suitable for the purpose. Personal data may only be processed to the extent and for the time necessary to achieve the purpose.
Personal data retains this quality during data processing as long as the connection with the data subject can be re-established. The connection with the data subject can be re-established if the data controller has the technical conditions necessary for the recovery.
Name of the data controller: Medve Barbara (here in after: Data controller) Address of the data controller: 5500, Gyomaendrőd, Erkel u.6., Hungary
Contacts of the data controller: firstname.lastname@example.org website: www.barbaramedve.com
Legal basis for data processing: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL Article 6. The consent of the data subject pursuant to Article 6 (1) (a) and the legitimate interest of the Data Controller pursuant to Article 6 (1).
A During the voluntary provision of data, the User may provide the following data (on a voluntary basis, but it is essential to use the service) to use the subscription form on the website http://barbaramedve.com or on a subpage / landing page (target page):
The IP address used by the Users during registration is always stored for the purpose of identifying the subscriber in the event of an incident or other problem.
Consent to data management: During registration, the Users expressly consent to the processing of their personal data by the Data Controller in the manner described in this prospectus.
Method of data management: automated data processing
Barbara Medve (5500, Gyomaendrőd, Erkel utca 6., tax number:)
The provided data shall be processed by the Data Controller for an indefinite period of time or until the withdrawal of the data subject’s consent.
No data will be transferred in connection with the purpose of the Data Management.
The data subject may apply to the Data Controller
(a) information on the processing of your personal data;
(b) the rectification of your personal data; and
(c) the erasure or blocking of your personal data, with the exception of mandatory data processing. At the request of the data subject, the Data Controller shall provide information on the data processed by the data subject or processed by the data processor entrusted by him or her or at his or her disposal, their source, the purpose and legal basis of the data processing,
the duration, name and address of the controller, the activities related to the processing, the circumstances, effects and measures taken to remedy the data protection incident, and, in the case of transfers of personal data of the data subject, the legal basis and the recipient of the transfer.
If the Data Controller has an internal data protection officer, the Data Controller shall keep a register containing the scope of the personal data concerned, the scope and number of data subjects of the data protection incident and the date of the data protection incident in order to check the measures related to the data protection incident and inform the data subject about its circumstances, effects and the measures taken to eliminate it, as well as other data specified in the legislation prescribing data processing. The Data Controller is obliged to provide the information in writing in a comprehensible form at the request of the data subject as soon as possible, but not later than within 25 days from the submission of the request.
The information is free of charge if the person requesting the information has not yet submitted a request for information to the Data Controller for the same data set in the current year. In other cases, the Data Controller may set a fee.
The Data Controller deletes personal data if
The rectification, blocking, marking and erasure shall be notified to the data subject and to all persons to whom the data have previously been transmitted for data processing purposes. The notification may be omitted if it does not harm the legitimate interests of the data subject with regard to the purpose of the processing.
If the Data Controller does not comply with the data subject’s request for rectification, blocking or deletion, he shall, within 30 days of receipt of the request, communicate in writing or with the consent of the data subject the electronic and factual reasons for rejecting the request for rectification, blocking or deletion. If the request for rectification, erasure or blocking is rejected, the Data Controller shall inform the data subject of the possibility of legal redress and recourse to the Authority.
(a) if the processing or transfer of personal data is necessary solely for the performance of a legal obligation to the Data Controller or to enforce a legitimate interest of the Data Controller, the data recipient or a third party, except in the case of mandatory data processing;
(b) where the use or transfer of personal data is for the direct acquisition of business, public opinion polling or
for the purpose of scientific research; and
(c) in other cases specified by law.
The Data Controller shall examine the protest within the shortest time from the submission of the application, but not later than within 15 days, make a decision on the merits of the application and inform the applicant of its decision in writing.
If the Data Controller establishes the validity of the data subject’s protest, the data processing, including further data collection and data transfer, shall be terminated and the data shall be blocked, and the data subject shall be notified of the protest and the action taken on it and who are obliged to take action to enforce the right to protest.
If the data subject does not agree with the decision made by the Data Controller, or if the Data Controller fails to comply with the above deadline, the data subject may apply to a court within 30 days from the notification of the decision or the last day of the deadline.
If the data subject objects to the processing of his / her personal data or seeks legal redress, and if a request for data is received from a third party without the data subject’s consent, the data may be disclosed to legal representatives appointed by the Data Controller to the extent necessary to assess the lawfulness of the above.
Dear Users, if they feel that the Data Controller has violated their rights to the protection of personal data, they should contact us so that we can investigate the case as soon as possible and remedy the possible violation.
We also inform the Users that in the event of a violation of their rights, the data subject may take legal action against the Data Controller. The court is acting out of turn in the case. The court has jurisdiction to hear the case. The lawsuit may also be brought before a court of the controller’s domicile or, at the option of the data subject, the domicile or residence of the data subject. A party who does not otherwise have legal capacity to sue may also be a party to a lawsuit.
If the Data Controller causes damage to another person by unlawfully processing the data subject’s data or violating the data security requirements, he / she shall compensate it. If the Data Controller violates the data subject’s right to privacy by illegally handling the data subject’s data or violating the data security requirements, the Data Controller may claim damages from the Data Controller. The Data Controller shall be released from the liability for the damage caused and the obligation to pay the damages if it proves that the damage or the violation of the personal rights of the data subject was caused by an unavoidable cause outside the scope of data processing. No damages shall be payable and no damages shall be payable in so far as the damage was caused by the intentional or grossly negligent conduct of the injured party or the breach of the right to privacy.
The person concerned may lodge a complaint or it may also request information from the Authority: Name: Nemzeti Adatvédelmi és Információs Hatóság
Address: 1125 Budapest Szilágyi Erzsébet fasor 22/c., Hungary Postal address: 1530 Budapest, Pf.: 5.
Phone: +36 1 391 1400
Fax: +36 1 391 1410
DETAILED DATA MANAGEMENT PROVISIONS
The Data Controller will send a letter containing an advertisement to the e-mail address provided during registration only if the User has given his / her prior express consent. The statement of consent may be revoked at any time without restriction or justification by means of a link at the bottom of the e-mail containing the advertisement.