Kasléder Albert e.v.
registered seat: H-7030 Paks, Kandó Kálmán utca 13.
Company registration number: 15392276
VAT number 65394753-1-37
based on Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter referred to as the “Privacy Act”)
as well as
Regulation (EU) No 2016/679 of the European Parliament and of the Council
(GDPR – General Data Protection Regulation)
On behalf of Kasléder Albert e.v. (hereinafter referred to as: Data Controller) we would like to inform our customers and the visitors of our website – www.kaslederfx.com and our social media sites – collectively as data subject(s) that we respect the personal rights of the data subjects therefore act according to the following rules in the course of our data processing.
We reserve the right to change our policy for alignment with the prevailing legal background and other internal regulations.
The electronic version of our policy is available on our website, www.kaslederfx.com and on paper basis at our registered seat: H-7030 Paks, Kandó Kálmán u. 13.
Therefore, our Company as a Data Controller considers the provisions of this Policy binding for itself and shall act accordingly in the course of its operation.
I. Definitions pursuant to Section 3 of the Privacy Act
Data subject means any natural person identified or identifiable on the basis of any information;
Identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Personal data: means any information relating to the data subject, in particular an identifier such as a name, an identification number, or one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person, as well as the conclusions that may be deduced from the data.
Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status;
Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Protest means the statement of the data subject in which he or she objects to the processing of his/her personal data and requests the termination of the data processing and the erasure of the processed data;
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, makes and enforces decisions on data processing (including the devices used) or has them executed by the entrusted data processor.
Data processing means irrespective of the method used, any operation or set of operations which is performed on data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; to prevent further use of the data, to take photographs, sound recordings or images, and to record the physical characteristics (e.g. finger or palm print, DNA pattern, iris image) for identifying the person;
Data transmission means making the data available to a specific third party;
Third party means a natural or legal person, or an organization without a legal personality other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorized to process personal data;
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
II. The purpose and scope of this policy
II/1. The purpose of the data processing policy
The purpose of this policy is to ensure that the data processing of Kasléder Albert e.v., as Data Controller respects the privacy of natural persons and that its data processing operations are in conformity with the constitutional principle of information self-determination and the information received by the Data Controller is not misused.
II/2. Scope of the Policy
The scope of this Policy applies to the employees of the Company and to the flow of information among employees and to all data processing related to personal data, i.e. all personal data processed by the Company.
III. Principles of data processing
Personal data can only be processed for clearly defined, legitimate purposes, in order to exercise a right and fulfill an obligation. Data processing shall in all stages be compliant with the purpose thereof, furthermore, data collection and processing shall be fair and legitimate.
Only personal data that is essential for achieving the purpose of data processing can be processed to achieve this purpose. Personal data can only be processed to the extent and for the duration necessary for the achievement of the purpose.
Personal data will continue to maintain this quality while processing the data as long as its connection can be restored with the data subject. The connection can be restored with the data subject if the data controller possesses the technical conditions required for restoration.
In the course of data processing the accuracy and completeness of the data shall be ensured, and, where necessary for the purposes of data processing, the updating of the data and that the data subject can only be identified for the time necessary for the purpose of data processing shall be ensured.
Adequate security of personal data shall be ensured in the course of data processing by applying appropriate technical or organizational measures, in particular protection against unauthorized or unlawful processing, accidental loss, destruction or damage to data.
IV. Legal basis and general terms and conditions of data processing
Personal data can be processed, if
a) it is strictly necessary for the performance of the data controller’s statutory tasks and the data subject has explicitly consented to the processing of personal data;
b) it is ordered by law or – by virtue of the authorization of the law, in the scope specified therein, in the case of data not classified as special data or criminal personal data – a local government decree for purposes of public interest;
c) it is necessary and proportionate to the protection of the vital interests of the data subject(s) or other person, and to the elimination or prevention of the direct threat to the life, physical integrity or the goods of persons, or
d) the personal data has been expressly disclosed by the data subject and it is proportionate to the purpose of the data processing;
We perform data processing pursuant to Article 6, paragraph (1), item a) and b) of the GDPR, namely when the data subject has consented to the processing of his/her personal data for one or more specific purposes, and the processing of data is necessary for the performance of an agreement, the data subject is a party thereto, or for the actions required to be taken by the data subject before concluding the agreement.
In addition to the relevant personal identification data of the data subject, pursuant to the principle of data frugality and purpose limitation, the agreement contains only data that is absolutely necessary to the performance of the agreement and to enforce the customer’s debt or to assess the business risk. Further data processing may only be performed with the explicit consent of the data subject. Prior to obtaining the consent statement, the data subject shall be duly informed that the refusal to provide a consent statement does not cause him/her any disadvantage.
If the data subject does not intend to provide the Company with the minimum data required for the conclusion of the agreement, the Company may refuse to conclude the agreement.
We only make a copy of the documents presented by our Customers with the consent of the Customers, that is, with the consent of the data subjects. In case of a refusal of providing a consent, the conclusion of the agreement is not denied.
The information provided by our customers during the conclusion of the agreement is used exclusively by the Company for exercising the rights arising out of the agreement and for the fulfillment of the obligations contained therein.
V. Rights of the Data subjects
1. Relating to the personal data of the data subject processed by the data controller or the data processor based on the mandate of the data controller, the data subject shall be entitled to
a.) receive information about the data processing prior to the commencement of the data processing – right to preliminary information;
b.) access his/her personal data and the information relating to its processing by the data controller – the right to access;
c.) upon request, his/her personal data shall be corrected or supplemented by the data controller – right to correction;
d.) upon request, the processing of his/her personal data is restricted by the data controller – the right to restrict the processing of data;
e.) upon request, the data controller shall erase his/her personal data – right to erasure;
f.) initiate authority proceedings – the right to an authority remedy;
g.) initiate court proceedings – the right to judicial redress;
The data controller shall take appropriate technical and organizational measures to facilitate the enforcement of the rights of the data subject, by providing notifications and information to the data subject in a readily accessible, legible format, with a clear and comprehensible content, and
make a decision on the request submitted by the data subject for the enforcement of his/her rights in the shortest possible time, but within a maximum of 25 days, and shall inform the data subject of its decision in writing or if the request had been submitted electronically, by electronic means. The above-mentioned activities of the Data Controller are provided free of charge.
In order to ensure the right of obtaining preliminary information, we immediately provide the data subject with the following data prior to the commencement of the data processing operations but at the latest after the first data processing operation commences:
a.) the name and contact details of the data controller;
b.) the purpose of the intended data processing;
c.) the rights of the data subject and the manner in which they can be enforced;
We provide information to data subjects on
a.) the legal basis of data processing
b.) the retention time of the processed personal data:
c.) the scope of the recipients of the data transmission in the case of data transmission or planned transmission;
d.) the source of processed personal data;
e.) and any other substantive facts related to the circumstances of data processing.
If our Customers find that their personal data processed by us is inaccurate, incorrect, or incomplete, it will be promptly corrected or supplemented upon request.
Customers’ personal data is processed by us as a data controller, without involving a data processor, who processes personal data on behalf of the data controller.
The data subject has the right to withdraw his/her consent to data processing at any time free of charge. The withdrawal shall not affect the lawfulness of the data processing effected prior to the withdrawal of the consent. Withdrawals can be initiated via mail or electronic mail at firstname.lastname@example.org.
The data subjects have the right to file a complaint with the supervisory authority (National Authority for Data Protection and Freedom of Information, http://naih.hu, phone: +36 (1) 391-1400, mail address: 1530 Budapest, Pf.: 5., e-mail: email@example.com). Foreign citizens may also file a complaint with the supervisory authority of their residence.
In the event of a breach of his or her rights, the data subject may contact the court concerned. The court proceeds forthwith in the case. The decision on the data protection lawsuits falls within the jurisdiction of the regional court, however, the lawsuit can be initiated even at the court of the place of residence or stay of the data subject at his/her choice.
Please do not hesitate to contact us before filing a complaint with the supervisory authority or the court – in order to cooperate and solve the problem as quickly as possible.
The recipients of the personal data of the data subject
a) the employees of the Company performing customer service tasks,
b) the employees of the Company providing financial, accounting and taxation functions, and
c) the data processors of the Company.
Personal data is retained for 5 years after the termination of the agreement, which constitutes the basis of this Data Processing Information.
The personal data of the data subject will be handed over for processing
a) for accountancy and tax purposes, to the accounting office entrusted by the company: ………………………………………………………………………………………….
b) for postal and delivery purposes to the Hungarian Post
VI. Data Controller’s Register
Our Company as a data controller keeps a register of the data processing operations related to the personal data it processes, which records
– the name and contact details of the data controller;
– the purpose of data processing:
– the recipients of data transmission;
– the scope of data subjects and the data being processed;
– the fact of profiling if applicable;
– in the case of international data transmission, the scope of the data transmitted;
– the legal basis for data processing operations;
– the erasure date of the processed personal data:
– a general description of the technical and organizational security measures;
– the circumstances surrounding the occurrence of personal data breach, their effects and the measures taken to deal with them;
– the legal and factual grounds for the measure restricting or refusing to enforce the data subject’s access rights.
VII. Management of personal data breach
Our company records the nature of the incident, including the scope and approximate number of data subjects, including the scope and approximate amount of the data involved in the personal data breach in connection with the personal data breach related to the data processed.
We describe the likely consequences of a personal data breach and the actions taken or planned to address the personal data breach.
The personal data breach shall be reported to the competent authority immediately, but not later than 72 hours after information has been received thereof.
The personal data breach does not have to be reported if it is probable that it does not pose a risk to the enforcement of the rights of the data subjects.
In order to comply with the legal requirements for the processing of personal data and to facilitate the enforcement of the rights of the data subjects, our Company does not employ a Data Protection Officer on the basis of Section 25/L, paragraph (1) of the Privacy Act.
VIII. Data processing related to our website
Our website, www.kaslederfx.com enables visitors, as potential customers to send us an Inquiry about the services provided by our Company.
By sending us an inquiry through our website, you voluntarily provide us with your personal data, so please make sure that the data provided are true, correct and accurate, because you are responsible for these data. Incorrect, inaccurate or incomplete data may be an obstacle to using our services.
If you provide personal information of another person, we assume that you have the authority to do so.
You can withdraw your consent to data processing any time by sending a simple request to our Company’s e-mail address firstname.lastname@example.org free of charge.
Registration of withdrawal of consent – for technical reasons – is undertaken with a two-day deadline, but please be aware that certain data may be processed after the withdrawal of consent to fulfill our legal obligations or to enforce our legitimate interests.
In the event of fraudulent use of personal data, or when a visitor commits a criminal offense or attacks our system, simultaneously with the abolition of the registration of that visitor, his/her data will be erased immediately, or, if necessary, retained in the course of the determination of the civil liability or the conduct of criminal proceedings.
An electronic device suitable for image recording is used by our Company for property protection purposes on the external facade of the building of our registered seat, the Clinic and the Hotel, and inside the building.
Our surveillance system
a) does not monitor public areas,
b) does monitor employees or their activities,
c) is not intended to influence the behavior of employees in the workplace.
A noticeable, awareness-raising information sign was placed in the monitored area in the vicinity of the camera. Our new and old Employees and our visitors are always informed of the surveillance system.
We have placed signs at our registered seat in order to inform our customers and visitors that by entering the building they consent to participate in the recordings. Access to recordings, authorizations, erasure and supervision of the recordings are regulated by our Company in a separate Policy.
Employees of our Company undertake to retain the personal information they receive during their duties without any time limitation. Employees undertake to use the data concerned solely in the performance of their duties and not to disclose them to third parties.
This Policy enters into force on January 9th, 2019.
Dated: Paks, January 9th, 2019
Kasléder Albert e.v.
This Application collects some Personal Data from its Users.
Owner and Data Controller
Kasléder Albert e.v.
H-7030 Paks, Kandó Kálmán u. 13.
Owner contact email: email@example.com
Types of Data collected
Among the types of Personal Data that this Application collects, by itself or through third parties, there are: first name, last name, email address and various types of Data.
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Application.
Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services. In cases where this Application specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Users are responsible for any third-party Personal Data obtained, published or shared through this Application and confirm that they have the third party’s consent to provide the Data to the Owner.
Mode and place of processing the Data
Methods of processing
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Application (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
Legal basis of processing
The Owner may process Personal Data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
- provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- processing is necessary for compliance with a legal obligation to which the Owner is subject;
- processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
- processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Data is processed at the Owner’s operating offices and in any other places where the parties involved in the processing are located.
Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
- Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
- Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The purposes of processing
The Data concerning the User is collected to allow the Owner to provide its Services, as well as for the following purposes: Contacting the User.
Users can find further detailed information about such purposes of processing and about the specific Personal Data used for each purpose in the respective sections of this document.
Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
Contacting the User
Contact form (this Application)
By filling in the contact form with their Data, the User authorizes this Application to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.
Personal Data collected: email address, first name, last name and various types of Data.
The rights of Users
Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to do the following:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
- Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
- Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
- Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
- Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Details about the right to object to processing
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
Additional information about Data collection and processing
The User’s Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
Additional information about User’s Personal Data
System logs and maintenance
For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) use other Personal Data (such as the IP Address) for this purpose.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
How “Do Not Track” requests are handled
This Application does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
The means by which the Personal Data of the User is collected and processed.
The service provided by this Application as described in the relative terms (if available) and on this site/application.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).