Privacy Policy
Data processing. This Data Protection and Data Management Policy and Notice (hereinafter: Data Protection and Data Management Policy) is Imperial Roses Kft., registered office 5830 Battonya, Hunyadi János utca 82, represented by Mónika Csoszor, managing director, e-mail address info@imperialroses.hu, as data controller
GENERAL PROVISIONS
The Data Controller manages the User’s personal data based on this Data Protection and Data Protection and Data Management Policy in accordance with the provisions of the relevant law. It takes into account the information provided by the authority responsible for data protection (currently: National Data Protection and Freedom of Information Authority, headquartered at: 1024 Budapest, Szilágyi Erzsébet fasor 22/C. and website: www.naih.hu), as well as the published court practice. By accepting this Data Protection and Data Protection and Data Management Policy, the User consents to the Data Controller handling their data in accordance with the Data Protection and Data Protection and Data Management Policy. Section 6 of these regulations describes the details of the User’s declaration by accepting these Data Protection and Data Protection and Data Management Regulations, please read them in detail.
AMENDMENT
The Data Controller reserves the right to unilaterally amend this Data Protection and Data Protection and Data Management Policy. The Data Controller shall publish the amended Data Protection and Data Protection and Data Management Policy on the Website no later than the fifth day before the amended Data Protection and Data Protection and Data Management Policy enters into force. The Data Controller may also send a notification of changes to this Data Protection and Data Protection and Data Management Policy to registered Users of the Website through one of the contact details provided when using the Website, no later than the fifth day before the amended Data Protection and Data Protection and Data Management Policy enters into force. The User declares that he has the necessary Internet access to use the Website and that he regularly checks the Website. The User declares that he/she consents to contact via the contact details provided during Registration or when using the Website by accepting this Data Protection and Data Protection and Data Management Policy.
USER SCOPES
The User can register on the Website once in one way (hereinafter: Registration). Based on the data provided during Registration, the registered User can use the services (hereinafter: Services) provided on the Website in accordance with the terms of use governing the use of the Website (hereinafter: Contract). The User who uses the Services or the User who uses the Services (order) that is not subject to registration also accepts the provisions of this Data Protection and Data Protection and Data Management Policy as binding upon him/herself by the User visiting the Website for the purpose of obtaining information and/or entering the page, and you use the Website with your further activities there.
A User registered on the basis of this Data Protection and Data Protection and Data Management Policy may be the one who provided the necessary data during Registration and made the declarations contained in point 6 of this Data Protection and Data Protection and Data Management Policy (hereinafter collectively: Declarations) before using the Website, and also has accepted the provisions of the applicable Contract and the present Data Protection and Data Protection and Data Management Regulations as binding.
The consent or approval of their legal representative (usually the parent) is also required for the validity of declarations containing the consent of Users who are minor natural persons under the age of 16 and Users under guardianship limiting their capacity to act, therefore their successful Registration or use of the Service is a precondition for the consent of the legal representative or obtaining your consent to use the Website.
Accordingly, the Data Controller interprets the User Registration and use of the Website by a natural person who is a minor under the age of 16 or whose legal capacity is limited for other reasons as having obtained the prior consent or approval of their legal representative for the use of the Services and the use of the Website. also includes responsibility and makes it available to the Data Controller at any time upon the Data Controller’s request.
Users who are incapacitated (under 14 years of age or under legal guardianship) may not register or make statements on the Website independently – their legal representative (usually the parent) may register and make legal statements on their behalf, and they assume responsibility for the User’s activities.
DATA PROTECTION AND DATA MANAGEMENT POLICY
The purpose of this Data Protection and Data Management Policy is to define the scope of the User’s personal data according to point 8 and managed by the Data Controller, and the method of data management. In addition, the aim is to ensure, in accordance with the relevant law and other relevant legislation, that the privacy of natural persons Users is respected, that the requirements of data protection and data security are enforced, and also to prevent unauthorized access to the User’s personal data, changes to the data and unauthorized disclosure or use.
USER STATEMENT
The User confirms with the Registration or the Order without Registration,
- you have fully familiarized yourself with and read this Data Protection and Data Management Policy
- accept the provisions contained therein as binding for you
- voluntarily, informedly and definitively consents to the Data Controller processing his personal data specified in the Data Management Regulations for the purposes of data management defined therein in accordance with the provisions of the relevant law and these Data Protection and Data Management Regulations.
The User declares that, together with the acceptance of this Data Protection and Data Management Policy, he has read and understood the provisions of the Agreement, the acceptance of which is a condition for the validity of the Registration and the use of the Website. By registering, the User consents to the personal and other data he voluntarily provided being processed by the Data Controller for the purposes of scientific, public opinion or market research, direct business acquisition, as well as advertising newsletters, direct marketing and telemarketing/tele sales. You can, of course, withdraw your consent at any time by contacting one of the contacts provided in point 1 of this Data Protection and Data Management Policy. The User declares that the data provided during the Registration corresponds to reality and does not infringe the rights of other persons. The Users also declare that they assume responsibility for the User activities of other Users who use their User Account with their knowledge and are fully accountable to the Data Controller.
COOKIES
The Data Controller may use information packages sent by the web server, with variable content, alphanumeric, recorded on the user’s computer and stored for a predetermined validity period, i.e. cookies for the Services and the Website. You can read more about the types of cookies used by the Data Controller, their operation and options for disabling them in the “Placement of Anonymous User ID (cookie)” section. The User declares that he has understood the information provided by the Data Controller and, upon learning this, consents to the Data Controller placing cookies on the device (device) used to use the Services for one (1) year, and also consents to the related data management. The User can, of course, withdraw their consent at any time by disabling cookies. Please note that disabling cookies may have a technical impact on the extent to which the Data Controller can continue to perform individual Services for the given User.
PURPOSES OF DATA MANAGEMENT
Users’ personal data is managed by the Data Controller in order to use, provide, maintain, and protect the Services provided by the Website and to fulfill the provisions of the Agreement, to further develop the Services, and to develop new services.
The Data Controller manages the User’s data for the following purposes and considering:
- protection of the User
- to support the Data Controller’s activities related to the Services, including in particular:
o displaying content uploaded to the Website
o the preparation and execution of activities started or initiated on the Website,
o supporting the activities of the Data Controller
- Promotional purposes related to the Services
o sending a newsletter
o participation in gift campaigns and prize games
o recommendation of products/services
- The Data Controller uses the User’s anonymized personal data for statistical purposes
SCOPE OF PROCESSED PERSONAL DATA
The regulations related to the protection of Users’ personal data apply only to natural persons, given that personal data can only be interpreted in relation to natural persons. Therefore, this Data Protection and Data Management Policy only covers the processing of personal data of natural persons. The Data Controller only records personal data that the User provides voluntarily. By providing his personal data, the User consents to his personal data being entered into the Data Controller’s database in accordance with this Data Protection and Data Management Policy.
Personal data processed to identify Users
Based on the decision of the Users, the Data Controller manages the following personal data:
- User’s natural personal identification data: surname and first name
- User’s e-mail address provided during registration
- User’s residential address and postal address
- Your username and password
- User’s direct telephone and fax number
- User billing data
- Personal information voluntarily provided by the user (for example, notification address, workplace address) and other data
On the Website, the Data Controller may also request other personal data from the Users for certain activities (for example, for prize games, promotions, in the case of an offer in which the User’s address or other personal data, the User’s place of birth and time of birth can be disclosed with a specific age level), however, providing them is voluntary, and the Data Controller will use data only in connection with the indicated purpose and activity and for the time necessary for them. These Regulations are also applicable to this data management.
Data processed in order to use services
- IP address of the user’s computer,
- the start and end time of logging in on the Website, respectively
- depending on the settings of the User’s computer, the type of browser and operating system,
- data on the User’s activity on the Website (for example, tracking the number of banner clicks).
This data is automatically logged by the system. Such information is not suitable for personal identification, the Data Controller does not connect the data in the log file with other personal data, it uses the data for trend analyses, the preparation of page usage statistics, the administration of services, the analysis and satisfaction of User needs, which contribute to the development of the quality of the Services.
Data related to error reports made by Users/Subscribers
The Data Controller manages the following data in relation to error reports:
- customer number or license code or online registration code or company name and address, or contact person’s last and first name;
- e-mail address;
- telephone number.
Consumer Complaints
In order to investigate consumer complaints according to CLV of 1997 on Consumer Protection Act (hereinafter: Consumer Act) mandatorily processed data pursuant to 17/A. § (5) are:
- (1) name and address of the consumer;
- the place, time and method of presenting the complaint;
- a detailed description of the consumer’s complaint, a list of documents, documents and other evidence presented by the consumer;
- the company’s statement on its position regarding the consumer’s complaint, if the complaint can be investigated immediately;
- the signature of the person making the report and – with the exception of verbal complaints communicated by telephone or other electronic communication services – the signature of the consumer;
- place and time of making the report;
- in the case of a verbal complaint communicated using telephone or other electronic communication services, data suitable for the unique identification of the complaint.
The Data Controller may also use external advertising companies to display its ads. These companies may use certain data about the User’s visit to this or other websites (however, they may not use the User’s name, e-mail address or telephone number) in order to provide relevant (and relevant to the User) advertisements. If you would like to receive more information about this practice and the possibility that the companies may not use the information, please write to one of the contacts provided in Point 1 of this Data Protection and Data Management Policy.
The Data Controller may send a notification to the e-mail address provided by the User for the following purposes:
- sending system messages that are part of the service;
- for the purpose of registration and its confirmation of approval and sending information about the User Account, as well as updating data;
- service-related reminders;
- responses to requested information, service-related information;
- newsletter;
- promotional offers.
System messages are sent to all Users by the Data Controller, it is not possible to unsubscribe from such a “notification list”, because it satisfies the basic communication needs related to the Service, which implements information that enforces the User’s interests. However, the Data Controller undertakes to use such communication options only to the extent necessary and not to use such options for marketing purposes.
In the case of all advertising or promotional e-mails, if sent to the User, the Data Controller provides the option to unsubscribe from them. After unsubscribing, the User will no longer receive these.
Newsletter
The Data Controller also operates a newsletter service on the Website. If the User wishes to receive a newsletter related to the use of the Services and news related to the Services, the Data Controller only requests the e-mail address from the User to which the newsletter is expected. The newsletter may also include advertising or promotional offers. By accepting these Data Protection and Data Management Regulations, Users expressly consent to the Data Controller contacting them with advertising offers in their own name via the newsletter at the contact details provided for receiving the newsletter. Users who decide at any time after ordering a newsletter service offered on the Website that they no longer wish to receive newsletters, they can cancel the use of the service in the manner indicated in the newsletter and on the Website, or by sending an e-mail or postal message.
Marketing Communication
By accepting this Data Protection and Data Management Policy, Users expressly consent to the Data Controller’s ability to process their personal data for the purpose of acquiring business. Giving or withdrawing consent is possible at any time during the User relationship on the Website or at the contact details indicated in point 1 of this Data Protection and Data Management Policy. In relation to certain services, the Data Controller may send informational materials to Users at given intervals, in which they provide news about new developments related to the Services. Users who do not wish to receive such letters can cancel this information service at any time in the future by sending an e-mail indicating this intention to the e-mail address indicated in point 1 of this Data Protection and Data Management Policy.
Sending Promotional Offers/Direct Marketing
Depending on their consent, Data Controller may send informational circulars about new services and special offers to Users at certain intervals. For this purpose, Data Controller manage the e-mail address, name and postal address of the Users. If the Users do not want to receive such promotional letters in the future, even though they have not previously indicated their intention, they can unsubscribe by the Data Controller at the contact details indicated in point 1 of this Data Protection and Data Management Policy.
Notification of Registration and Changes in the Content of Services
In the field of Services subject to registration or purchase, Data Controller may send the new User a first welcome message to the specified e-mail address, in which Data Controller also provides important information for the Service (confirmation). If, in connection with a Service, Data Controller have to forward information to the Users about changes affecting the content, quality, and possibilities of use of the Service, Data Controller will send an e-mail notification in order to monitor and enforce the User’s interests, fulfilling Data Controller’s obligation to provide information. Such service notifications are sent to all Users, it is not possible to unsubscribe from such a “notification list”, because it satisfies basic communication needs related to the service, which implements information that enforces the User’s interests. However, the Data Controller undertakes to use such communication options only to the extent necessary and not to use such options for marketing purposes.
By accepting these Data Protection and Data Management Regulations, the User agrees that the Data Controller shall use the data uploaded by him, if they have been uploaded as public, as the specific, informed and voluntarily given definite consent contained in the Declaration given in point 6 of these Data Protection and Data Management Regulations, and in this paragraph make it accessible to the public on the Website based on your written consent. If the User consents to the sharing of his voluntarily provided data on other websites, he also acknowledges that the other websites are subject to their own Data Protection and Data Protection and Data Management policies, for which the Data Controller is not responsible. Based on the User’s consent, the Data Controller is entitled to use the data provided as public for promotional purposes related to the Website and the Data Controller’s activities and operations.
In the case of personal data recorded in a log file during the use of the Services, the data is stored for statistical purposes only. By accepting this Data Protection and Data Management Policy, the User consents to the Data Controller collecting anonymized statistical data necessary for the operation of the Services. The User can prohibit the use of his data for this purpose in accordance with Articles point 14-15.
The User is solely responsible for the personal and other data that he voluntarily and purposefully transmits to the Data Controller, whether his own- or third-party data, and for their transmission, in this regard he indemnifies the Data Controller and indemnifies third parties from any such transmission or failure to obtain approvals against a resulting or related claim.
Users can modify their data at one of the contact details provided in point 1 of this Data Protection and Data Management Policy.
The Data Controller can connect the User database and the impersonation subsystem of the Services. Necessary to enhance this personalized User experience.
LEGAL BASIS AND METHOD OF DATA MANAGEMENT
The Data Controller manages the User’s personal data exclusively for the purposes specified in Section 7 of this Data Protection and Data Management Policy and for the period specified in Section 10 of this Data Protection and Data Management Policy, and ensures that the data management is carried out in accordance with the purpose of the data management at all stages. By accepting these Data Protection and Data Management Regulations, the User declares that the granting of consent to data management, as well as the subsequent provision of data, is in all cases based on the User’s voluntary, informed and definite consent based on Section 5 (1) of the relevant law. This voluntary, informed and decisive consent provides the legal basis for the Data Controller’s data management as defined in this Data Protection and Data Management Policy.
DURATION OF DATA MANAGEMENT
The duration of data management is five (5) years from the termination of the possibility to use the Service (thus, in particular, the cancellation of the Registration), considering that after the termination of the Service, the Data Controller, or a third party may have a claim against the User due to the User’s activities. Data management ensures that the User’s identity remains traceable, and that the Data Controller can, if necessary, assert any claim against the User for damages or other civil law claims caused to him or a third party.
In compliance with its legal obligation, the Data Controller shall keep the accounting documents directly and indirectly supporting the bookkeeping (including ledger accounts, analytical and detailed records) for at least 8 years.
In accordance with the applicable law, if the personal data was recorded with the User’s consent, the Data Controller uses the recorded data for the purpose of fulfilling the relevant legal obligation (this could be, for example, the fulfillment of a contract or data processing necessary to fulfill a legal obligation of the Data Controller) or the Data for the purpose of asserting the legitimate interests of the controller or a third party – if the assertion of this interest is proportional to the limitation of the right to protect personal data – without further separate User consent, and also after the User’s consent has been revoked.
DATA SECURITY
In accordance with its obligations under § 7 of the relevant law, the Data Controller will do everything possible to ensure the security of Users data, and will also take the necessary technical and organizational measures and develop the procedural rules and other steps that are necessary to enforce confidentiality rules. The Services that have the so-called cloud applications and can also be part of it. Cloud applications are typically international or cross-border in nature, and e.g. they serve the purposes of data storage, when the data storage is not the User’s computer/company computer center, but a server center that can be located anywhere in the world. The main advantage of cloud applications is that they provide highly secure, flexibly expandable IT storage and processing capacity that is essentially independent of geographic location. The Data Controller takes great care when selecting its cloud service providers, makes every effort to enter into contracts with them while keeping the security of User data in mind, ensures that their data management policies are open and transparent, and periodically verifies data security.
Links
It is possible that the Website of the Data Controller contains references and links to pages maintained by other service providers (including buttons and logos pointing to the possibility of logging in and sharing), where the Data Controller has no influence on the practices related to the management of personal data. Data Controller draw the attention to the Users that if they click on such links, they may be taken to the pages of other service providers. In such cases, Data Controller recommend that Users definitely read the data management rules applicable to the use of these pages. This Data Protection and Data Management Policy applies only to the Website operated by the Data Controller. If the User changes or deletes any of his data on an external website, it will not affect the data management by the Data Controller, such changes must also be made on the Website.
DATA TRANSMISSION/DATA CONNECTION
Only in accordance with these Data Management Regulations, and in order to fulfill the legal obligations of the Data Controller, on the basis of requests from authorized authorities, may the User’s personal data be transferred to third parties. In certain scenario, the User’s consent may be obtained in advance, and the various data processes may only be linked, subject to the conditions of data management being met for each individual personal data.
All personal data at the Data Controller’s disposal that Data Controller is legally obligated to provide to the appropriate authorities must be sent, both freely and obligatorily. Such a transfer of data and the outcomes it produces are not the responsibility of the Data Controller. Prior to granting formal requests for data, the Data Controller verifies that each request for data has a legitimate legal basis and data transmission obligation.
If the Data Controller hands over the operation or utilization of the content service on the site operated by him to a third party in whole or in part, he may transfer the data managed by him to this third party for further processing in its entirety without requesting separate consent. This transfer of data may only serve to ensure the continuity of the registration of already registered users, however, it may not put the user in a more disadvantageous position than the data management and data security rules specified in the current text of these data management regulations.
By accepting these Data Protection and Data Management Regulations, the User declares that he accepts that the Data Controller may hand over the data managed by the Data Controller to persons and companies selected by him operating in the following areas:
- data processing,
- invoicing,
- booking,
- claims management,
- delivery,
- marketing,
- as well as bodies authorized to handle legal disputes by law.
The Data Controller declares that it only transfers the data necessary for the given work process.
The User can choose the method of delivery of the product(s) purchased in the web store operated by the Data Controller, and consents to the Data Controller handing over his name and delivery address to the company according to the chosen method of delivery. Based on this consent, the user accepts the conditions of the chosen supplier’s own General Agreement.
The User agrees that if he does not fulfill his obligations according to the General Terms and Conditions, the Data Controller will hand over his invoicing data to EOS KSI Magyarország Kft. (EOS KSI Magyarország Inkasszó Kft. Váci út 30, 1132 Budapest, company registration number: 01-09-568714).
The Company maintains a Data Transfer Register for the purpose of checking the legality of the Data Transfer and for informing the data subject, which contains the date of transfer of the Personal Data it manages, the legal basis and recipient of the data transfer, the definition of the scope of the Personal Data transferred, and other data defined in the legislation requiring data management.
The recipients of personal data according to the above provide services to the Data Controller and primarily operate locally in Hungary or the European Economic Area. These persons handle the data according to the instructions of the Data Controller and may not use the data for purposes other than this, and they are subject to confidentiality and data protection obligations.
The Data Controller can connect the User database and the impersonation subsystem of the Services. This is necessary in order to enhance the personalized User experience. Please also read the “Data Security” and “Placement of Anonymous User ID (cookie)” sections regarding data transmission.
Our company uses the following data processors for its data management:
Data processor:
- Company name: OTP Mobil Kft.
- Headquarters: 1143 Budapest, Hungária körút 17-19.
Our company can narrow down and expand the range of Data Processors by informing the Data Subjects about the identity of the current Data Processors by making appropriate changes to this Privacy Notice and by registering the Data Processors in the Data Protection Register.
The Data Subjects give their consent to the transfer of the Data to the respective data processors by providing the data.
The User acknowledges that the following personal data stored by Data Collector in the user database of www.imperialroses.hu will be transferred to OTP Mobil Kft. as a data processor. The range of data transmitted by the data controller is as follows: name, email, phone, billing address, delivery name, delivery address, delivery phone number. The nature and purpose of the data processing activity carried out by the data processor can be found in the SimplePay Data Management information sheet at the following link: http://simplepay.hu/vasarlo-aff.
ANONYMOUS USER IDENTIFICATION (COOKIE) PLACEMENT
Placing own cookies
The anonymous User ID (cookie) is a unique string of characters suitable for identification and for storing profile information, which the service providers place on the User’s computer. This sequence of signals alone cannot identify the User, it is only suitable for recognizing the User’s computer. This is necessary so that the companies can provide users with customized service, individually identifying the habits and needs of their customers, i.e. they can learn more about the customers’ information usage habits, so that they can further improve the quality of their services, as well as offer their customers customization options. Therefore, we use anonymous identifiers to collect and track data on User activities such as relevance, recommendations, searches, openings, most important and most frequently used functions. We use Flash cookies to, for example, tell us whether the User has ever visited our website or to help identify the functions/services that the User may be most interested in. Search and Flash cookies enhance the online experience by retaining the User’s preferred information while on a particular page. Neither the search engine nor the Flash cookies can identify the User personally. If the User does not want such an identification mark to be placed on his computer, there is a way to set his browser so that it does not allow the placement of the unique identification mark, but in this case, it is possible that the Services will not be accessed by the User.
Placement of third-party cookies
The Website uses the web analytics service Google Analytics (hereinafter: Google Analytics) provided by Google, Inc. (head office: 1600 Amphitheater Parkway Mountain View CA 94043) (hereinafter: Google). Google Analytics also uses “cookies”, text files placed on your computer, which are intended to help analyze the use of the Website. The Data Controller informs the User and by accepting the Agreement, the User expressly consents to the information generated by the cookies and related to the use of the Website (including Users IP address) being transmitted to Google’s servers in the United States of America and stored there. By using the Website, the User consents to the transfer of its data in the manner and for the purposes specified above.
Google uses this information to evaluate and analyze the use of the Website by the User, to compile reports on the activities performed on the Website, and to provide other services related to the activities performed on the Website and Internet use. Google is responsible for the legality of the data transfer and processing defined above and for the damages and claims related to them. If you have any questions or requests regarding the above, you can contact Data Controller at the e-mail address specified in point 1 of this Data Protection and Data Management Policy.
The Data Controller may also use tracking IDs in its newsletters sent to Users or other services for the purpose of monitoring user habits for the purpose of service development.
RIGHTS OF USERS, POSSIBILITIES OF RIGHTS ENFORCEMENT
The User can request information about data management, as well as request that their personal data be corrected, blocked, or, in the case of incorrect data, deleted. In connection with the management of personal data, the data subjects may exercise their rights by means of a notification sent to the e-mail addresses provided during registration. The User shall send his request for information or deletion by e-mail to the e-mail address in point 1 of this Data Protection and Data Management Policy.
Information
The User may request information on the management of his personal data based on point a) of § 14 of the relevant law. Upon request, the Data Controller provides the User with information about the data it manages, the purpose, legal basis, duration of the data processing, the name, address (headquarters) of the data processor and its activities related to the data management, if the User’s data is provided in accordance with the last point of point 7 of this Data Protection and Data Management Policy and about the activities related to data management, as well as about who and for what purpose the data is or has been received. The information also covers the User’s rights and legal remedies related to data management. Please send the request for information about data management by e-mail to the e-mail address found in point 1 of this Data Protection and Data Management Policy, to which the person concerned will receive a response within thirty (30) working days. This information is free of charge if the information requester has not yet submitted an information request for the same area to the Data Controller in the given year. In other cases, the Data Controller may make the fulfillment of the information request subject to reimbursement. Information can be provided within the data management period specified in point 10.
Deletion
The Data Controller deletes personal data if requested by the User. If personal data must be preserved for any other reason in a legal dispute that has arisen in advance or in view of a statutory or statutory supervision requirement or in view of the performance of the Contract concluded with the User and still in force, or if the data also contains personal data other than the User’s inseparably and indelibly (e.g. image recording ), the deletion requested out of sequence does not necessarily mean that the recording is completely unavailable, however, from now on, the recording can only be used for the purpose excluding the deletion. The deletion is carried out by the Data Controller free of charge. The User shall notify the Data Controller of their request for deletion of their personal data by e-mail at the e-mail address found in point 1 of this Data Protection and Data Management Policy. Based on the User’s voluntary decision and request, the Data Manager will delete the data within thirty (30) days from the receipt of the deletion request. By withdrawing consent to the processing of personal data, or by requesting the deletion of data, the User also waives the right to participate in all activities related to Registration. Cancellation is always free of charge. The Data Controller shall notify the data subject of the correction and deletion, unless the failure to notify does not harm the legitimate interests of the data subject.
Locking
Instead of deletion, the Data Controller locks the personal data if the User requests this, or if, based on the available information, it can be assumed that the deletion would harm the User’s legitimate interests. The personal data locked in this way is processed by the Data Controller only as long as the data management purpose that precluded the deletion of the personal data exists.
Designation
The Data Controller shall indicate the personal data it manages if the User disputes its correctness or accuracy, but the incorrectness or inaccuracy of the disputed personal data cannot be clearly established. If the Data Controller does not comply with the User’s request for rectification, blocking or deletion, within thirty (30) days of receiving the request, it shall notify the reasons for the rejection of the request for rectification, blocking or deletion in writing, and shall inform the User about the possibility of the judicial remedy and the data management authority.
RIGHT TO OBJECT AND REMEDY RIGHTS
Right to protest
The User or anyone whose personal data has been transferred to the Data Controller may object to the processing of their personal data if
- the processing (transmission) of personal data is necessary only to enforce the rights or legitimate interests of the Data Controller or the data recipient (unless the data processing is permitted or ordered by law);
- exercising the right to protest is otherwise permitted by law.
The Data Controller – with the simultaneous suspension of data management – examines the objection within fifteen (15) days from the date of submission of the request and informs the applicant of the result in writing. If the objection is justified, the Data Controller will terminate the data management and block the data. The Data Controller is obliged to notify about the protest, as well as the measures taken based on it, all those to whom it has previously forwarded the personal data affected by the protest, and who are obliged to take measures to enforce the right to protest. If the User does not agree with the decision made by the Data Controller based on the protest, or if the Data Controller misses the deadline for the decision, he may appeal to the court within thirty (30) days from the notification of the decision or on the last day of the deadline.
Legal enforcement
Legal enforcement by the User is possible based on the relevant law and the Civil Code (hereinafter: Civil Code). In the event of a violation of User rights, the User may apply to the court or to the data protection authority specified in point 2 of these Data Protection and Data Management Regulations. By filing a report with the data protection authority, anyone can initiate an investigation with reference to the fact that a violation of rights has occurred or there is a direct threat of such in relation to the handling of personal data.
The court at the seat of the Data Controller has jurisdiction over the lawsuit. At the choice of the person concerned, the lawsuit can also be initiated before the court of the place of residence (place of stay) of the person concerned. The method of legal enforcement, as well as the detailed legal provisions regarding the obligations of the Data Controller, can be found in the relevant law and the Civil Code.
The data provided by persons with limited capacity to use the Website can be viewed by their legal representative after a written request to the Data Controller, and they can exercise the rights of the Users related to data management, provided that they have proven their legal representative status to the Data Controller in a credible manner. The rights of incapacitated Users regarding data management are exercised by their legal representative.
ADDITIONAL GUARANTEES PROTECTING THE DATA SUBJECT
Every User has the right to find out about the automated file of personal data, its main purposes, as well as the person managing the data file and his usual place of residence or headquarters; to be informed at reasonable intervals and without excessive delay or cost whether your personal data is stored in an automated data file, and to be informed about this data in a form that User can understand.
PERSON DESIGNATED BY THE DATA PROCESSOR, RESPONSIBLE FOR DATA PROTECTION
The designated person responsible for data protection at the Data Controller aids the User in making decisions related to data management, as well as in ensuring the rights of the data subjects via the e-mail address found in point 1 of these Data Protection and Data Management Regulations.
OTHER
The User acknowledges and consents to the fact that all members of the business group of which the Data Controller is a member directly or indirectly through at least a 50% ownership stake, or the purchaser of all or a significant part of the Data Controller’s assets, the rights provided in this Data Protection and Data Management Policy and obligations is considered the beneficiary/concessionaire of the Data Controller. Such enterprises are entitled to directly enforce all provisions of this Data Protection and Data Management Policy, to refer to those that contain some advantage or entitlement for them. The User is not entitled to transfer or assign the rights and obligations contained in this Data Protection and Data Management Policy to a third party.