Privacy Policy

This Prospectus is data management on the Website operated by Zconcept Kft. (Registered office: 2094 Nagykovácsi, Kalász utca 16.), data controller (hereinafter: the Company), as the owner and operator of the https://zconcept.hu/ website (hereinafter the Website). Regulation (EU) 2016/679 (2016) of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data of 27 April 2011) (hereinafter: the Decree) and Decree CXII of 2011 on the right to information self-determination and freedom of information. (hereinafter: Infotv.).

 

The establishment and amendment of the Prospectus is the responsibility of the Chief Executive Officer.

 

Date: Budapest, May 25, 2018

 

Zconcept Kft.

 

Table of contents

 

1.    INTRODUCTION

2.    NAME OF THE COMPANY (DATA CONTROLLER)

3.    NAME OF DATA PROCESSORS

3.1.1.    The concept of data processing

3.1.2.    Data Processor for the maintenance and management of the Website

4.    LEGAL BASIS FOR DATA MANAGEMENT

4.1.1.    Data management with the consent of the data subject

4.1.2.    Data management for contract fulfillment

4.1.3.    Fulfillment of a legal obligation to the Company or protection of the vital interests of the person concerned or another natural person

4.1.4.    Enforcing the legitimate interests of the Company or a third party

4.1.5.    The range of persons entitled to access the data

5.    RIGHTS OF THE PERSON CONCERNED

5.1.1.    Right to information

5.1.2.    The data subject’s right of access

5.1.3.    Right to rectification

5.1.4.    Right of cancellation (“right to forget”)

5.1.5.    Right to restrict data processing

5.1.6.    Obligation to notify in connection with the rectification or erasure of personal data or restrictions on data processing

5.1.7.    The right to data portability

5.1.8.    Right to protest

5.1.9.    Right to be exempted from automated decision-making

5.1.10.                       The right of the data subject to lodge a complaint and to seek redress

5.1.11.                       Information on the data protection incident

5.1.12.                       Procedure to be followed at the request of the data subject

6.    CONTRACT – RELATED DATA PROCESSES

6.1.1.    Data management activities related to the performance of the contract.

6.1.2.    Contact details of natural person representatives of legal entity customers, buyers, suppliers

6.1.3.    Make a voice recording by telephone by customer service

7.    DATA MANAGEMENT RELATED TO THE WEBSITE OPERATED BY THE COMPANY

7.1.1.    User data management on the Company’s website – Information on the use of cookies

7.1.2.    Registration on the Company’s website

7.1.3.    Newsletter service related data management

7.1.4.    On a contact or request for quotation data management website

7.1.5.    Data management related to the web store operated by the Company

7.1.6.    Data management related to direct marketing activities

7.1.7.    Data management related to the organization of gift draws

8.    DATA SECURITY MEASURES

8.1.1.    Data security measures

9.    DATA PROTECTION INCIDENTS

9.1.1.    The concept of a data protection incident

9.1.2.    Treatment and remediation of data protection incidents

9.1.3.    Record privacy incidents

10.          CHANGES TO THE CONTENT OF THE WEBSITE AND PRIVACY INFORMATION

 

 

INTRODUCTION

The Company handles information that does not qualify as personal data on the Website, as well as personal data voluntarily provided by the data subject. Infotv. and the Regulation defines personal data as “data which may be contacted by the data subject, in particular his or her name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities” and the conclusion which may be drawn from the data subject . ” The Company does not handle specific data (data on racial origin, nationality, political opinion or party affiliation, religious or other worldview, health status, etc.).

 

NAME OF THE COMPANY (DATA CONTROLLER)

The Company informs the data subject that it qualifies as a data controller in the management of its personal data.

 

COMPANY NAME: Zconcept Kft.

HEADQUARTERS: 2094 Nagykovácsi, Kalász utca 16.

COMPANY REGISTRATION NUMBER: 13-09-128270

TAX NUMBER: 14739008-2-13

PHONE: +36 ………… ..

NAME OF REPRESENTATIVE: Zoltán Seprenyi managing director

E-MAIL: info@zconcept.hu

 

 

NAME OF DATA PROCESSORS

The concept of data processing

The Company uses an external data processor entrusted with the personal data managed by it on the basis of its voluntary consent for the purpose of operating and maintaining the Website.

 

Data Processor: a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the Company.

 

The use of a data processor does not require the prior consent of the data subject, but requires his or her information. Accordingly, the Company provides the following information:

 

Data Processor for the maintenance and management of the Website

 

The Company uses a data processor to maintain and manage the Website and, within this framework, handles the personal data provided on the Website for the duration of the existing service contract. The operation performed by the data processor is the storage of personal data on the server.

 

Data processor used to maintain and manage the Website:

 

Company name: MakeIt Online Kft.

Headquarters: 1138 Népfürdő utca 3 / A

Representative: Ádám Galgóczi managing director

Phone number: +36 (20) 368-0574

E-mail address: adam.galgoczi@makeitonline.hu

 

LEGAL BASIS FOR DATA MANAGEMENT

 

  1. Data management with the consent of the data subject

 

 

 

  1. a) in writing, in the form of a statement giving consent to the processing of personal data,

 

  1. b) by electronic means, by the express behavior of the Company’s website https://zconcept.hu/, by filling in a check box, or if you make technical adjustments in connection with the use of information society services, as well as by any other statement or action , which clearly indicates in the context the data subject ‘s consent to the intended processing of his or her personal data.

 

Silence, a pre-ticked box, or inaction do not constitute consent.

 

 

 

 

  1. Data management to fulfill the contract

 

 

 

  1. Fulfillment of a legal obligation to the Company or protection of the vital interests of the person concerned or another natural person

 

 

 

 

  1. Enforcing the legitimate interests of the Company or a third party

 

 

 

 

  1. The range of persons entitled to access the data

 

 

RIGHTS OF THE PERSON CONCERNED

 

  1. Right to information

 

 

  1. the name and contact details of the Company and its representative;
  2. the purpose of the intended processing of personal data and the legal basis for the processing;
  3. in the case of data processing based on a legitimate interest, an indication of the legitimate interests of the Company or a third party;
  4. where applicable, the recipients or categories of recipients of the personal data;
  5. the fact that the Company wishes to transfer personal data to a third country or an international organization

 

 

  1. the period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
  2. the data subject’s right to request from the Company access to, rectification, erasure or restriction of the processing of personal data concerning him or her and to object to the processing of such personal data and the data subject’s right to data portability;
  3. in the case of data processing based on the data subject’s consent, the right to withdraw the consent at any time, without prejudice to the lawfulness of the data processing carried out prior to the withdrawal;
  4. the right to lodge a complaint to the supervisory authority;
  5. whether the provision of personal data is based on a law or a contractual obligation or a precondition for concluding a contract, whether the data subject is obliged to provide personal data and the possible consequences of not providing the data;
  6. the fact of the automated decision-making referred to in Article 22 (1) and (4) of the Regulation, including profiling, and at least in these cases the logic used and the information that can be understood about the importance of such data processing and the data subject what are the expected consequences.

 

 

  1. The data subject’s right of access

 

  1. the purposes of data management;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom the personal data have been or will be communicated by the Company, including in particular third country recipients or international organizations;
  4. where applicable, the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
  5. the right of the data subject to request the Company to rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data;
  6. the right to lodge a complaint with a supervisory authority;
  7. if the data were not collected from the data subject by the Company, all available information on their source;
  8. the fact of the automated decision-making referred to in Article 22 (1) and (4) of the Regulation, including profiling, and, at least in these cases, comprehensible information on the logic used and the significance of such data processing and the data subject; the expected consequences.

 

 

 

  1. Right to rectification

 

 

 

  1. Right of cancellation (“right to forget”)

 

  1. personal data are no longer required for the purpose for which they were collected or otherwise processed by the Company;
  2. the data subject withdraws his or her consent on which the processing is based and there is no other legal basis for the processing;
  3. the data subject objects to his or her processing and there is no overriding legitimate reason for the processing;
  4. personal data has been unlawfully processed by the Company;
  5. personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the Company;
  6. personal data have been collected in connection with the provision of information society services referred to in Article 8 (1) of the Regulation.
  1. for the purpose of exercising the right to freedom of expression and information;
  2. fulfillment of an obligation under EU or Hungarian law applicable to the Company requiring the processing of personal data, or in the public interest;
  3. on grounds of public interest in the field of public health;
  4. for archiving purposes in the public interest, for scientific and historical research purposes or for statistical purposes, where the right of erasure would be likely to make it impossible or seriously jeopardize such processing; obsession
  5. to submit, enforce or defend legal claims.
  6. Right to restrict data processing

 

 

  1. the data subject disputes the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Company to verify the accuracy of the personal data;
  2. the Company’s data processing is illegal and the data subject opposes the deletion of the data and instead requests a restriction on their use;
  3. the Company no longer needs personal data for the purpose of data processing, but the data subject requests it in order to submit, enforce or protect legal claims; obsession
  4. the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate reasons of the Company take precedence over the legitimate reasons of the person concerned.

 

 

  1. Obligation to notify in connection with the rectification or erasure of personal data or restrictions on data processing

 

 

  1. The right to data portability

 

  1. the processing is based on consent or contract; and
  2. data management is automated.

 

 

 

  1. Right to protest

 

 

 

 

 

 

  1. Right to be exempted from automated decision-making

 

 

  1. necessary for the conclusion or performance of a contract between the data subject and the Company;
  2. it is made possible by EU or Hungarian law applicable to the controller, which also lays down appropriate measures to protect the rights and freedoms and legitimate interests of the data subject; obsession
  3. is based on the express consent of the data subject.

 

 

 

  1. The right of the data subject to lodge a complaint and to seek redress

 

The data subject may exercise his / her right to complain at the following contact details:

National Data Protection and Freedom of Information Authority

address: 1125 Budapest, Szilágyi Erzsébet avenue 22 / c.

Phone: +36 (1) 391-1400;

Fax: +36 (1) 391-1410

Website: http://www.naih.hu

e-mail: ugyfelszolgalat@naih.hu

 

 

 

  1. Information on the data protection incident

 

 

  1. the name of the Data Protection Officer or other contact person for further information;
  2. the likely consequences of the data protection incident;
  3. measures taken or planned by the Company to remedy the data protection incident, including, where appropriate, measures to mitigate any adverse consequences arising from the data protection incident.

 

  1. the Company has implemented appropriate technical and organizational security measures and has applied these measures to the data affected by the data protection incident, in particular those measures, such as the application of encryption, which make it incomprehensible to persons not authorized to access personal data make the data;
  2. the Company has taken further measures following the data protection incident to ensure that the data subject’s rights and freedoms have been reported in accordance with Section 11.1. the high risk referred to in point (a) is unlikely to materialize in the future;
  3. the information would require a disproportionate effort. In such cases, the Company shall inform the parties concerned through publicly available information or take a similar measure to ensure that the parties are informed in an equally effective manner.

 

  1. Procedure to be followed at the request of the data subject

 

 

The data subject may send a request or question concerning data processing to the following address:

 

by post to the address at 1694 Nagykovácsi, Kalász utca 16

electronically to info@zconcept.hu

 

The Company shall send its reply without delay, but not later than within 30 days, to the address specified by the person concerned.

 

 

 

 

 

The burden of proving that the application is manifestly unfounded or excessive is on the Company.

 

 

CONTRACT – RELATED DATA PROCESSES

 

  1. Data management activities related to the performance of the contract.

 

 

 

 

 

 

 

 

  1. Contact details of the representatives and contacts of the natural person of the legal entity partners

 

 

 

The Company’s legal entity partner is responsible for obtaining the consent of the natural person prior to the conclusion of the contract and for making it available to the Company for the processing of the data indicated in the contract concluded with the Company in accordance with this clause.

 

 

 

 

  1. Make a voice recording by telephone by customer service

 

DATA MANAGEMENT RELATED TO THE WEBSITE OPERATED BY THE COMPANY

 

  1. User data management on the Company’s website – Information on the use of cookies

 

 

 

 

 

  1. Registration on the Company’s website

 

 

  1. Data management related to newsletter service

 

 

 

 

 

 

 

  1. On a contact or request for quotation data management website

 

 

 

 

 

 

 

 

  1. Data management related to the web store operated by the Company

 

 

  1. Data management related to direct marketing activities

o The Company does not perform data management for direct marketing purposes.

 

  1. Data management related to the organization of gift draws

 

 

DATA SECURITY MEASURES

 

  1. Data security measures

 

 

 

  1. pseudonymisation and encryption of personal data;
  2. ensuring the continued confidentiality, integrity, availability and resilience of the systems and services used to process personal data;
  3. in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner;
  4. the application of a procedure for the regular testing, assessment and evaluation of the effectiveness of the technical and organizational measures taken to ensure the security of data processing.

 

The Company ensures that the personal data managed by it can be disclosed only to those employees or persons acting in the interests of the Company who actually need it in order to perform their job or duties.

 

 

 

  1. Provides permanent protection against data viruses managed by it (uses real-time anti-virus software).
  2. Ensures the physical protection of the hardware devices of the IT system, including protection against elemental damage,
  3. Ensures the protection of the IT system against unauthorized access, both in terms of software and hardware devices,
  4. It shall take all measures necessary to restore the files, carry out regular backups and manage the backups separately and securely.

 

The Company will take the necessary measures to protect the paper records, in particular with regard to physical security and fire protection. The Company’s manager, employees and other persons acting on behalf of the Company are obliged to securely store and protect the data carriers they use or in their possession, including personal data, regardless of the method of recording the data, against unauthorized access, alteration, transmission, disclosure. , deletion or destruction, and accidental destruction and damage.

 

 

 

 

 

DATA PROTECTION INCIDENTS

 

  1. The concept of a data protection incident

 

 

 

  1. Treatment and remediation of data protection incidents

 

 

 

  1. the date and place of the incident,
  2. a description of the incident, its circumstances, effects,
  3. the scope and number of data compromised during the incident,
  4. the range of persons affected by the compromised data,
  5. a description of the measures taken to deal with the incident,
  6. a description of the measures taken to prevent, remedy and reduce the damage.

 

 

 

  1. Record privacy incidents

 

 

  1. the scope of the personal data concerned,
  2. the number and number of people involved in the data protection incident,
  3. the date of the data protection incident,
  4. the circumstances and effects of the data protection incident,
  5. the measures taken to remedy the data protection incident,
  6. other data specified in the legislation prescribing data management.

 

 

CHANGES TO THE CONTENT OF THE WEBSITE AND PRIVACY INFORMATION

 

The Company expressly reserves the right to unilaterally change the current content of the Website operated by it and this Data Management Information without restriction, without notice, as well as to terminate or suspend any service.

 

 

 

Törökbálint, May 25, 2018