General Privacy Notice - Képmás Online Kft.

1 Introduction

Pursuant to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: Regulation), Képmás Online Kft. (registered office: 1012 Budapest, Logodi u. 44.) as controller (hereinafter: Controller) provides the following information in accordance with Articles 13 and 14 of the Regulation.

The Controller accepts the content of this legal announcement as binding upon itself and is committed to protecting personal data.

The privacy notices are available at www.kepmas.hu/en at all times and are sent by the Controller upon request. An announcement is placed on the website in the event that any changes or amendments are made, and the date and version of the document being displayed is indicated at the bottom. By using the website or any of our services, you are deemed to have read and understood the most recent version.

2 Term

This Privacy Notice enters into force upon its announcement.

3 Material and personal scope

This Privacy Notice applies to those who purchase services from Képmás Online Kft. Subscribers of Képmás magazine are subject to a separate privacy notice.

4 Legal bases

The legal bases for our processing of data are as follows:

- the freely given and informed consent given by the data subject to the processing of data in accordance with Article 6(1)a) of the Regulation (hereinafter: Consent);

- processing is necessary for compliance with a legal obligation to which the controller is subject in accordance with Article 6(1)c) of the GDPR (such as accounting and bookkeeping obligations; hereinafter: Compliance With a Legal Obligation)

- the legitimate interests pursued by the Controller in accordance with Article 6(1)f) of the GDPR.

5 Data of the Controller

Name: KÉPMÁS Online Korlátolt Felelősségű Társaság
Short name: KÉPMÁS Online Kft.
Registered office: 1012 Budapest, Logodi utca 44.
Company registration number: 01-09-332541
Tax number: 26568179-2-41
Senior executive(s): Molnár-Bánffy Kata
Statistical code: 26568179-5814-113-01
EU VAT ID: HU26568179
Electronic contact information: [email protected]

6 Processors

The company engages various businesses to perform the processing and storage of data, and the company has concluded data processing agreements with these businesses. A list of processors (recipients) is provided by the Controller upon request.

Information regarding transfers of data to foreign countries: Google LLC and its affiliates, LinkedIn and its affiliates and Facebook, Inc. are listed in the European Commission's adequacy decision laid down in Article 45 of the GDPR and in Commission Implementing Decision (EU) 2016/1250, as well as the U.S.-EU Privacy Shield list set up based on the above, which means that transfers of data to these entities do not qualify as transfers to a third country outside the European Union and do not require specific authorisation by the data subject, and transfers of data to these entities are permitted under Article 45 of the GDPR. The companies have undertaken to comply with the GDPR.

7 Personal data subject to the processing and the duration and purpose of the processing

a) Processing based on consent:
The Controller is engaged in processing based on consent through its website

The following qualify as consent:
1) checking the relevant checkbox when visiting our website,
2) changing the relevant technical settings when using information society services,
3) any other statement or act which, in the given context, constitutes a consent to the proposed processing of personal data (such as continuing to use the website).
4) consent given on paper.

Consent may be withdrawn at any time without consequences.

b) Processing based on compliance with a legal obligation
In the case of processing based on compliance with a legal obligation, the provisions of the underlying law apply to the scope of data to be processed, the purpose of processing, the duration for which the data are stored and the recipients; these are listed in the previous sections on processing relating to the conclusion of contracts and invoicing.

c) Processing based on the balance of interests
If the Controller is engaged in processing based on the balance of interests, the Controller will perform a balancing test in advance.

d) Joint processing
In certain aspects (e.g. sending newsletters), Képmás Online Kft. is engaged in joint processing with Képmás 2002 Kft.

8 Rights relating to the processing of personal data and ensuring the exercise of such rights

a) Right of access: information may be requested as to what data of the data subject are processed by us, the purpose and duration of processing, to whom such data are transmitted, and where the data processed by us originate.

b) Right to rectification: if there are changes in the data or we have incorrectly recorded the data, the rectification, correction and amendment of such data may be requested.

c) Right to erasure: erasure of the data may be requested in the cases provided by law.

d) Right to restriction of processing: the restriction of our processing of data may be requested in the cases provided by law.

e) Right to data portability: the transfer of data may be requested by filling out the data transfer request included in the annex to this privacy policy; in exercising this right, the data subject may request that the types of data specified by law be handed over or be transmitted directly to another designated organisation based on a separate request and authorisation. If the above request is submitted, we will act in accordance with the law and we will provide information within one month regarding the measures taken on the basis of the request.

f) Right to withdraw consent: when processing is based on consent, everyone has the right to withdraw consent; however, such withdrawal does not affect the lawfulness of processing by us before the withdrawal of consent.

g) Right to lodge a complaint: anyone whose rights have been infringed by our processing of data has the right to lodge a complaint with the competent supervisory authority. In Hungary, that authority is:

National Authority for Data Protection and Freedom of Information
Website: http://naih.hu
Mailing address: 1530 Budapest, Pf.: 5
Email: [email protected]
Phone: +36 (1) 391-1400

In addition to the above, a claim against the Controller may be filed with the Budapest-Capital Regional Court (or any regional court based on the domicile of the data subject) in the event of an infringement relating to the protection of personal data.

h) Right to object: in the case of processing based on legitimate interests, everyone has the right to object to such processing based on legitimate interests. In the event of an objection, such personal data will no longer be processed by us.

9 Data security and quality assurance

We have a comprehensive policy in place to ensure the security of the data and information processed by us which is binding upon all of our members and are understood and applied by all of our employees having access to such data, and we regularly educate and train them to do so.

Personal data are stored on our own IT devices, and our authorisation rules provide only a very limited group of employees with access to such devices. Our workstations are password-protected, and the use of external data carriers is limited and is permitted only in secure circumstances after the relevant checks have been performed.

All IT devices of the Controller are protected from malware at all times.

We adhere to data security requirements during document management as well, as documented in our document management procedures. We have detailed rules in place regarding the destruction, storage and disclosure of documents.

Hard copies of documents containing personal data are stored in a closed and protected cabinet which may be accessed by only a specific group of persons.

Date: Budapest, 1 December 2019
Version: 1.0