Name of data controller: LAJTA-HAAS Műanyagfalforgodzó Látólöszégő Társaság Társaság
Székhelye: 9200 Mosonmagyaróvár, Mosonszentjánosi út 6.
Company register.: 08-09-001927
Contact: info@rival-haas.hu
Representative: Zoltán Badics

• Regulation (EU) 2016/679 of the European Parliament and of the Council (April 27, 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (general data protection regulation) (Text related to the EEA)
• 2011 on the right to information self-determination and freedom of information. year CXII. law (Info law)
• 2012 on the Labor Code. Act I (Labor Act) of
• 2005 on the rules for personal and property protection and private detective activity. year CXXXIII. Act (Personal and Property Protection Labor Act.)
• 2000. C Act per year on Accounting (Szt Act.)

The purpose of the data protection information is to provide adequate information about the processing of personal data by us in the interest of protecting natural persons with regard to the processing of personal data.

In the application of the GDPR regulation:

1. "personal data" : any information relating to an identified or identifiable natural person ("data subject"); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as a name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
2. data management": any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying;
3. "restriction of data management" : designation of stored personal data for the purpose of limiting their future management;
4. "profiling" : any form of automated processing of personal data in which personal data is used to assess certain personal characteristics of a natural person, in particular work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movement used to analyze or predict related characteristics;
5. "pseudonymization": processing of personal data in such a way that, without the use of additional information, it is no longer possible to determine which specific natural person the personal data refers to, provided that such additional information is stored separately and secured by technical and organizational measures that this personal data cannot be linked to identified or identifiable natural persons;
6. "registry system" : the file of personal data in any way - centralized, decentralized or divided according to functional or geographical aspects - which is accessible based on specific criteria;
7. "data controller": the natural or legal person, public authority, agency or any other body that determines the purposes and means of processing personal data independently or together with others; if the purposes and means of data management are determined by EU or member state law, the data controller or the special aspects regarding the designation of the data controller may also be determined by EU or member state law;
8. "data processor": the natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data controller;
9. "recipient" : the natural or legal person, public authority, agency or any other body to whom or with which the personal data is communicated, regardless of whether it is a third party. Public authorities that have access to personal data in accordance with EU or Member State law in the context of an individual investigation are not considered recipients; the management of said data by these public authorities must comply with the applicable data protection rules in accordance with the purposes of data management;
10. "third party": the natural or legal person, public authority, agency or any other body that is not the same as the data subject, the data controller, the data processor or the persons who, under the direct control of the data controller or data processor, are authorized to process personal data they got;
11. "consent of the data subject": the voluntary, specific and clear declaration of the will of the data subject based on adequate information, with which the data subject indicates by means of a statement or an act clearly expressing the confirmation that he gives his consent to the processing of personal data concerning him;
12. "data protection incident" : a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled;
13. "genetic data" : any personal data relating to the inherited or acquired genetic characteristics of a natural person, which carries unique information about the physiology or state of health of that person, and which primarily results from the analysis of a biological sample taken from said natural person;
14. "biometric data" : any personal data relating to the physical, physiological or behavioral characteristics of a natural person obtained by specific technical procedures that enable or confirm the unique identification of a natural person, such as facial image or dactyloscopic data;
15. "health data" : personal data relating to the physical or mental state of health of a natural person, including data relating to the health services provided to the natural person, which carries information about the state of health of the natural person;
16. "activity center" :
    a) in the case of a data controller with a place of business in more than one Member State, the place of its central administration within the Union, if, however, decisions regarding the purposes and means of processing personal data are made at another place of business of the data controller within the Union, and the latter place of business has the authority to implement said decisions , the place of activity that makes the mentioned decisions must be considered the center of activity;
    b) in the case of a data processor with a place of business in more than one Member State, the place of central administration within the Union, or if the data processor does not have a central place of business in the Union, then the place of business of the data processor within the Union where the main activities carried out in connection with the activities carried out at the place of business of the data processor data management activities take place if the data processor is subject to the obligations defined in accordance with this regulation;
17. "representative": the person with a place of business or residence in the Union and who is authorized by the data controller or data processor pursuant to Article 27. a natural or legal person designated in writing pursuant to Article, who represents the data manager or data processor in relation to the obligations imposed on the data manager or data processor pursuant to this regulation;
18. "enterprise": a natural or legal person engaged in economic activity, regardless of its legal form, including partnerships and associations engaged in regular economic activity;
19. "enterprise group" : the controlling enterprise and the enterprises controlled by it;
20. "mandatory corporate rules" : the regulation on the protection of personal data by a data controller or data processor with a place of business in one or more third countries on the part of a data controller or data processor within the same group of enterprises or the same group of enterprises engaged in joint economic activity. follows with respect to its transmission or series of such transmissions;
21. "supervisory authority" : by a Member State pursuant to Article 51. an independent public authority established in accordance with Article;
22. "affected supervisory authority": the supervisory authority affected by the processing of personal data based on one of the following reasons:
    a) the data manager or the data processor has a place of business in the territory of the member state of the said supervisory authority;
    b) data processing significantly affects or is likely to significantly affect data subjects residing in the member state of the supervisory authority; obsession
    c) a complaint has been submitted to the aforementioned supervisory authority;
23. "cross-border processing of personal data":
    a) processing of personal data in the Union, which takes place in connection with the activities of a data controller or data processor with a place of business in more than one Member State; obsession
    b) processing of personal data carried out in the Union, which takes place in connection with activities carried out at a single place of business of the data controller or data processor, in a way that significantly affects or is likely to significantly affect data subjects in more than one Member State;
24. "relevant and well-founded objection" : an objection submitted against the draft decision, related to whether this regulation has been violated, or whether the planned measure concerning the data controller or the data processor is in accordance with the regulation; the objection must clearly demonstrate the significance of the risks posed by the draft decision to the fundamental rights and freedoms of the affected parties and, where applicable, to the free flow of personal data within the Union;
25. "service related to the information society" : Directive (EU) 2015/1535 of the European Parliament and of the Council ( 19 ) 1. service within the meaning of point b of paragraph (1) of Article;
26. "international organization": an organization under the scope of international public law or its subordinate bodies, or any other body established by an agreement between two or more countries or which was established on the basis of such an agreement

Purpose of data management: conclusion of the contract, performance, issuing of an invoice.

ALegal basis for data management: Article 6 of the GDPR. on the basis of point b of paragraph (1) of Article 2, data processing is necessary for the performance of a contract in which the data subject is one of the parties.

The expected duration of processing of personal data, if it cannot be determined, the aspects of this duration: the duration of the contract and a maximum of 10 years after the fulfillment or termination of the contract (term of retention of the contract); and a maximum of 8 years for issuing the invoice. Overall, the shortest possible deadline required by law and the circumstances or behavior related to its compliance.

Provision of personal data: a prerequisite for concluding a contract.

The data subject is not obliged to provide his personal data.

If the person concerned does not provide their personal data, the contractual relationship will not be established, because the contract cannot be concluded in the absence of personal data.

The purpose of data management: The form of the electronic surveillance system that enables image, sound, or image and sound recording is the protection of human life, physical integrity, personal freedom, the safeguarding of dangerous substances, the protection of business, payment, bank and securities secrets, and is used for asset protection.
The legal basis for data management: GDPR Article 6 (1) f, - data management is necessary to assert the legitimate interests of the data controller (asset protection), and § 11 of Mt.
The duration of data management: for the shortest possible period, which is influenced in particular by the reason for data storage, legal obligations, and a period relevant to asset protection.

The purpose of data management is to serve webshop customers

Legal basis for data management: (e.g. based on consent, GDPR)

If the data processing is necessary to enforce the legitimate interests of the data controller or a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, especially if the data subject is a child. – the legitimate interests of the data controller or a third party:

Recipients of personal data, categories of recipients: in the case of sales through the webshop, the transfer of the data required for delivery and invoicing to the courier service.

The expected duration of processing of personal data, if it cannot be determined, the aspects of this duration: the duration of the contract and a maximum of 10 years after the fulfillment or termination of the contract (term of retention of the contract); and a maximum of 8 years for issuing the invoice. Overall, the shortest possible deadline required by law and the circumstances or behavior related to its compliance.

I hereby inform you that you can request from the data controller access to your personal data, their correction, deletion or restriction of processing, and you can object to the processing of such personal data, as well as the possibility to request that the data controller transfer the personal data it manages to another data controller forward to (right to data portability).

The data subject has the right to receive feedback from the data controller as to whether his personal data is being processed, and if such data processing is underway, he is entitled to access the personal data and the following information:

• the purposes of data management,
• categories of personal data concerned
• recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations
• where appropriate, the planned period of storage of personal data or, if this is not possible, the criteria for determining this period
• the data subject's right to request from the data controller the correction, deletion or restriction of processing of personal data concerning him and to object to the processing of such personal data
• the right to submit a complaint to a supervisory authority
• if the data were not collected from the data subject, all available information about their source
• the fact of automated decision-making, including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of the data management and the expected consequences for the data subject.

The data subject has the right to request that the data controller correct inaccurate personal data relating to him without undue delay. Taking into account the purpose of data management, the data subject is entitled to request the addition of incomplete personal data.

The data subject has the right to request that the data controller delete the personal data concerning him without undue delay, and the data controller is obliged to delete the personal data concerning the data subject without undue delay if one of the following reasons exists:

• the personal data are no longer needed for the purpose for which they were collected or otherwise processed;
• the data subject withdraws the consent that forms the basis of the data management, and there is no other legal basis for the data management;
• if the data subject has the right to object to the processing of his personal data at any time for reasons related to his own situation, if the legal basis of the data processing is the public interest of the data processing or the necessity for the execution of a task carried out in the context of the exercise of a public authority vested in the data controller; or the legal basis for the data management was that the data management is necessary to enforce the legitimate interests of the data controller or a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, especially if the affected child; including profiling based on them. In this case, the data controller may not process the personal data further, unless the data controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or which are necessary for the presentation, enforcement or defense of legal claims. are connected; and in addition to all this, there is no overriding legal reason for data processing and on this basis you object to the processing of your data. Or if the data subject's personal data is processed for the purpose of direct business acquisition, and the data subject objects for this reason to the processing of his personal data, including profiling, if it is related to direct business acquisition
• personal data were handled illegally
• the personal data must be deleted in order to fulfill the legal obligation prescribed by the EU or Member State law applicable to the data controller;
• the collection of personal data took place in connection with the offering of information society-related services offered directly to children.

The data subject has the right to have the data controller restrict data processing at his request if one of the following conditions is met:

• the data subject disputes the accuracy of the personal data, in this case the limitation is for that period of time
  applies, which allows the controller to check the accuracy of personal data;
• the data processing is illegal and the data subject opposes the deletion of the data and instead requests the restriction of its use;
• the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims; obsession
• the data subject objected to the data processing for one of the following reasons: if the legal basis of the data processing is the need for the data processing to be carried out in the public interest or in the exercise of a public authority granted to the data controller; or the legal basis for the data management was that the data management is necessary to enforce the legitimate interests of the data controller or a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, especially if the affected child; including profiling based on them. In this case, the data controller may no longer process the personal data, unless the data controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are necessary for the presentation, enforcement or defense of legal claims are connected. - in this case, the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.

The data manager informs all recipients of all corrections, deletions or data management restrictions to whom or to whom the personal data was communicated, unless this proves to be impossible or requires a disproportionately large effort. At the request of the data subject, the data controller informs about these recipients.

If the data management is in the public interest or is necessary for the execution of a task performed in the context of the exercise of a public authority granted to the data controller; or the data management is necessary to enforce the legitimate interests of the data controller or a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, especially if the data subject is a child; then the data subject is entitled to object to the processing of his personal data at any time for reasons related to his own situation, including profiling based on the aforementioned provisions. In this case, the data controller may no longer process the personal data, unless the data controller proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are necessary for the presentation, enforcement or defense of legal claims are connected.
Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.
If the data subject objects to the processing of personal data for the purpose of direct business acquisition, then the personal data may no longer be processed for this purpose.

The data subject has the right to receive the personal data concerning him/her provided by him/her to a data controller in a segmented, widely used, machine-readable format, and is also entitled to transmit this data to another data controller without being hindered by the data controller whose provided the personal data if:

• the data processing is based on the data subject's consent, or the data processing is necessary for the performance of a contract to which the data subject is a party; and
• data management is automated.

If your personal data is processed based on your consent, you have the right to withdraw your consent to the processing of personal data at any time. In case of withdrawal of consent to the processing of personal data, the previous data processing (i.e. before the withdrawal) remains legal/is not affected.

I would like to inform you that if the data controller does not take measures following the data subject's request, it will inform the data subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as that the data subject may file a complaint with a supervisory authority and seek legal remedies with his right.

National Data Protection and Freedom of Information Authority
Address: 1055 Budapest, Falk Miksa utca 9-11
Postal address: 1363 Budapest, Pf.: 9.
Telephone: +36 (30) 683 5969
+36 (30) 549 6838
+36 (1) 391-1400
Fax: +36 (1) 391-1410
Email: ugyfelszolgalat@naih.hu

If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the data controller informs the data subject of the data protection incident without undue delay.