Data management

Definitions of terms

GDPR

The GDPR (General Data Protection Regulation) is the European Union's new Data Protection Regulation.

Data management

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Processor

A natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

Personal data

Any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data Controller

A natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law.

Consent of the data subject

A freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she signifies, by a statement or by an act unambiguously expressing his or her consent, that he or she signifies his or her agreement to the processing of personal data relating to him or her.

Data protection incident

A breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Addressee

A natural or legal person, public authority, agency or any other body, whether a third party or not, with whom or to which personal data are disclosed. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing.

Third party

A natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Introduction

In the course of operating the website, the service provider / data controller processes the data of persons who use the website and send direct messages from it, in order to provide them with an appropriate service and to answer any questions they may have.
The service provider intends to fully comply with the legal requirements for the processing of personal data, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council.
This Privacy Notice has been prepared pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of personal data of natural persons and on the free movement of such data, taking into account the content of Act CXII of 2011 on the right to information self-determination and freedom of information.

Name of the service provider, data controller:

Company name:	DEBRECENI MECHANIKAI MŰVEK Korlátolt Felelősségű Társaság
Registered office:	H-4030 Debrecen, Híd utca 4-6.
Tax number:	12113006-2-09
Website address:	www.dmm.hu

Contact details of the data controller:

Company name:	DEBRECENI MECHANIKAI MŰVEK Korlátolt Felelősségű Társaság
Registered office:	H-4030 Debrecen, Híd utca 4-6.
Postal address:	H-4030 Debrecen, Híd utca 4-6.
E-mail:
Phone:	+36 52 526 460

Principles of data management

The data controller declares that it will process personal data in accordance with the provisions of the Privacy Notice and will comply with the applicable laws, in particular with regard to:
The processing of personal data shall be lawful, fair and transparent for the data subject.
The collection of personal data must be carried out for specified, explicit and legitimate purposes.
The purposes for which personal data are processed must be adequate, relevant and limited to what is necessary.
Personal data must be accurate and kept up to date. Inaccurate personal data must be deleted without delay.
Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for longer periods only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.
Personal data shall be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by appropriate technical or organisational measures.

The principles of data protection shall apply to any information relating to an identified or identifiable natural person.

Important data processing information

The purpose of data processing is to enable the provider / data controller to provide an adequate additional service to the persons using the website in the course of its operation.

The legal basis for the processing is the consent of the data subject.

The data subjects concerned by the processing are the website's messaging users (Contact).

Duration of processing and deletion of data. The duration of the processing will always depend on the specific purpose of the user, but the data will be deleted immediately once the original purpose has been achieved. The data subject may withdraw his/her consent to the processing at any time by sending an e-mail to the contact e-mail address. If there is no legal obstacle to the deletion, your data will be deleted.

The data controller and its employees are entitled to access the data.

The data subject may request the controller to rectify, erase or restrict the processing of personal data concerning him or her and may object to the processing of such personal data.

The data subject may at any time withdraw his or her consent to the processing, but this shall not affect the lawfulness of the processing carried out on the basis of the consent prior to its withdrawal.

The data subject may exercise the right to lodge a complaint with the supervisory authority.

If the data subject wishes to benefit from the advantages of direct messaging (Contact), i.e. to use the services of the website, he or she must provide the requested personal data. The data subject is not obliged to provide personal data and will not suffer any disadvantage if he/she does not provide such data.

The data subject shall have the right to obtain from the controller, at his or her request and without undue delay, the rectification or integration of inaccurate personal data relating to him or her.

The data subject shall have the right to obtain from the controller, at his or her request and without undue delay, the erasure of inaccurate personal data relating to him or her and the controller shall be obliged to erase personal data relating to him or her without undue delay, unless there is another legal basis for the processing.

The amendment or deletion of personal data may be initiated by e-mail, telephone or letter using the contact details provided above.

Direct messaging from the website (Contact)

The purpose of the processing is to provide additional services and to contact you.

The legal basis for processing is your (the user's) consent.

The data subjects are the website messaging users (Contact).

Duration of processing. The processing is carried out until the consent is withdrawn.
You can withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address.

The data will be deleted when consent to processing is withdrawn. You may withdraw your consent to the processing at any time by sending an e-mail to the contact e-mail address.

The controller and its employees are entitled to access the data.

Method of storage of data: electronic.

You may request the modification or deletion of your personal data by e-mail, telephone or letter to the contact details given above.

The provision of personal data is strictly necessary for identification and contact purposes:

Scope of data processed	The specific purposes for which the data are processed
Name (required):	Identification, contact.
E-mail address (required):	Identification, contact.
Phone number (optional):	Identification, contact.
Message (required):	Identification, contact.
Message sent time :	Technical information operation.
IP address :	Technical information operation.

The user can give his consent to the processing of his personal data by deliberately ticking the checkbox on the website (form).

You, as the data subject, may object to the processing of your personal data, in which respect you have the right to the procedure set out in the processing information detailed above and in this notice and the legislation described in this notice.

Data Processors:

Hosting Provider:	Robonet Kft.
Location:	H-1174 Budapest, Vörösmarty u. 30.
Phone:	+36 1 259 1180
E-mail:

Web operator:	DEBRECENI MECHANIKAI MŰVEK Kft.
Address:	H-4030 Debrecen, Híd utca 4-6.
Phone:	+36 52 526 460
E-mail:

The data you provide is stored on a server operated by the hosting provider.
Only our staff or the staff operating the server have access to the data, but they are all responsible for the secure handling of the data.
The name of the activity: hosting service, server service.
Purpose of data processing: to ensure the functioning of the website.
Data processed: personal data provided by the data subject.
Duration of processing and time limit for deletion of data. Data processing until the end of the operation of the website or in accordance with the contractual agreement between the website operator and the hosting service provider. If necessary, the data subject may request the deletion of his/her data by contacting the hosting provider.
The legal basis for processing is the consent of the data subject or processing based on law.

Rights in relation to data processing

Right to request information

You may request information from us, via the contact details provided, about which data our company processes, on what legal basis, for what purpose, from what source and for how long. Upon your request, we will send you information without delay, but within 30 days at the latest, to the e-mail address you have provided.

Right to rectification

You may ask us to correct any of your data using the contact details provided. Upon your request, we will do so without delay, but within 30 days at the latest, by sending you an e-mail to the e-mail address you have provided.

Right to erasure

You may request us to delete your data by contacting us using the contact details provided. At your request, we will do so without delay, but within 30 days at the latest, by sending you an e-mail to the e-mail address you have provided.

Right to blocking

You can ask us to block your data using the contact details provided. The blocking will last as long as the reason you have given us makes it necessary to store the data. Upon your request, we will do so without delay, but within a maximum of 30 days, by sending you an email to the email address you have provided.

Right to object

You may object to the processing of your personal data using the contact details provided. We will examine the objection within the shortest possible time from the date of the request, but no later than 15 days, decide whether it is justified and inform you of our decision by e-mail.

Enforcement possibilities in relation to data processing

If you experience unlawful processing, please notify us so that we can rectify the situation within a short period of time.We will do our best to resolve the problem in your interest.

If you consider that the law cannot be restored, please notify the authority using the contact details below:

National Authority for Data Protection and Freedom of Information

Postal address: H-1530 Budapest, Pf.: 5.

Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c

Phone: +36 1 391 1400

Fax: +36 1 391 1410

E-mail:

URL: https://naih.hu

Coordinates: N 47°30'56"; E 18°59'57"

Legislation on which the processing is based

REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation).

Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information.

Act LXVI of 1995 on public records, public archives and the protection of private archival material.

Government Decree No 335/2005 (XII. 29.) on the general requirements for the management of records by public bodies.

Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.

Act C of 2003 on Electronic Communications.

Debreceni Mechanikai Művek