Information on data management
1. Purpose, scope, governing legislation of the Data Management Information
The purpose of this information is to record the data protection and data management principles applied by Center-Print Nyomda Kft., the organization’s data protection and data management policy, which the organization, as a data controller, recognizes as binding.
When creating the provisions of the Information, the organization took into account in particular the provisions of Regulation 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), CXII of 2011 on the right to informational self-determination and freedom of information. Act (“Info Act”), Act V of 2013 on the Civil Code (“Ptk.”), and Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising. the provisions of the Act (“Grtv.”).
The scope of this Data Management Notice covers data management related to the website available at http://centerprint.hu (hereinafter: “Website”). The Data Management Information is valid until revoked.
The purpose of the Data Management Information is to harmonize the provisions of the organization’s other internal regulations regarding data management activities in order to protect the fundamental rights and freedoms of natural persons, and to ensure the appropriate management of personal data.
Furthermore, the important purpose of issuing the Data Protection Information is to ensure that the organization is able to legally manage the data of natural persons by learning and complying with it.
2. The person of the data controller
Name: Center-Print Nyomda Kft.
Headquarters: 4027 Debrecen, Füredi út 76.
Tax number: 11142030-2-09
Company registration number: 09-09-001761
E-mail: info@centerprint.hu
Phone: +36 (52) 340-041
Data protection officer: Andrea Szabó
Data controller is an organization registered in Hungary.
3. Essential concepts and definitions
- GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union.
data controller: the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others. If the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law. - data management: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying.
- data processor: the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller.
personal data: any information relating to an identified or identifiable natural person (data subject); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified. - third party: the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data controller, the data processor or the persons who have been authorized to handle personal data under the direct control of the data controller or data processor.
- the consent of the data subject: the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an unmistakable act of confirmation that he gives his consent to the processing of personal data concerning him.
- restriction of data management: marking stored personal data for the purpose of limiting their future management.
- data erasure: making data unrecognizable in such a way that their recovery is no longer possible.
- data protection incident: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise handled.
4. Guidelines for data management
Personal data:
- its handling must be carried out legally and fairly, as well as in a transparent manner for the data subject (“legality, fair procedure and transparency”)
- be collected only for specific, clear and legitimate purposes, and they should not be handled in a way that is incompatible with these purposes; in accordance with Article 89 (1) further data processing for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes (“purpose limitation”) is not considered incompatible with the original purpose
- they must be appropriate and relevant for the purposes of data management and must be limited to what is necessary (“data economy”)
- they must be accurate and, where necessary, up-to-date; all reasonable measures must be taken to promptly delete or correct personal data that is inaccurate for the purposes of data processing (“accuracy”)
- its storage must take place in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management; personal data may be stored for a longer period only if the personal data will be processed in accordance with Article 89 (1) for the purpose of archiving in the public interest, for scientific and historical research purposes or for statistical purposes, the rights of the data subjects and subject to the implementation of appropriate technical and organizational measures required to protect your freedoms (“limited storage capacity”)
- must be handled in such a way that adequate security of personal data is ensured through the application of appropriate technical or organizational measures, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage of data (“integrity and confidentiality”)
- The data controller is responsible for compliance with the above, and must also be able to prove this compliance (“accountability”).
5. Purpose of data management
The Data Controller processes personal data exclusively for specific purposes. Data is collected and processed fairly and legally. The Data Controller strives to ensure that only such personal data is processed that is essential for the realization of the purpose of data management and suitable for achieving the purpose. Personal data can only be processed to the extent and for the time necessary to achieve the purpose.
6. Scope of managed data
CONTACT, CONTACT FORM, REQUEST FOR OFFER
Purpose of data management: contacting, maintaining contact, providing information, requesting information.
Legal basis for data management: voluntary consent of the data subject, GDPR Article 6 (1) point a)
Scope of processed data: name, address, e-mail address, telephone number
Data deletion deadline: 2 years from the last contact
The deletion or modification of personal data can be initiated in the following ways:
- by post: Center-Print Nyomda Kft., 4027 Debrecen, Füredi út 76.
- via e-mail at info@centerprint.hu
Anyone can visit the website of the data controller without having to enter any personal data beyond the technically automatic data management.
7. Method of data management
The Data Controller stores the data of the data subject on its own servers and temporarily on the Data Controller’s computers. Only the Data Controller has the opportunity to manage the personal data of the affected parties.
In all cases, data provision is voluntary, i.e. the data subject can freely decide whether to provide the requested personal data. If the data subject consents to it, the Data Controller processes the data in accordance with the applicable legislation and within the limits of the consent of the data subjects.
In order to avoid the unauthorized use of managed personal data and related abuses, the Data Controller applies extensive technical and operational security measures. We regularly check our security procedures and develop them in line with technological development.
8. Management of technical data and cookies
Since natural persons can be associated with online identifiers provided by the devices, applications, devices and protocols they use, such as IP addresses and cookie identifiers, this data, combined with other information, is suitable and can be used to create a profile of natural persons and to for identification.
Cookies are also suitable for memorizing the settings, so the user does not have to record them again when he goes to a new page, they remember the previously entered data, so they do not have to be typed in again, they analyze the use of the website in order to as a result of the improvements carried out using the information obtained in this way, it should function as much as possible according to the user’s expectations, the user can easily find the information he is looking for, and the effectiveness of our advertisements is monitored.
If the Data Controller displays various content on the Website using external web services, this may result in the storage of some cookies that are not controlled by the Data Controller, so it has no influence on what data these websites or external domains collect. Information about these cookies can be found in the regulations for the specific service. The user can set his web browser to accept all cookies, reject all, or notify the user when a cookie arrives on his machine. The setting options are usually found in the “Options” or “Settings” menu of the browser. The detailed information on the English website www.aboutcookies.org also helps with settings in different browsers.
Cookies used by the website:
- Session cookies: These are essential for navigating our website, for the operation of key functions of our website and for accessing protected content. These cookies store the information necessary to fill out the data sheets and, in some cases, the language you have selected, and do not collect any information about you that could be used to identify you, that could be used for marketing purposes, or that would remember what other websites you visited. After closing the website, these cookies are automatically deleted and the session is closed.
- Functional cookie: In order to improve the user experience, these cookies detect the device with which you opened our website, remember your previous user decisions (such as your username, password, chosen language, region, whether you logged in during a previous session, user changes made by you in the text size, font or other customizable element of the website), so that we can offer you better and more personalized functions in this way.These cookies do not track your activities on other websites and we do not use them to send you advertisements through other websites.
- Google Analytics cookie: Google Analytics is Google’s analysis tool that helps the owners of websites and applications to get a more accurate picture of their visitors’ activities. The service may use cookies to collect information and report statistical data on the use of the website without individually identifying visitors to Google. The main cookie used by Google Analytics is the “__ga” cookie. In addition to reporting on website usage statistics, Google Analytics can also be used to show you more relevant ads in Google products (such as Google Search) and across the web.
Cookies required for the use of the Website
Name | Cookie | Function | Date of deletion / deadline |
---|---|---|---|
wordpress_ | Session configuration | Contains session settings, ensures that the session/cookie is unique on one machine/browser. | When the browsing workflow is ended |
_dform_gdpr_settings, _dfrom_gdpr_external, _dfrom_gdpr_marketing, _dfrom_gdpr_other | A cookie recording consent to the use of cookies | When you arrive at the site, you accept the statement on the storage of cookies in the warning window. | 7 day |
qtrans_admin_language, qtrans_edit_language, qtrans_front_language | Session recording language selection | This is a temporary cookie that records the language chosen by the user, provided that this website is available in several languages. | 365 day |
Harmadik felek által használt cookie-k
Neve | Cookie | Funkciója | Törlés időpontja / határideje |
---|---|---|---|
_ga, _gat, _gid | Google Remarketing | Cookies created by Google, which control the display of advertisements for the user. | maximum 365 day |
9. Data transfer
The Data Controller only transmits personal data to a third party if the data subject has clearly consented to it – knowing the scope of the transmitted data and the recipient of the data transmission – or the law authorizes the data transmission. The Data Controller always documents data transmissions and keeps a record of data transmissions.
10. Data processing
The Data Controller is entitled to use a data processor to carry out its activities. The data processors do not make independent decisions, they are only entitled to act according to the contract concluded with the Data Controller and the instructions received. The Data Controller checks the work of the data processors. Data processors are entitled to use additional data processors only with the consent of the Data Controller.
Data processors used by the Data Controller:
DATA PROCESSING ACTIVITY RELATED TO WEBSITE SERVICE
Name of the data processor:
The headquarters of the data processor:
Phone number of the data processor:
E-mail address of the data processor:
Processing all personal data provided by the data subject on the website, in order to operate the website properly.
Duration of data management, deadline for deletion of data: It lasts until the termination of the agreement between the Service Provider and the Storage provider, or until the data subject’s request for deletion to the Storage provider.
Legal basis for data processing: User’s consent, Infotv. Section 5 (1), GDPR Article 6 (1) point a) and CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. Act 13/A. (3) of §
–
DATA PROCESSING ACTIVITY RELATED TO GOOGLE ANALYTICS AGGREGATE DATA ANALYSIS
Name of data processor: Google, Mountain View, California, United States
The registered office of the data processor is at 4 Barrow Street, Dublin, Ireland
The e-mail address of the data processor: –
Based on the contract concluded with the Data Controller, the Data Processor uses the Data Processor’s Google Analytics service, which helps both the Data Controller and the Data Processor to get a more accurate picture of the activities of their visitors.
–
DATA PROCESSING ACTIVITY RELATED TO WEBSITE OPERATION
Name of the data processor: EV Ferenc Verdes
The seat of the data processor is: 4026 Debrecen, Garai u. 1. II. em. 3.
Tax number of the data processor: 77390859-1-29
The phone number of the data processor is +36 (30) 331-7555
The e-mail address of the data processor is: verdes.ferenc@we-design.hu
Based on a written contract with the Data Controller, the Data Processor maintains the Website at certain intervals and saves its database for security reasons.
11. External service providers
During the operation of the Website, the Data Controller uses external service providers, with which the Data Controller cooperates.
Regarding personal data managed in the systems of external service providers, the guidelines are contained in the data protection regulations of the external service providers. The Data Controller will do everything in its power to ensure that the external service provider handles the personal data transmitted to it in accordance with the law and uses them only for the purpose specified by the User or specified below in this information sheet.
The Data Controller informs the Users about the transfer of data to external service providers within the framework of this Information.
External service providers:
Google, Mountain View, California, United States (Google Analytics aggregate data analysis, Google Adwords online advertising, use of YouTube social interfaces, etc.)
12. Data security, getting to know the data
The Data Controller ensures the security of the data, takes the technical and organizational measures and establishes the procedural rules that are necessary to enforce the governing legislation, data and privacy protection rules. The Data Manager protects the data with appropriate measures against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, as well as against becoming inaccessible due to changes in the technology used.
The Data Controller records the data it manages in accordance with the applicable laws, ensuring that only those employees and other persons acting in the Data Controller’s sphere of interest (data processors) who need it in order to perform their duties and tasks can see the data. The data can only be accessed within the employee’s organization by logging. The employees of the data manager carry out individual searches and individual operations on the data only at the request of the User, or in the event that this is necessary for the provision of the service.
13. Duration of data management
The Data Controller deletes personal data if
- illegal handling: If it turns out that the data is being handled illegally, the Data Controller will execute the deletion immediately.
- requested by the data subject (with the exception of data processing based on legislation): The data subject may request the deletion of data processed on the basis of the voluntary consent of the data subject. In this case, the Data Controller will delete the data.
- the data is incomplete or incorrect – and this state cannot be legally remedied – provided that deletion is not precluded by law.
- the purpose of the data management has ceased or the statutory period for storing the data has expired. Since the Data Controller provides a continuous service to the data subject, the relationship between the parties is not bound by a time limit. Based on all of this, in the absence of a request from the data subject, the Data Controller manages the data as long as the relationship between the Data Controller and the data subject exists and as long as the data controller can provide services to the data subject. All other data will be deleted by the Data Controller if it is clear that the data will not be used in the future, i.e. the purpose of data management has ceased.
- it was ordered by the court or the National Data Protection and Freedom of Information Authority: If a court or the National Data Protection and Freedom of Information Authority legally orders the deletion of the data, the deletion is carried out by the Data Controller. Instead of deletion, the Data Controller – after informing the data subject – locks the personal data, if the data subject requests this, or if, based on the available information, it can be assumed that the deletion would harm the legitimate interests of the data subject. The personal data locked in this way can only be processed as long as the data management purpose that precluded the deletion of the personal data exists. The Data Controller marks the personal data it manages if the data subject disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established. In the case of data management ordered by law, the deletion of data is governed by the provisions of the law. In the event of deletion, the Data Controller renders the data unsuitable for personal identification. If required by law, the Data Controller destroys the data carrier containing personal data.
14. Customer relations
- If a question arises when using our data management services, or if the data subject has a problem, you can contact the data manager using the methods provided on the website (telephone, e-mail, social media sites, etc.).
- The data controller processes received e-mails, messages, on the phone, on Facebook, etc. data provided, together with the name and e-mail address of the interested party, as well as other voluntarily provided personal data, will be deleted after a maximum of 2 years from the date of data communication.
- We provide information on data management not listed in this information when the data is collected.
- The Service Provider is obliged to provide information, communicate and transfer data, and make documents available in the event of an exceptional official inquiry, or in the event of an inquiry by other bodies based on the authorization of the law.
- In these cases, the Service Provider will only release personal data to the requester – if he has indicated the exact purpose and the scope of the data – to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.
15. Security of data management
The data controller and the data processor implement appropriate technical and organizational measures, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the variable probability and severity of the risk to the rights and freedoms of natural persons. , to guarantee a level of data security appropriate to the degree of risk, including, among others, where appropriate:
- pseudonymization and encryption of personal data
- ensuring the continuous confidentiality, integrity, availability and resilience of the systems and services used to manage personal data
- in the event of a physical or technical incident, the ability to restore access to and availability of personal data in a timely manner
16. Rights related to data management
The right to request information: Any person can request information via the provided contact information about what data the organization processes, on what legal basis, for what data management purpose, from what source, and for how long. Upon your request, information must be sent to the provided contact information immediately, but within 30 days at the latest.
Right to rectification: Any person can request the modification of any of their data via the contact details provided. Upon your request, action must be taken immediately, but within 30 days at most, and information must be sent to the contact address provided.
Right to erasure: Any person can request the erasure of their data via the provided contact details. Upon request, this must be done immediately, but within 30 days at most, and information must be sent to the contact address provided.
The data that we have to store due to a legal, statutory or contractual obligation to preserve the commercial record will be blocked instead of deleted in order to prevent their use for other purposes.
Right to blocking and restriction: Any person can request the blocking of their data via the provided contact information. The blocking lasts as long as the specified reason makes it necessary to store the data. Upon request, this must be done immediately, but within 30 days at most, and information must be sent to the contact address provided.
The right to object: Any person can object to data processing via the contact details provided. The objection must be examined as soon as possible, but no later than 15 days after the submission of the application, a decision must be made regarding its validity and information about the decision must be sent to the contact address provided.
17. The possibility of legal enforcement related to data management
National Data Protection and Freedom of Information Authority
Postal address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: same service (at) naih.hu
Web: https://naih.hu
Date: 24/05/2018