Privacy policy of Plasztik Dzsungel Ltd.

The purpose of the notice

The purpose of this notice is to record the applied data protection and data processing principles of Plasztik Dzsungel private limited company (hereinafter: company), the data protection and data processing policies and to inform the visitors of www.rolantritter.com website of the data processing connecting to the website.

Basic terms

Basic terms of data protection are determined in the Act CXII. of 2011 on Information Self-determination and Freedom of Information, as well as the Regulation (EU) 2016/679 of the European Parliament for legal entities regarding the processing data and its security and the free flow of information, and the repeal directive of 95/46/EK.

Necessary basic terms for comprehending this notice:

2.1. Data controller: who determines the purpose and tools of data processing of visitors individually or in cooperation with others.

Operator of www.rolandritter.com website and its webshop sales (who offers the service):

Data controller: Plasztik Dzsungel private liability company;

Short name: Plasztik Dzsungel Ltd.;

Company registration number: 02-09-070402;

Tax number: 13602224-2-02;

Registered office:H-7624 Pécs, Angster József u. 39/B.;

Address (official mailing address): H-7624 Pécs, Angster József u. 39/B.;

Electronic mailing address (email address): plasztikdzsungel@freemail.hu;

Website: www.plasztikdzsungel.hu;

Data protection representative: Roland Réti managing director;

Contact information of data protection representative: plasztikdzsungel@freemail.hu

Furthermore, the data controller is the person who this policy names as data controller in regard to the given services.

2.2. Consignee: legal entity, authority, agency, or another organization who or with whom data is shared (according to Article 4(9) of the GDPR).

2.3. Visitor: Identified or identifiable legal entity during data processing whose data is being processed.

Legal entity: living person, who is entitled to personality rights, for example right to personal data protection.

The data processing according to this policy, legal entity is who uses the website operated by the Company (www.rolandritter.com), visits it, signs up or shops without registration (hereinafter: “User”).

2.4. Personal data: data in connection with the visitor – specially the name, address, identification be it authorized, or company registered identification, as well as knowledge of physical, physiological, mental, economic, cultural, or social identification – and speculations about the identity of the user based on this data.

2.5. Data controlling: any activity or activity of data processing regardless of the applied procedure, namely the collection of data, recording, sorting, storing, modification, use, query from public or private data base, forwarding, publishing, synchronization or connecting, deletion and dissolution and the prevention of further use of data.

2.6. Data processing: completion of technical, technological tasks in connection to data processing, regardless of the methods and tools of operation or the place of operation.

2.7. Data processor: legal entity or organization without legal entity who carries out the processing of data based on a contractual agreement with the company.

2.8. Webshop: online store operated by the company on the www.rolandritter.com website (hereinafter: webshop).

2.9. Deletion of data: altering data in a way that it is unrecognizable, its restoration is not possible.

2.10. Consent: voluntary and determined proclamation of will in regards to the processing of personal data, which is based on initial information and with which the person gives unmistakable consent to the handling of personal data in question, inclusive or including certain operations.

2.11. Creating a profile: automated handling of personal data, during which personal data used in connection with a legal entity is (for example, preferences, area of interest) processed, analyzed, and forecasted.

2.12. Objection: the visitor makes a specific statement (for example, in speech, writing or in email), expresses his concerns about his personal data being handled at the Company, and requests for the cancellation and deletion of the processed personal data.

Data processing based on this notice is carried out based on the Hungarian regulations and regulations mandatorily applied in Hungary (e.g.: GDPR).

Regulation references:

“ECA Act”. Act CVIII of 2001 on Certain Issues of Electronic Commerce Activities and Information Society Services

“Consumer protection Act”.  Act CLV of 1997 on Consumer Protection

“Commercial Advertising”. Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities

“GDPR” Regulation (EU) 2016/679 of the European Parliament on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC

“Info Act”. Act CXII of 2011 on Informational Self-determination and Freedom of Information

“Postal Service Act”. Act CLIX of 2012 on Postal Services

“Accounting Act”. Act C of 2000 on Act of Business Associations

Purpose of data processing

The purpose of data processing is the provision of service in the webshop of the website. Necessarily provided data for these services can be found under Related services section in the webshop.

Data processing occurs for the following reasons:

• Registration and log in,
• General processing of data in connection with online purchase,
• Handling of complaint,
• Prize competition (sweepstakes, votes),
• Use of contact form,
• Use of cookies,

Basic dispositions

Responsibility for the accuracy of provided personal data

The company does not control the accuracy of the provided personal data. The accuracy of provided data is the responsibility of the person providing it. Any given user providing an email address has to take into account that the given email address is only used by him. Login related to a given email address is the responsibility of the user, who registered that email address.

The company also raises the attention of users to cooperate in keeping their data up-to-date. So, if a user has not reported a change in address in case of a new order, and the order is delivered to the wrong address, the damage of the wrong delivery relies on the user namely the cost of delivery.

Modification of personal data can be managed after logging in and accessing “My data”.  Request of deletion of personal data can be handed in through the email provided at time of registration or via phone.

After the execution of the request for the deletion of personal data the previously deleted data cannot be restored.

The company also raises attention to people providing their personal data that if they do not provide their own personal data (e.g.: consignee different from the costumer, the delivery information of the gifted person), it is the responsibility of the data processor to provide legal basis for data processing (e.g.: request consent from the person in question). As long as there is not doubt regarding legal base, the company safeguards that:

• if the user provides the data of third party as delivery address, the user possesses legal basis for doing so (e.g.: consent);
• if at time of delivery of the order a third person volunteers to sign for the product, the user has granted permission for this third party person to do so.

Mentioned above does not include the right for the company to, based on the case, request proof of legal bases, and handle the provided data during the purchasing process regarding the ordered products according to the regulations.

Processing of personal data

The provided personal data to the company is not used for any the purpose than that mentioned in this notice.

In case the regulations or this notice do not order otherwise, the processing of data provided by the user remain until the user does not request otherwise in writing. The time of deletion is at the earliest convenience as of the request submitted by the user (request for deletion).

In case the regulations do not forbid, the illegal, use of deceptive personal data or crime committed by the user, as well as in case of an attack against the system, the company has the right to delete the registration of the user and delete the user’s data immediately, however the company is obliged to store the data for the time of the investigation process in case of a crime or its suspicions.

In case of contradicting regulations by law or in this notice, the data provided by the user, also if the user does not unsubscribe from the service, can be stored by the company as long as the user does not request the deletion of his data.

In some regulated cases the company, official authorities, police investigation, legal process against copy or financial crime or the legal suspicion to protect the interest of the company and prevent the damage of its services etc., the company is obliged to provide the personal data of the user to a third party. The company as data processor is obliged to hand over all personal data in their possession to local authorities in case the company is ordered by law or court to do so. Data forwarding like this, and the consequences of such event the company cannot be held responsible.

The company processes all personal data in its possession according to, and detailed in section 2, regulations and this policy and does not forward it to third party. In case of data forwarding, the use of statistical summary of data makes an exception, which does not contain the name of the user or any identifiable information about the user. Further exceptions are listed here in this notice for cases of data forwarding.

Any case when the company wishes to use the provided personal data for other than data collection, the company will inform the user about it and request for initial, specific consent and will provide the opportunity for the user to object to the use of his personal data.

The company based on current scientific and technological, and operational costs, as well as the type of data processing, scope, circumstances and aims, or the rights of legal entity and freedom, taking into consideration varied and high risk factors, takes steps toward both the time of determining the method of processing and technical and organizational steps during data processing, the purpose of which is based on the data policy, for example data providence efficiency, or the fulfillment of GDPR requirements and the protection of rights of people in question and implementation of necessary guarantee in the data processing.

The company protects data with adequate processes, especially unauthorized access, alteration, forwarding, publishing, deletion, and dissolution, as well as accidental dissolution and damage, or the inaccessibility of data due to applied technical changes.

Processing of data for technological reasons

The system of the company may gather information regarding the users’ activities, which cannot be connected to the data provided by the user at registration or data generated by the use of other websites or services.

Automatically and technically recorded data during system operation processes are stored from their generation to a necessary time for the optimal functioning of the system. The company guarantees that this automatically recorded data cannot be connected to other user personal data with the exception of the ones regulated by law. If the user has withdrawn consent from the processing of his personal data, his person cannot be identified with the use of technical data.

Handling the handover of the website operation

In case the company hands over the operation or use of services in the webshop partially or wholly to a third party, then the data processed by the company will be forwarded to the third party without initial consent requested. This data transfer purely serves the purpose of maintaining the continuous nature of the users’ registration, however the data processing and security listed in this notice cannot be overlooked and be unfavorable for the user. According to the data transfer in question, the data processor will provide opportunity for the users before handing over their data, to withdraw their consent and object to the transfer of their data. In case of objection the data of the user in question cannot be forwarded.

Cookies and similar technologies

The company and the external services employed by it, for the purposes of monitoring and continuous improvement of the webshop, technical problems occurring during the operation of the webshop (e.g.: slow browsing experience, unavailability of the webshop, prevention of data loss when using online charts etc.) identification and solution, as well as the attributes of user habits (e.g.: browsing time, duration of browsing, duration of visit of certain elements of the website, cancellation of purchase/registration process, device used for browsing [desktop, tablet, mobile phone etc.] type of activities during browsing [scrolling, tapping, movement of cursor], type and version of browser, type of operation system, geographical location of browsing, saving unique settings of user, special needs in connection with the use of the website, suggestions etc.) collect and analyze information regarding user needs with the purpose of serving personalized content for the user it places data packages (so-called: cookies) on the device of the user, or uses similar technology. The purpose of the cookies is to provide best quality operation of the website by enhancing user experience. The data processors aims to use cookies or similar technological tools, and use such providers and their tools, that do not collect information of the user as an individual, but as a visitor to the webshop, a customer, as a homogenous group and its user habits to record customer behavior and needs.

The user is able to delete cookies from his own computer, and can make the necessary settings in the browser to forbid the use of cookies.

In case of most browsers, you can find more information under the “Help” section about

• how to restrict cookies,
• how to accept new cookies, or
• how to make the browser set new cookies, or
• how to turn off other cookies.

You can find more information about cookie settings regarding different browsers:

Google Chrome

Mozilla Firefox

Microsoft Edge

Microsoft Internet Explorer

Opera

Safari

Some browsers allow the user to turn on the “Do not track” option and forbid the use of cookies and similar tools to be placed on the device used for browsing.

Browsing in “private” or “incognito” mode, as well as the use of certain extension like Ghostery, Unlock or Adblock prevent cookies and other tools to be placed on the device used for browsing.

By restricting cookies, the user acknowledges that some websites may not function properly.

If the cookie or other technology placed on the device used for browsing by an external party identifies the user, assigns the user a personal identification and records the user’s special webshop activity (for example, time of browsing, duration of browsing, duration of time spent on specific parts of the site, cancellation of purchase/registration process, device used for browsing [desktop, tablet, mobile phone etc.], type of activity during browsing [scrolling, tapping, movement of cursor], the type and version of browser, type of operation system, geographical location of browsing, remembering unique settings of user, needs and suggestion of the use of the website etc.) gathered information connects the user, then the data processor strictly begins the collection and use of personalized data if the user is initially informed of the data collection, the purpose of use of the collected data and consent was given by the user.

During the first visit of the website the pop-up window displays cookie information (“Cookie information”) contains the “strictly necessary” categorization which can be placed on the device used for browsing without the user’s consent, but the settings can be changed in the above mentioned way.

According to the cookie information of the company, cookies categorized as “settings”, “statistical” and “marketing” are only placed on the device used for browsing after the user’s consent. The user gives his consent at the first visit to the website after reading the information in the pop-up window and agreeing to it. The current version of cookie information can be found on the website under “cookie settings”.

Continuously updated information can be found about the consent-free and the consent-strict cookies where the user can change his cookie settings in the “cookie settings” section on the website.

Information about certain types of data processing

5.1. Registration and log in

To use the webshop services of the company, there is no need to create an account, but if the user creates a user account, he does not need to send the company his personal data every time he uses the webshop.

Data recorded during registration (name, e-mail address) is used to access services on the company’s website (e.g.: making a wish list, participating in the regular customer program), to display personalized content and advertisement, make statistics, improve the information technological system, to protect users’ rights. The data processor may use the provided data by the user to create user groups and to display personalized content and advertisement for the user group.

User: all the users, who wish to use the services of the webshop accessible through registration and log in.

Purpose of data processing: recording of user data, giving access and keeping in contact to ensure service quality.

Purpose of data processing at log in is to provide the identification of the user, rights, discounts, controlling of user, modification of data, cancellation and the continuous simplification of order placement.

Type of processed data: a) mandatory data: name and email address, password; b) optionally given data: -. If the user orders a product after registration the system, after the user’s consent, records the delivery address and the invoicing data, therefore the name and the address.

Legal basis for data processing is provided by Article 6(1)(a) of the GDPR and Section 4 of 13/A on ECA Act.

Duration of data processing: until consent is withdrawn. The user may cancel his registration free of charge. If the user deletes his registration, his personal data connecting to the registration is deleted without delay.

5.2. General data processing regarding online purchase

User: the user who uses the online webshop of the company, orders products with webshop registration or without it.

Purpose of data processing: Delivery of webshop order, documentation of purchase and order, invoicing and delivering invoicing requirements.

Data processing of the user with the purpose of purchase through the webshop occurs due to the contractual agreement. Legal basis is Section 1-3 of 13/A on the ECA Act and Article 6(1)(b)(c)(f) of the GDPR.

The user has to provide his personal data to be able to purchase the selected product in the webshop. Without the personal data the company cannot process the order and the contract with the user cannot take effect.

Type of processed data: order number, date and time of order, name, address, phone number, email address, name of the purchased /ordered products, quantity, price, color, chosen payment method invoicing and delivery information, IP address of the last access point and time of last log in.

Duration of processing: personal data of the user is stored until the fulfillment of the contract, in case of a legal dispute until the final judgment of the legal dispute, except if the regulations demand the further storage of the user data (e.g.: tax authorities) for data provision purposes. Such mandatory data processing, for example the storage of invoices according to the Accounting Act (Point (2) Section (169) of Accounting Act and Section (78) Act CL of 2017 the financial documents directly or indirectly proving the bookkeeping accounts shall be stored for 8 years, until the lapse of taxation basis, in case of deferred tax liability five years from the last day of the calendar year. In case of cancelled order, legal rights connecting to the protection against customer needs, the personal data connecting to the order will be stored until the lapse period ends. The data detailed in 5.5. is stored until liability, or if the warranty time occurs then within the warranty time – in case of both the longer period applies – in order to meet the requirements of the warranty needs of the user. Information on liability and warranty time can be found in the General Terms and Conditions document.

Certain personal data of the user – based on legal requirements – are stored and forwarded to authorities on the legal basis of Article 6(1)(c) of the GDPR, as well as Point (2) Section (169) of Accounting Act, Section (78) of Act CL of 2017 in regards to the Points (1)(2) of 13/A of the ECA Act.

Details about the data processing in case of warranty and liability needs can be found in section 5.5.

Data processing regarding delivery

If the user signs a contract with the company, the company will forward the user’s data to a logistics company in order to proceed with the delivery of the purchased products.

User: the person, or the person cognized by the user, who the company will deliver the ordered products to.

Type of processed data: consignee’s name, address, email address, phone number, package number, value of package, choice of payment and delivery, collected cash on delivery, invoicing name and address and the additional voluntarily given information to the company, or any other information provided in the comment section (e.g.: information about doorbell).

Purpose of data processing: fulfillment of orders, documentation of purchase and payment, accounting duties.

Legal basis: Point (b) Section (1) Article (6) of the GDPR and Points (1)(2) of 13/A of ECA Act.

Duration of processing: according to Point (2) Section (169) of the Accounting Act: 8 years.

Data transfer, consignee of data transfer: FOXPOST delivery, in case of delivery to the FOXPOST station, the above mentioned data is shared with the postal service/ courier/ delivery company. In case of delivery at a Budapest delivery station, the email and the order number of the user is given to the station.

Legal basis of data transfer in case of a domestic postal service provider (Magyar Posta Zrt.) Article 6(1)(e) of the GDPR and Section (6) and (18) of the Postal Service Act (processing of data is necessary for the domestic postal service, as service of public interest, which is regulated under Section (6) and (18) of the Postal Services of Hungary), while other postal services besides the domestic service (other services besides Magyar Posta Zrt.) are regulated under Article 6(1)(f) of the GDPR ( the data transfer is the legal interest of the postal service provider, which means that without this the fulfillment of contract is not possible and its certification would not be possible according to the regulation conditions).

In case the delivery company chosen by the user is unable to fulfill the delivery within the desired timeframe of at the desired quality, beyond the control of the company, the company may give the package and the processed data to another delivery company for the package to be delivered on time, about this the user will be informed along with its reasons in an email as well as the email containing the new delivery information.

In regards to services provided by postal services and delivery company their general terms and conditions and privacy policy apply which the user gives consent to by agreeing to this notice.

Postal and logistics service providers

For the purposes of the fulfillment of the order the personal data of the user is forwarded to the postal service provider according to Section (54) of the Postal Service Act and regards it as data processor, in case of other logistic services the data is only stored until the delivery of the ordered product, except if the regulations state that the logistic company has to store the data of the user for data supply to the authorities.

Assigned postal services:

Name of postal service provider	Registered office of postal service provider	Data processing activity by the postal service provider
Magyar Posta Zrt.	H-1138 Budapest, Dunavirág utca 2-6.	Delivery
FoxPost Zrt.	H-3200 Gyöngyös, Batsányi u. 9.	Delivery

 

Data transfer to online payment service providers

The website does not offer online payment (payment method is initial transfer to the bank account).

Electronic invoicing systems used by the data processor

Personal data and data of order is stored by the company during the registration or purchasing process and is forwarded to MKRODIGIT Informatikai Ltd (H-1118 Budapest, Ménesi út 35. fszt. 1.) as of 11 November 2020 with the purpose of fulfilling electronic invoicing and storing of invoices of ordered books and e-books So the forwarded personal data is processed according to the privacy policy of MAKRODIGIT Ltd. (available on the following link: https://www.makrodigit.hu/felhasznalasi_feltetelek)

Users: Users who purchase e-books or those users that request electronic invoice of their order

Processed personal data: name, email address, invoicing name and address, order identification number, name of the ordered product, price, and quantity.

Purpose of data processing: performing invoicing responsibilities in order to perform a contract.

Legal base: Points (1)(2) of 13/A of ECA Act as well as Article g(1)(c) of the GDPR.

Duration of processing: Based on Point (2) Article (169) of the Accounting Act: 8 years.

5.3. Subscription and delivery of newsletter

www.rolandritter.com does not offer subscription possibility.

5.4. Participating in regular customer program

The www.rolantritter.com website does not operate regular customer programs.

5.5. Handling of complaint, liability, and warranty needs

User: user who makes a complaint regarding the provided service or product on either of the contact information provided by the company on the website, and makes a request for liability or warranty need.

Type of processed data: order number, customer’s name, address, email address, phone number, name of the product, price, date of purchase and request date, data regarding the description of the complaint, voluntarily given information by the customer, signature of the person of the complaint record and the issuer’s signature, personal data used during the process of investigation and the personal data used in response to the complaint.

Purpose of data processing: handling of complaint in connection to the services provided by the company, issuing complaint record in case of liability and warranty concerns, storage and correction or the examination of the correction or warranty execution, issuing and safekeeping of receipt certificate, delivery of the products in need of correction, exchange from the customer to the warehouse of the company and the delivery of the corrected/exchanged product.

Legal basis: Article 6(1)(c) of the GDPR in accordance with Points (3)(4)(5) of 17/A of Customer Protection Act as well as the warranty and liability relevant to the sold goods according to the contract between the customer and the company the process is regulated by Article 4(1)(a) and (6) of 19/2014 (IV 29) National Economic Ministry as well as Article 6(1)(a).

Duration of processing: according to Point (7) of 17/A of the Customer Protection Act 5 years from the issuing of complaint record, and Article 4(6) of 19/2014 (IV 29) of National Economic Ministry regulations concerning the complaint record, 3 years form the issuing of the record.

Consignee of data transfer: Magyar Posta Zrt and FoxPost Zrt. are responsible for the returning of the warranty/liability requests to the company, as well as the delivery of the corrected/exchanged product to the customer.

Legal basis of data transfer is in accordance with Article 6(1)(e) of the GDPR and Article (6) and (18) of the Postal Service Act (handling of data is necessary for the fulfillment of public service of the postal service provider in accordance with the Article (6) and (18) of the Postal Service Act).

5.6. Call Center

The company does not operate a call center.

5.7.  Prize competitions (sweepstakes, votes)

Prize competitions, campaigns in cooperation with a third party, and other case by case data processing are regulated individually, the company will determine in connection to the event in accordance with the attributes of the event.

5.8. Use of contact forms

The website does not contain contact forms.

Persons authorized to access personal data

6.1. The company’s employees, fulfillment assistants and contributors, especially data processors, professionals, and those that this notice names specifically are authorized to have access to personal data.

Data processors, data transfer

Data processors may be used for the purposes of continuous and adequate operation of the website, fulfillment of orders or the provision of other webshop services in connection to its activities.

The company keeps record of the data transfer to control the legality of the data transfer and for the purposes of informing those users in question, which contains the processed personal data and its date, the legal basis of transfer and its consignee, type of transferred personal data, as well as other data regulated by the law regarding data protection.

7.1. Name of data processor used by the company:

Company name	Registered office	Activity
MAKRODIGIT Zrt.	H-1118 Budapest, Ménesi út 35. fszt. 1.	Electronic invoicing, invoice archiving
Fer-Partner kft.	H-7634 Pécs, Fő u. 26.	Server-operation, website design

 

7.2. Possibility of data transfer

Personal data of customers is not transferred during the ordering process.

Rights of users and validation of rights

Information regarding the processing of their data may be requested by the users, as users infrom the company as data processor via registered mail sent to the company’s address (Plasztik Dzsungel Kft. 7624 Pécs, Angster József u. 39/B.) or to its email address: plasztikdzsungel@freemail.hu.

1. Information regarding the processing of their personal data (rights to access),
2. Modification or dissolution of their personal data,

III. Transporting personal data to other data processor,

1. restriction of data processing,

as well as

1. they can object to the processing of their data,
2. can request not to be included in the automated decision making,

III. withdraw consent from processing of data,

Five years after the death of the user access, modification, cancellation, limitation, and objection rights can be practiced by the person entrusted by the user in his life. The declaration stating the representative of the user has to be sent to the company. In lack of representative the rights for modification or objection – in case the data processing was unlawful in the life of the user or the purpose of the data processing expired with the death of the user – cancellation or limitation or rights can be requested by a close family member (spouse, relative, adopted child, step- or lawful children, adopter, step, or foster parent as well as a sibling). The representative wishing to practice the rights of the deceased user, close relative with identification as well as the fact and date of death of the user is requested by the company. Certification of death and time is only possible with death certificate, or the court statement declaring the death of the user: in lack of these the request of the representative will not be honored by the company.

Information requested via mail is only considered credible or lawful if based on the request the user can clearly be identified.

Request for information via email is only considered credible or lawful if the email is sent from the registered email address.

In case there is doubt regarding the rightfulness of the requestor, the company may request proof of identification of the requestor. The company when controlling the rightfulness might request either one of the following two forms of identification from the requestor:

1) In connection with the registration or the order: registered phone number, order number (including cancelled orders), account identification, order details (e.g.: delivery method, delivery address, phone number of addressee, name of product etc) registered email address;

 

Personal information used for identification only serve the purpose of identification and are only processed for the performance time.

Rights to access

Rights to access does not mean to the data, or the physical storage space or the IT systems’ access, but based on the user’s request the company may provide information regarding whether his personal data is being processed; if yes,

• what is the purpose of the processed data,
• who is it being transferred to,
• how long the data is stored (if the duration of storage cannot be initially defined then the aspects of the storage)
• how the company accessed the data (if not directly from the employee), does automated decision making occur (including profile generation), what is the logic, and what does the automated decision making entail regarding the user and its expected consequences,
• is the data being transferred to third country (countries outside the European Union as well as outside the European Economic Area [Iceland, Norway, and Liechtenstein] or international organization, if yes what kind of guarantees are provided.

The company may only object to the provision of information in case of the terms defined in the GDPR and the Information Act regulations. It can object to the provision of information if,

• the user’s rights stated in this section (information, modification, cancellation) is regulated by the state’s external and internal security (for example national defense, state security, crime prevention and pursue, defense of punishment execution), as well as by the interest of national or governmental economic or financial reasons, significant economic or financial interest of the European Union, or disciplinary and ethical offense in connection with occupational practices, prevention of work labor and labor protection and investigational purposes (including control and supervision) furthermore, it is regulated in protection of the rights of the user, and
• if the requestor is a different person from the user and he is not willing to identify himself and his rightfulness of requesting.

In case of objection to the provision of information the company informs the user in writing about the reasons of objection.

Form the time of the issued request at the company’s earliest convenience, but maximum within a month, the company gives its written response to the user’s request.

The company makes a copy of the requested data free of charge for the first time, then at additional cost for the second copy, and makes it available for the requestor.

Modification and cancellation of personal data

If the personal data is not correct, and the company possess the true personal information, the company corrects the information; in other cases, modification is made through the request of the user after providing the correct information.

Personal data has to be deleted, if

• the personal data is no longer necessary, for the purposes it was collected or handled differently,
• the user has withdrawn consent from the processing of his personal data,
• the user objects to the rightful interest – as legal base for data processing – and there is no primary and lawful reason for the processing of data, or the user objects to the data processing with direct business purpose,
• the processing of data is unlawful, occurs against the regulations,
• the personal data has to be deleted based on the regulations levied on the Hungarian law,
• if it was ordered by court or authorities.

If the company published personal data and is obliged to delete it, it is also obliged to finance the cost of the technology available to pursue and make the necessary steps in order to inform the data processors of the request made by the user to delete all data pointing to personal data including links and copies of the personal data.

The company marks the processed personal data, if the user argues of its accuracy or adequacy, but if the accuracy or adequacy of the personal data in question cannot be determined without a reasonable doubt.

The company informs the user and all of those to whom the personal data was previously transferred. The information can be dismissed if the purposes of the data processing does not harm the rightful interest of the user.

Rights to data portability

The user may request to receive detailed, widely used, computer based format (e.g.: excel) of its personal data, he also has the right to transfer this data to other data processor, if,

• the data processing occurs in an automated way and
• is based on the user’s consent, or is needed for the fulfillment of a contract, in which the user is one party, or initially to the signing of the data processing contract it was necessary for the user to take necessary steps.

Rights to restrictions of data processing

The company may restrict the method and duration of the processing of personal data of a user in case any of the following occur:

• the user argues the accuracy of his personal data, in this case the restriction refers to the duration, which ensures the company to check the accuracy of the personal data,
• in case of the unlawfulness of data processing instead of the deletion of the user’s personal data those are only timely and methodical restrictions requested by the company,
• the company no longer needs the personal data, but the user requests the delivery of the personal data to proposal of legal rights,
• the user objects to the processing of his data by the company or a third party based on legal interest, until it is determined that the legal interests of data processing is primary to that of the user’s legal reasons.

In case of the restriction, personal data can only be processed – beside it being stored – with the consent given by the user, or the proposal of legal requirements, validation or other the protection of other legal entity, or the general interest of Hungary and the European Union.

Before the dissolution of restrictions, the company informs the requestor of the restriction.

Objection to the processing of personal data

The user may object to the processing of his data,

• if the processing of data and its transfer is only in the interest of the company or the third party (legal basis of certain processing of data is detailed in section 5), except if the processing is forced by legal reasons which has priority over the user’s interests, rights, and freedoms, or if the processing of data is necessary for legal purposes and evaluations,
• if the processing of personal data and its transfer occurs for direct marketing reasons.

The company examines the request at its earliest convenience, but no later than 30 days after submission, decides on its grounding and informs the requestor of its decision in writing.

If the company finds the user’s request for objection grounded it stops the processing of his data – including future data processing and transfer -, and the company informs those who the data had been transferred to about the objection and the steps the company took, as they are also responsible to take steps towards validating the rights for objection by the user.

Rights regarding automated decision making

Section 5 of this notice provides more information whether the company applies these, and if yes, in which cases decision making without human intervention is applied. If this occurs the following apply for the automated decision making.

The user may initiate at the company that the strictly automated decision making based on data processing does not apply to him (including profiles) which might have legal consequences to him, or it would affect him significantly except if the automated decision making is

• necessary for the fulfillment or signing of the contract between the user and the company,
• supported by the national or European Union regulations applied, which also state the user’s rights and freedoms, as well as protective measures towards legal interest,
• based on the strict consent given by the user after initial information provided

He may issue a complaint against the decision or request for human intervention (for example the examination of the decision made by automated decision making) by points 1) and 3) towards the company.

In regards to special data of the user after specific consent given by the user, or automated decision making is applied, if the data processing is necessary for public interest, or it is regulated by Hungarian law.

Right to withdraw consent

In case the personal data – including special data – is based on consent of the user, he may withdraw his consent any time in a registered letter sent to the address of the company (Plasztik Dzsungel Kft. H- 7624 Pécs, Angster József u. 39/B.) or via email to the company’s email address (plasztikdzsungel@freemail.hu), after which the company does not continue processing the personal data of the user. Withdrawal of consent does not apply to the legality of data processing of data based on previously given consent.

The company informs the user about its steps regarding access, modification, dissolution, restriction, data transfer, objection or automated decision making without delay but not later than 30 days after receiving the request. Regarding the complexity or the number of requests, this deadline may be postponed to further two months, about which the company informs the requestor within 30 days after receiving the request. If the requestor submitted his request electronically, the information may be also given electronically in case the requestor does not wish otherwise.

In case of doubt about the quality of the requestor, the company has the right to request identification of the requestor. For proof of identification the company may only request information already known to the company. In the response, the company informs the user of the factual and legal reasons for the dismissal of the request.

The information and action mentioned in section 8, the company may only charge reasonable fee or object to the provision of information or making arrangements, in case the request has clearly no legal basis or – especially due to its repetitive nature – is exaggerating.

If the user does not agree with the decision of the company may turn to court and may decide whether he will turn to the court based on his official address or his permanent address (list of court houses can be found on the following link: http://birosag.hu/torvenyszekek).

The court relevant to the official or permanent address of the user may be found on the following website: http://birosag.hu/ugyfelkapcsolati-portal/birosag-kereso.

If the user does not agree to how his data is being processed by the company, we suggest contacting the company first. Your request will be thoroughly examined every time.

If the user is unsatisfied with the result of the examination of the complaint, he may turn to the Hungarian National Authority for Data Protection and Freedom of Information at one of the following contact details:

Registered address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c,

Mailing address: 1530 Budapest, Pf. 5.

E-mail: ugyfelszolgalat@naih.hu

Modification and taking effect of Privacy Policy Notice

This notice shall take effect on 11 November 2020. Processing of data not listed in this notice by the company shall be informed at time of data input.

The company has the right to change any detail of this privacy policy. User has to be notified of the modified privacy policy (in newsletter, in a pop-up window at the first access after the privacy policy was modified). With the further use of the website, the user accepts the modified terms and understands that further consent is not necessary.