Car Vitrine

DATA MANAGEMENT AND PRIVACY INFORMATION

In order to operate our company, including the fulfillment of your orders, we process your personal data, the essence of which we would like to inform you of this, as it is in our common interest to protect your personal data accordingly. This information is intended to inform you in a comprehensible form what data, for what purpose and how we process it, as well as how they may have personal data and how to seek redress in certain circumstances.

Data of our company as a data controller:

Oktotrade Kft. 2092 Budakeszi, Tiefenweg u 12.

email: info@carvitrine.com

tel: 0623/452900

data protection contact: Edina Roskovenszki, email: edina@oktotrade.hu

website: carvitrine.com

Location of data management: Oktotrade Kft: 2092 Budakeszi, Tiefenweg 12, and the registered office of our data processors (see point 13)

It was not necessary to appoint a data protection officer at our Company.

1. The following concepts are relevant for the management of your data:

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); identify a natural person who, directly or indirectly, in particular by an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;

“Data processing” means any operation or set of operations on personal data or files, whether automated or non-automated, such as the collection, recording, systematisation, sorting, storage, transformation or alteration, retrieval, consultation, use, communication, transmission or other means harmonization or interconnection, restriction, deletion or destruction;

“Restriction of data processing” means the marking of stored personal data with the aim of limiting their future processing;

“Pseudonymisation” means the processing of personal data in such a way that it is no longer possible to determine to which specific natural person the personal data relate without the use of additional information, provided that such additional information is stored separately and technical and organizational measures are taken; that such personal data may not be linked to identified or identifiable natural persons;

“Registration system” means a set of personal data which is accessible in any way, whether centralized, decentralized or functionally or geographically, and which is accessible on the basis of defined criteria;

“Controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;

“Processor” means any natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

“Recipient” means a natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered as recipients; the processing of such data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

“Consent of the data subject” means a voluntary, specific and well-informed and unambiguous statement of the data subject’s consent to indicate his or her consent to the processing of personal data concerning him or her by means of a statement or an act which unequivocally expresses the confirmation;

2. Entry into force: 25 May 2021

3. Purpose of data management:

Company handles your personal information in the following cases (in one or more cases):

In the context of the employment of its employees,

assignments with private persons, resp. in order to fulfill its business contracts,

in order to fulfill customer contracts,

offer on request a self-developed calculator software interface

to get to know jobseekers,

for the purpose of a newsletter service,

for camera security surveillance,

use of cookies for business purposes,

for direct marketing purposes,

and does so to the extent necessary, in accordance with the principles of data management.

Other data management.

With your prior consent, our Company may process your personal data for other purposes, but in all cases we will inform you of this when the relevant personal data is collected for the intended purpose.

Some special data management

Camera data management

Rooms with a camera: yard, showroom and storage.

The purpose of such data management is for our Company to protect human life, physical integrity, personal freedom, trade secrets, to prevent and detect violations in order to protect people and property, to commit the perpetrator, to prove the violations, and to document the circumstances of possible accidents. , and to protect the public private areas necessary for the performance of the tasks of our Company. The processing of the data is thus in the legitimate interest of the Company.

In the absence of the use of the data recorded during the entry into the above rooms, in case of occasional entry – approx. After 10 days (memory full), the data is automatically deleted.

Cookies and types:

Our company is called. uses a tracking cookie (from a third party) to identify new sessions and visitors and is provided to us by Google Analytics’ web tracking service. Such cookies application does not require your special consent.

If our Company If you wish to use a tracking or other consent-based cookie, we will inform you of this during your first visit to our website and ask for your necessary consent.

In the case of a child under the age of 16, the processing of children’s personal data is only lawful if and to the extent that the consent has been given or authorized by the person exercising parental control over the child.

4. Our Company does not process data

5. Data transmission:

Our Company may forward your data to their resellers domestically and abroad if the Company is unable to fulfill the order but would like to serve you. The range of data transmitted in this case: name, telephone, address, e-mail address. Otherwise, the Company will not transfer data to third parties, unless required to do so by law.

6. Legal basis for data management:

Our company may manage your personal data on various legal forms. It may take place on the basis of a legal authorization, in order to perform a contract, in the interests of a right holder, and on a legal basis with consent, subject to the following categories:

The data of our employees can be found on the one hand (a) in the Labor Code, par. 10 para. (b) for the performance of an employment contract and (c) on a contribution basis (see point 9).

In the case of our agency and business contracts concluded with private individuals, the data is processed in order to fulfill the contract and partly on the basis of consent (see point 9).

Customer, in case of concluding delivery contracts (delivery of garage doors) the contract is made in order to fulfill the contract), and the relevant invoicing is done through the SAP system, as defined by law

The data included in the offer requested through the self-developed calculator program will be processed after sending it in the legitimate interest so that we can fulfill your request or keep track of our business relationship.

For job applicants and “other data processing” based on their consent

In the case of camera data management, it is in the legitimate interest of our Company.

Newsletter service: based on their consent via the MailChimp mail interface

Direct marketing: based on their consent through the MailChimp mail interface

7. Scope of Managed Data:

We process the following personal data of employees:

name · birth name · mother’s maiden name · place of birth · date of birth · marital status · tax identification number · TAJ number · citizenship · Hungarian bank account number · permanent address · residence address · postal address · signature · copy of diploma (s) · photocopies of personal documents · email address, statement of employment with another employee · salary and payroll data, · job position / advancement · data and information related to employment contract · data of previous jobs, information related to termination of previous employment · training, trainings, gk registration permit, courses · Information on dependents or other beneficiaries, personal data of relatives to the extent required by law (for the purpose of additional leave) declaration data, old-age / service / early / early / early / disability pension data.

Of this, we manage on the basis of consent: clothing, shoes and gloves, diplomas, CVs, training, training, course information

We process the following data of commissioned / contracted individuals:

name, parent name, home address, place and time of birth, email address, identity card, TAJ number, bank account number, tax identification number, pension fund membership.

Of this, we manage on the basis of consent: clothing, shoes and gloves, diplomas, CVs, training, training, course information

We handle the following data of the customer (s): name, address (delivery address, mailing address, billing) tax number, contact person, e-mail, telephone number, bank account number, tax number.

During newsletter and direct marketing we handle the following data: name, email.

Camera surveillance: video

In the case of job applicants, the information in the submitted CV.

8. Principles of data management:

We handle your personal data in accordance with the following principles:

(a) it must be processed lawfully and fairly and in a manner which is transparent to the data subject (“lawfulness, due process and transparency”);

(b) collected only for specified, explicit and legitimate purposes and not treated in a way incompatible with those purposes; further processing for data purposes for archiving in the public interest, for scientific and historical research purposes or for statistical purposes (“purpose limitation”) shall not be considered incompatible with the original purpose in accordance with Article 89 (1);

(c) be appropriate and relevant to the purposes for which the data are processed and limited to what is necessary (“data economy”);

(d) be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate for the purposes of the processing are erased or rectified without delay (“accuracy”);

(e) stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period only if the processing of personal data is carried out in accordance with Article 89 (1) for archiving in the public interest, for scientific and historical research purposes or for statistical purposes, in accordance with this Regulation; subject to the implementation of appropriate technical and organizational measures to protect its freedoms (“limited storage capacity”);

(f) processed in such a way as to ensure, by appropriate technical or organizational measures, adequate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage (“integrity and confidentiality”).

Our company is responsible for complying with and certifying the above paragraphs.

9. Disposal of data

Subject to the restriction below, you may at any time request from the Company about your managed data:

information (orally or in writing)

correction,

supplementation,

deletion,

restriction,

revocation or

transfer to another data controller or transfer to your own part (in printed form).

However, the above right of disposal does not extend to data processing carried out for the exercise of a public interest or public authority right, or if it can be proved that the data processing is justified by compelling legitimate reasons that take precedence over your interests and rights. However, you can go to court against such a decision.

Furthermore, you may not initiate the deletion of personal data processed by law or legitimate interest.

The requested measure can be submitted to the company’s data protection contact person in writing or by e-mail.

Our Company will inform you of the requested action without undue delay, but in any case within one month from the receipt of the request, of the action taken on your request. If necessary, taking into account the complexity of the application and the number of applications, this time limit may be extended by a further two months. The Company will notify you of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request. If you have submitted your application electronically, the information should, if possible, be provided electronically, unless you request otherwise.

The information may be refused only in cases provided by law, with the exact indication of the place of law and with the information on the use of the legal remedy.

The above information is free of charge unless you have already requested and received information on the same set of data during the year. However, the reimbursement shall be reimbursed to the applicant in the event that our Company has handled the data unlawfully or the request for information has led to a correction.

If the Company does not take action on your request, it will inform you without delay, but no later than one month after receipt of the request, of the reasons for the non-action and of the fact that you can lodge a complaint with a supervisory authority and have a judicial remedy.

Management of deceased data

The processing of data related to a deceased person is governed by the legal provisions on the processing of personal data. With regard to the data that may be related to the deceased, the rights of the data subject may also be exercised by the heir of the deceased or by the beneficiary named in the insurance contract.

10. Duration of data management

Employee data is required by law or managed by the Company on a contribution basis. In the case of consent data management, the deletion of the processed data may be initiated by the individual concerned at any time; in the case of data processed on a statutory basis, the data must be kept for 50 years (or death + 5) from the termination of employment.

Storage of payroll data: 5-1 years

The data controller shall delete the data processed pursuant to the assignment or business contract upon the expiry of the general limitation period (5 years) as of the termination of the contract.

The data included in the bids will be deleted through the calculator program 3 years after receipt (in case of becoming a contract, the applicable limitation period).

Customer data from the performance of the contract, resp. shall be canceled upon expiry of the general limitation period from the date of termination.

Anyone can unsubscribe from the direct marketing service and the newsletter at any time and request the deletion of their data.

Billing data 5+ 1 year according to the provisions of the Accounting TV

Camera recordings are automatically deleted when the memory becomes full (approx. 10 days)

Curricula vitae of job applicants will be destroyed after 5 years.

11. Data processing:

The data of the Company’s employees and sole proprietor / agents shall be transmitted electronically to Nummulus Bt (2030 Érd, Selmeci utca 82 / b.) For the necessary extent for accounting and payroll purposes. For the audit of the company, Venilia Vellum Kft (1026 Budapest, Szilágyi Erzsébet fasor 79.).

Tárhely-Eu Kft (1144 Budapest, Ormánság u. 4.), as the Company’s server service provider, has access to the Company’s correspondence with regard to the domains it manages.

PARANET Rendszerház Kft (1089 Budapest, Orczy út 2.), as the Company’s server service provider, has access to the Company’s correspondence with regard to the domains it manages.

The scope of the data transmitted to the accountant and auditor for processing is the same as the scope of employee / sole proprietor data treated as data controllers and as required by law.

12. Data Security and Privacy Incident

Our company protects personal data with appropriate technical and other measures, ensures the availability of data, protects it from unauthorized access and damage. Such measures include firewall, anti-virus software, personal and limited privileges, passwords, their periodic updates. The Company shall report the data protection incident to the competent supervisory authority without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is not likely to endanger the rights and freedoms of natural persons. . If the notification is not made within 72 hours, the reasons for the delay must be provided.

If a privacy incident is likely to pose a high risk to your rights and freedoms, the Company will notify you of the privacy incident without undue delay.

The data controller shall keep a record of data protection incidents.

13. Data Protection Officer

The Company does not have a data protection officer.

14. Information, Remedies:

Without prejudice to other administrative or judicial remedies, you have the right to complain to the supervisory authority if you consider that the processing of personal data concerning you is in breach of the law. The supervisory authority to which you have lodged your complaint must keep you informed of the progress of the complaint procedure and its outcome, including your right to a judicial remedy.

Without prejudice to other administrative or non-judicial remedies, you are entitled to an effective judicial remedy against a legally binding decision of the supervisory authority.

Furthermore, if you do not agree with the Company’s decision in its data processing proceedings, you may appeal to the competent court against the unlawful data processing within 30 days of the decision being considered infringing.

Supervisory Authority: National Data Protection and Information Authority (1125 Budapest, Szilágyi Erzsébet fasor 22 / c. Tel: + 361391-1400)

The Company reserves the right to amend the above prospectus in addition to the information provided on our website at the same time. This prospectus is also available on our website and in printed form at the registered office of the Company.

Should you require further information regarding the above information, please contact the privacy contact provided.

Date: Budakeszi, May 20, 2021

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.