X-Rock Kft. (headquarters: 2039 Pusztazámor, Öveges József Street 13, hereinafter referred to as the “Data Controller“) informs the data subjects in this Notice about its data processing related to its activities – including those related to the https://x-rockuzletihirszerzes.hu/ website (“Website“).
The Data Controller always processes the personal data that comes to its knowledge in accordance with the Regulation of the European Parliament and the Council (EU) 2016/679 (GDPR), Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Infotv.), Act V of 2013 on the Civil Code (Ptk.), Act XLVIII of 2008 on the Basic Conditions and Certain Limitations of Economic Advertising Activity, Act CVIII of 2001 on Certain Issues of Electronic Commerce Services and Information Society Services, and the provisions of this Notice, only to the extent necessary to achieve the purpose of data processing.
The Data Controller reserves the right to change the provisions of this Notice. The Data Controller will notify the data subjects of the changes by a brief notice on the Website or, depending on the nature of the change, directly. If the data subject continues to use the Data Controller’s services after the notification, it is considered as acceptance of the modified provisions of the Notice.
This Notice does not cover the data processing of websites to which a reference on the Website leads, and the data processing of persons to whom the Data Controller forwards personal data.
Accordingly, the following terms have the following meanings:
Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data retains this status during data processing as long as the natural person can be identified based on the given information.
Data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Your Consent
By filling out our registration form on our website, you consent to the processing of your personal data. You can withdraw your consent to the processing of your submitted data at any time by email, and you can also request their deletion at the following email address: office@x-rockuzletihirszerzes.hu
- Data of the Data Controller
Name: X-Rock Ltd. Headquarters: 1073 Budapest, Erzsébet Boulevard 40-42. 1st floor 4. Contact: door@x-rockuzletihirszerzes.hu Tax number: 29318227-2-42 Represented by: Zalán Doór (Managing Director)
- Storage of personal data managed by the Data Controller
The Data Controller stores the personal data it manages on the servers of the following storage service provider. Name of the storage service provider: Tárhely.Eu Szolgáltató Kft. Address: 1144 Budapest, Ormánság Street 4. x.floor 241. Tax number: 14571332-2-42 e-mail: gdpr@tarhely.eu
- The scope of personal data managed by the Data Controller, the purpose, legal basis of the processing, and the duration of storage
The Data Controller processes the personal data provided with the consent of the data subjects for the following purpose:
• The Data Controller keeps records of the data of those using the services provided by the Data Controller for the purpose of maintaining contact.
The legal basis for data processing: the consent of the data subjects (Article 6 (1) (a) of the GDPR).
The data subject may object to the processing of their personal data. In this case, the Data Controller may not further process their personal data, except if it proves that the processing is justified by compelling legitimate reasons that override the interests, rights, and freedoms of the data subject, or which relate to the establishment, exercise, or defense of legal claims.
The duration of data processing: until the withdrawal of consent, or in the absence of this, for 5 years following the termination of cooperation. In the former case, the personal data will be deleted within 30 days of the Data Controller receiving the withdrawal of consent. Even in the case of withdrawal of consent, the Data Controller is entitled to process the personal data of the data subject if it has another legal basis for the data processing (e.g., the data processing is necessary for compliance with a legal obligation or for the pursuit of its legitimate interest).
4.
Cookies, Web Identifiers, Newsletter
(a) When viewing the Website, the IP address of the user’s computer, the start and end time of the visit, and in some cases – depending on the settings of the user’s computer – the type of browser and operating system are automatically recorded. (b) The Data Controller and certain service partners may use internet cookies (cookie), web identifiers (web beacon), and other technologies for data collection during the visit to the Website. This information enables the Data Controller to personalize the user’s internet experience, improve the performance of the website, and measure the effectiveness of its marketing campaigns.
(c) We use the Google Analytics system to collect visitor data related to the Website. These data are not personal, they cannot be individually identified. In order for the User to have control over the collected data, the system offers the possibility to unsubscribe from data collection:
This service provider’s data processing is not covered by this Notice, the provider handles personal data in accordance with its own privacy notice. The duration of data processing: for the duration necessary for the proper operation of the Website.
(d) We do not operate a newsletter sending system.
- Rights of the data subjects
• Right to information: The Data Controller takes appropriate measures to provide the data subjects with the information relating to the processing of personal data under Articles 13 and 14 of the GDPR, and to provide the information under Articles 15-22 and 34 of the GDPR to the data subjects. Data subjects may request information about the processing of their personal data by the Data Controller by sending a letter to the contact details indicated in point 1 of the Data Controller.
• Right of access: The data subject has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed; the envisaged period for which the personal data will be stored; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making.
Upon the request of the data subject, the Data Controller provides a copy of the personal data undergoing processing to the data subject; for the first time free of charge, then for a reasonable fee.
• Right to rectification: The data subject has the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed. If the data subject cannot perform these operations independently, he or she may send his or her request to the contact details of the Data Controller specified in point 1.
• Right to erasure: The Data Controller shall erase the personal data concerning the data subject within 30 days of receipt of the request if the data subject requests it on the grounds specified in Article 17 (1) of the GDPR (e.g., the purpose of data processing has ceased; the data subject has withdrawn his or her consent and there is no other legal basis for the data processing; the data processing is unlawful; the data subject objects to the data processing and there are no overriding legitimate grounds for the data processing; the personal data must be erased for compliance with a legal obligation). The Data Controller is entitled to refuse the erasure on the grounds set out in Article 17 (3) of the GDPR (e.g., the data processing is necessary for exercising the right of freedom of expression and information or for the performance of a legal obligation or for the establishment, exercise or defense of legal claims).
•Right to restriction of processing: If the data subject disputes the accuracy of the personal data concerning him or her, he or she may request the Data Controller to restrict the processing of his or her personal data for the duration of the verification of their accuracy.
The data subject may also request the restriction of processing if the processing is unlawful, but the data subject opposes the erasure of the personal data, or if the Data Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment of legal claims. The data subject is also entitled to request the restriction of processing if he or she has objected to processing; in this case, the restriction applies for the period during which it is established whether the legitimate grounds of the Data Controller override those of the data subject. During the period of restriction, personal data may only be processed in exceptional cases, other than storage.
• Right to object: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller, or for the purposes of the legitimate interests pursued by the Data Controller or by a third party, the data subject shall have the right to object to the processing of personal data concerning him or her. In this case, the Data Controller may not further process the personal data, unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
• Enforcement of rights: Data subjects may address their complaints and objections directly to the Data Controller by sending a letter to the contact details indicated in point 1, who will do everything possible to eliminate and remedy any possible infringements. In case of violation of his or her rights, the data subject may turn to the competent court or lodge a complaint with the National Authority for Data Protection and Freedom of Information (Budapest, Falk Miksa u. 9-11, 1055).
- Method of data processing, data transfer, data security
• The Data Controller does not disclose and does not transfer the data of the data subjects to third parties without the prior written consent of the data subject, except if it is obliged to do so by a court or authority decision or by legal regulation, or if the Data Controller transfers the performance of the given activity in part or in whole to a third party.
• The Data Controller shall not be liable for any false, incorrect or misspelled data provided by the data subject, neither towards the data subject nor towards any other third party, except if the Data Controller is obliged to check the given personal data by law.
If any third party raises a claim against the Data Controller in connection with the falseness of the provided personal data, the data subject shall be obliged to stand in place of the Data Controller for the satisfaction of the claim. By providing his or her contact details, the data subject also assumes responsibility for communicating or using any service exclusively from the provided e-mail address or telephone number.
• The Data Controller does not provide information society services directly to children. The consent to the processing of personal data of a child below the age of 16 years shall be lawful only if and to the extent that such consent is given or authorized by the holder of parental responsibility over the child. The person giving consent guarantees that the consent complies with this condition of legality. If the Data Controller becomes aware that the consent to data processing is unlawful under the above provisions, it shall immediately take action to delete the personal data, unless it has another legal basis for processing.
• If the Data Controller is entitled to do so by law, the Data Controller may make a decision concerning the data subject based on the automated processing of personal data.
• For the purpose of measuring and analyzing thetraffic and visitation of the Website, Google Analytics (Google Inc.) collects personal data from users of the Website. For this purpose, it may record the IP addresses, visit data, and search history of users.
• The Data Controller takes all such security, technical, and organizational measures that are appropriate considering the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances, and purposes of data processing, and the risk to the rights and freedoms of natural persons, to ensure the security of the data, to provide an appropriate level of protection for them, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, and accidental destruction, damage, and possible inaccessibility.
The above-mentioned website operated and maintained by us is owned by X-Rock Kft. and is protected under the Act LXXVI of 1999 on Copyright. Thus, all content found on the website (text, images, layout, design) is also protected.
Budapest, November 16, 2021.