaction, address, e-mail address and telephone number.
Data Subjects: The Company’s contracting partners.
Legal basis for the processing: Processing activities are based on Article 6(1) point (c) of the GDPR, Article 167 and Article 159(1) of Act C of 2000 on accounting.
Period of storage: According to Article 169(2) of the Act C of 2000 on Accounting data controllers must store accounting documents for 8 years. After 8+1 years the Company automatically deletes the personal data of the data subject.
Method of the processing: On paper and/or electronic form.
Source of the personal data: Data collected from the data subject.
Possible consequence of failure to provide data: Providing the Company with the data is a legal obligation, therefore it is mandatory.
Automated decision-making and profiling: The Company does not use automated decision-making and does not perform profiling.
Who has access to the personal data? Responsible employees and possible data processors of the Company. The current list of data processors of the Company is listed in Section 4 of this Privacy Policy.
Data transfer to third countries or international organisations: There is no data transfer to third countries or international organisations.
Purpose of the processing: Processing regarding the record-keeping relating to the exercise of rights of the data subjects under the GDPR.
Categories of personal data concerned: Applicant’s name, place and date of birth, mother’s maiden name, address, mailing address, request for the exercise of a data subject’s right under the GDPR.
Data Subjects: Data subjects exercising their rights under the GDPR.
Legal basis for the processing: Legal obligation based on Article 6 (1) point (c) of the GDPR and the Company’s legitimate interest based on Article 6(1) point (f) of the GDPR.
Period of storage: 5 years from the assessment of the application.
Method of the processing: On paper and/or electronic form.
Source of the personal data: Data collected from the data subject.
Possible consequence of failure to provide data: If the data subject does not provide the data, the Company will not be able to meet the requirements of the GDPR.
Automated decision-making and profiling: The Company does not use automated decision-making and does not perform profiling.
Who has access to the personal data? Responsible employees and possible data processors of the Company. The current list of data processors of the Company is listed in Section 4 of this Privacy Policy.
Data transfer to third countries or international organisations: There is no data transfer to third countries or international organisations.
A cookie is a small file containing various letters and numbers sent by a webserver and recorded and stored for a pre-determined period on the user’s device (computer, mobile, tablet, smart TV etc.). These are such IT data - helping the use of the websites - that the web server sends to the user’s browser, is stored on the user’s device, and then the browser sends it back to the server each time it requests data from the web server. They do not contain executable files, viruses, spyware, and cannot access data on the user’s hard drive.
Cookies usually contain the following: the domain name of the page the user is visiting (i.e. the access address entered in your browser), the storage period of the cookie, and the information stored. The cookie enables, among other things, the recognition of the user’s device and browser, thus facilitating the appearance of content tailored to the needs of the visitor and the basic browsing functions (e.g. providing connected sessions). In addition to user anonymity, they also support the preparation of statistics on frequency of visits. However, if at some point in the future the data subject contacts the Company - with the expressed consent of the data subject - by filling out a form on the Website where the Company uses cookies, the Company may use these cookies to find out the details of the data subject’s visits on the Website after the form was submitted. This is done to enhance user experience. When the data subject accepts the Privacy Policy on the Website, the cookie policy will not reappear again until the data subject deletes the cookies in its browser settings.
In case the data subject shares any content of the Website on the social media (e.g. Facebook, Youtube, Instagram), you may receive additional cookies from these websites. These cookies are not operated by the Website, so it is highly recommended for the data subject to visit these third-party websites for more information about them and their management.
There are the following cookies available on the Website:
These cookies are essential for users to browse the Website and use its features and services. When the data subject closes its browser, these cookies are going to be automatically deleted from its computer. Without these cookies, the Company cannot guarantee that the data subject will be able to use the Website. Functional cookies are used to remember actions performed on the Website (e.g. selected language, login details).
The Company uses these cookies, among other things, to keep track of which pages the visitors visit, how and how often they use the Website, and how long they have been on a particular page. The Company also uses third-party cookies from the advertising partners of the Company to measure the success of the Company’s campaigns.
The purpose of these cookies is to deliver adverts and contents more relevant to the data subject and to the data subjects interests by creating user groups. This process is done by manual intervention. These cookies are stored on the computer of the data subject. These cookies are not capable to identify individuals. In order to deliver the personalized adverts of the Company to the data subject the Company uses remarketing services.
The Company uses both session and persistent Cookies for the purposes set out below:
| Name of the cookie | Service provider | Description of the cookie | Storage time of the cookie |
|---|---|---|---|
| Necessary Cookies | Company | These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services. | 180 days |
| Essential Cookies | Company | These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website. These cookies enable core functionality such as security, verification of identity and network management. These cookies can’t be disabled. | 180 days |
| Marketing Cookies | Company | These cookies are used to track advertising effectiveness to provide a more relevant service and deliver better ads to suit your interests. | 180 days |
| Analytics Cookies | Company | These cookies help us to understand how visitors interact with our website, discover errors and provide a better overall analytics. For more information about the cookies we use and your choices regarding cookies, please visit the Cookies section of our Privacy Policy. | 180 days |
The data processors do not make decisions independently, they shall act in compliance with the contract concluded with the Company and with the instructions received from the Company. Data processors record, manage and process the personal data transmitted to them by the Company in accordance with the provisions of GDPR. Data processors can access, and process personal data provided by the data subjects during the period specified in the present Privacy Policy regarding the individual purposes of data processing. The Company transmits data to the following data processing companies regarding the data processing mentioned in the present Privacy Policy:
Pipedrive - purpose of the data processing: managing leads and tracking sales activities
Apollo.io - purpose of the data processing: sending newsletters
Billingo - purpose of the data processing: billing software
Data subject is entitled to exercise the following rights by sending a request to the Company’s e-mail address at [email protected] :
In case of execution of the data subject’s request, the Company identifies the data subject in accordance with the present Privacy Policy, and the Company complies with the data subject’s request only after the identification has been conducted.
If the data subject’s request was not prepared in accordance with the present Privacy Policy and the Company has not been able to identify the data subject, the Company notifies the applicant of the deficiencies, which if the data subject fails to comply with, the Company will be unable respond to the request.
The time elapsed between the request to provide the necessary personal data/carry out the missing activity requested by the Company to the provision of the personal data, does not count towards the deadline for responding to the request.
The Company informs all recipients of any rectification, erasure or restriction of processing with whom personal data have been shared with, unless this proves to be impossible or involves a disproportionate effort. Upon request, the Company informs the data subject of these recipients.
According to Article 13 of GDPR, the Company - in case personal data relating to a data subject are collected from the data subject - shall, at the time when personal data are obtained, provide the data subject with all of the following information: a) the purposes of the processing; b) the categories of personal data concerned; c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; d) where possible, the planned period for which the personal data will be stored or if not possible, the criteria used to determine that period; e) right to request from the Company rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; f) the right to file a complaint with the Hungarian Authority for Data Protection and Freedom of Information (NAIH); g) the right to seek judicial remedies; h) if the personal data are not collected from the data subject, any available information regarding their source; i) the existence of automated decision-making, including profiling, the significance and the planned consequences of such processing for the data subject; j) appropriate measures taken in case data are transferred to third countries or international organizations data subject has the right to obtain a copy of the personal data undergoing such processing.
The Company shall provide information on what action he took upon a request from the data subject within one month from the date of receipt.
The Company may charge a reasonable fee based on administrative costs according to Article 12 of GDPR.
Data subject has the right to obtain from the Company the rectification of inaccurate personal data concerning them, without undue delay. Taking into account the purpose of the processing, the data subject has the right to request the completion of his or her incomplete data, even by means of a supplementary declaration.
The data subject has the right to request from the Company the erasure of the data subject’s personal data and the Company is obliged to erase such personal data, without undue delay. In such cases the Company will not be able to further provide the data subject with the services of the Company. The data subject has the right to request erasure if one of the following applies: a) the personal data is no longer necessary for the purpose that the Company collected it for; b) the data subject withdrew their consent to the processing activities and there is no other legal basis for processing applies; c) the data subject objects to the processing pursuant to Article 21(1) of GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of GDPR; d) their personal data is being unlawfully processed; e) EU or member state law oblige the Company to erase data subject’s personal data to comply with a legal obligation; OR f) the personal data have been collected in relation to the offer of information society services referred to in Article 8 of GDPR.
The data subject may have the right to request from the Company a restriction of processing his or her personal data if one of the following grounds applies: a) the data subject contest the accuracy of the personal data of the Company’s process about the data subject; the Company must restrict processing the contested data until they can verify the accuracy of data subject’s personal data; b) the Company is unlawfully processing the data subject’s personal data. c) the Company no longer need to process the data subject’s personal data but the data subject needs the personal data for the establishment, exercise or defense of legal claims; d) the data subject has objected to processing pursuant to Article 21 of GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
In case of the restriction is justified, personal data shall, with the exception of storage, only be processed
If the processing of the data subject’s personal data has been restricted, data subject will be informed before the restriction of processing is lifted.
The Data Subject shall have the right to object, if processing his or her data is based on:
The Company shall no longer process the personal data unless there is compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
The data subject shall have the right to receive the personal data concerning him or her, which he or she provided to the Company, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without obstruction from the Company, where: a) the processing is based on the data subject’s consent or the processing is necessary for the Company to perform a contract with the data subject; and b) the processing is carried out by automated means.
Where processing is based on consent, the data subject shall have the right to withdraw his or her consent at any time. Regarding this, the Company informs the data subject that they may continue to process the data subject’s personal data for the purpose of fulfilling his legal obligation or validating his legitimate interests even after the consent is given by the data subject has been withdrawn, if the enforcement of the interest is proportionate to the restriction of the right to the protection of personal data.
The Company shall reimburse the damage caused to others by the unlawful processing of the data subject’s data or the violation of the data security requirements, the Company shall also reimburse the grievance award for the infringements of personality rights caused by the Company or the data processor. The Company shall be exempted from liability for the damage caused and from the obligation to pay grievance award if the Company proves that the Company is not liable in any way for the event giving rise to the damage.
If the data subject feels that the processing of their personal data have breached the provisions of GDPR, the data subject is entitled to contact the Company directly at the following e-mail address: [email protected] in order to eliminate the violation against them.
The data subject is also entitled to file a complaint with the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság; “NAIH”, H-1055, Hungary, Budapest, Falk Miksa utca 9-11; postal address: H-1363 Budapest, Pf. 9. phone: +36-1 391-1400; fax: +36-1 391-1410; e-mail: [email protected]).
The data subject to protect their data has the right to initiate proceedings before the court, which proceeds under priority. The data subjects can choose whether the action shall be brought before the district court in whose area of competence the data subject’s place of residence is located or before the district court in whose area of competence the data subject’s habitual residence is located (http://birosag.hu/torvenyszekek). The competent district court can be found on this site: http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso