Privacy Statement
The Kamex Group Kft., as Data Controller (represented by Gábor Kámán, registered office: 8900 Zalaegerszeg, Hock János utca 51.., company registration number: 20-09-068016, actual address of data processing: 8900 Zalaegerszeg, Hock János utca 51. e-mail: info@kamexgroup.hu, telephone number: +36 30 533 7739), its Internet contact details (and the websites of the relevant actual data processing):
www.kamex.raumplus.hu
attaches the utmost importance to respecting and enforcing the data processing rights of its customers and all other natural persons concerned (hereinafter referred to as “data subjects”), and therefore informs data subjects on the basis of this notice to ensure that in all areas of its services, all natural persons concerned are guaranteed that their rights and fundamental freedoms, in particular their right to privacy, are respected when processing personal data.
This notice is intended to provide data subjects with concise information on the specific processing activities and rules of the controller.
Principles
The Data Controller and all its subcontractors and agents are committed to implementing in their data processing operations the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union (hereinafter referred to as the Regulation or GDPR), Act CXII of 2011 on the Right to Information Self-Determination and Freedom of Information and other legislation, as well as the National Authority for Data Protection and Freedom of Information’s enforcement practice and recommendations issued in this area, whereby:
Ensuring that the Policy is available and may be consulted at the registered office of the Ltd. during opening hours or at an agreed time, and publishing this Policy on the website www.kamex.raumplus.hu operated by the Ltd. The LLC shall make the whole or parts of the policy available to data subjects electronically upon their express request.
It shall treat the personal data of the data subjects confidentially and in accordance with the legal provisions in force, shall take technical and organisational measures to ensure their protection, and shall take all reasonable measures to prevent unauthorised access to, alteration or disclosure of the personal data it processes.
transmit personal data to a third party only exceptionally and only in cases where the data subject explicitly consents or is permitted by law, and only if the conditions for processing are met for each individual personal data subject.
The controller shall keep a record of data transfers to a controller or processor within the European Union, with the data content specified in the Regulation.
The controller shall notify a personal data breach to the National Authority for Data Protection and Freedom of Information without undue delay and, where possible, no later than 72 hours after the personal data breach has come to its attention, unless the personal data breach is unlikely to pose a risk to the rights and freedoms of natural persons. In order to monitor the individual measures taken in relation to a data breach, it shall keep a register with the content set out in this Regulation.
Data subjects and their rights
Each data subject who provides the Data Controller with personal data as described in this Notice shall, at the time of providing the data, assume responsibility for ensuring that the Data Controller has access only to his or her own personal data, which the data subject shall be entitled to access. In the event that the data subject acts otherwise than as set out above, any liability in this respect shall rest solely with the data subject.
The data subject may request the controller to access, rectify, erase or, in certain cases, restrict the processing of personal data relating to him or her and object to the processing of personal data. The data subject shall also have the right to data portability and the right to lodge a complaint with a supervisory authority, the right to a judicial remedy and, in the case of automated decision-making in individual cases, the right to choose the scope of the decision and to request human intervention. In addition, where processing is based on consent, the data subject shall have the right to withdraw consent at any time, without prejudice to the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
A) Right of access
The data subject shall have the right to obtain at any time information on whether and how his or her personal data are processed by the Controller, including the purposes of the processing, the recipients to whom the data have been disclosed or the source from which the data were obtained by the Controller, the retention period, any rights concerning the processing, as well as information on automated decision-making, profiling and, in the case of transfers to third countries or international organisations, the safeguards relating thereto. When exercising the right of access, the data subject shall also have the right to request a copy of the data and, in the event of a request made by electronic means, the Controller shall provide the requested information electronically, unless otherwise requested. Where the data subject’s right of access adversely affects the rights and freedoms of others, in particular the trade secrets or intellectual property of others, the Controller shall be entitled to refuse to comply with the data subject’s request to the extent necessary and proportionate.
B) Right to rectification
The Controller shall rectify or supplement personal data relating to the data subject at the data subject’s request. Where there is doubt about the corrected data, the controller may require the data subject to provide the controller with evidence of the accuracy of the data. Where the controller has communicated personal data concerned by this right to another person, it shall inform such persons without undue delay after rectification of the data, provided that this is not impossible or involves a disproportionate effort on the part of the controller.
C) Right to erasure
Where the data subject requests the erasure of some or all of his or her personal data, the controller shall erase them without undue delay where:
the Controller no longer needs the personal data for the purposes for which they were collected or otherwise processed;
it concerns processing which was based on the data subject’s consent, but the consent has been withdrawn by the data subject and there is no other legal basis for the processing;
processing based on the legitimate interests of the controller or of a third party, but where the data subject has objected to the processing and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed by the controller or their erasure is necessary for compliance with a legal obligation.
Where the personal data concerned by this right have been disclosed by the controller to another person, the controller shall inform those persons without undue delay after erasure, provided that this is not impossible or involves a disproportionate effort on the part of the controller. At the request of the data subject, the controller shall inform the data subject of those recipients. The controller is not always obliged to erase personal data, in particular where the processing is necessary for the establishment, exercise or defence of legal claims.
D) Right to object
Where the legal basis for the processing of data relating to the data subject is the legitimate interest of the controller or of a third party, the data subject shall have the right to object to the processing. The controller shall not be obliged to uphold the objection if the controller proves that the processing is justified by compelling legitimate grounds which override the interests, rights and freedoms of the data subject or if the processing is related to the establishment, exercise or defence of legal claims by the controller.
E) Right to restriction of processing
You may request the restriction of the processing of your personal data in the following cases:
the data subject contests the accuracy of the personal data – in this case, the restriction applies for a period of time that allows the controller to verify the accuracy of the personal data;
the processing is unlawful, but the data subject opposes the erasure of the data and instead requests the restriction of their use;
the controller no longer needs the personal data for the purposes of the processing but the data subject requires them for the establishment, exercise or defence of legal claims.
The controller shall not process the personal data subject to the restriction, except for storage, or process them only to the extent to which the data subject has given his or her consent, or, in the absence of such consent, process the data necessary for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or of an important public interest of the Union or of a Member State of the European Union. Where the personal data have been disclosed by the Controller to another person, the Controller shall inform such persons without undue delay of the restriction of processing, provided that this is not impossible or involves a disproportionate effort on the part of the Controller. Upon request, the Controller shall inform the data subject of those recipients.
F) Right to complain, right to redress
Where the data subject considers that the processing of his or her personal data by the controller infringes the provisions of the data protection legislation in force, in particular the General Data Protection Regulation, he or she has the right to lodge a complaint with the competent data protection supervisory authority in the Member State where he or she has his or her habitual residence, place of work or place of the alleged infringement. Irrespective of his or her right to lodge a complaint, the data subject may also take legal action in the event of such a breach. The data subject also has the right to take legal action against a legally binding decision of the supervisory authority which is addressed to him or her. The data subject shall also have the right to a judicial remedy if the supervisory authority does not deal with the complaint or does not inform the data subject within three months of the procedural developments concerning the complaint lodged or of the outcome of the complaint.
The data subject may request the modification, erasure or blocking of data recorded or stored in the course of any processing activity, as well as detailed information on the processing, by sending a request to the following addresses, unless otherwise specified in the definition of the processing activity concerned:
postal address.
e-mail: info@kamexgroup.hu
As a general principle, the Data Controller has the burden of proving that the processing is in compliance with the law. If the Data Controller has failed to remedy, or has remedied inadequately or untimely, a breach of the rights concerning the personal data of the data subject, which the data subject has complained about, the data subject may in particular contact the National Authority for Data Protection and Freedom of Information by post. Contact details of the Authority:
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
www: http://www.naih.hu
e-mail: ugyfelszolgalat@naih.hu
The data subject may also take legal action in case of violation of his/her rights. The court will rule on the case out of turn. In the event that the controller infringes the data subject’s right to privacy by unlawfully processing his or her data or by breaching data security requirements, the data subject may claim damages from the controller.
Data security
The controller shall ensure the security of the processing of data. The Data Controller shall take appropriate measures to protect the data against unauthorised access, alteration, disclosure, transmission, disclosure, erasure, damage or loss. The Data Controller shall use state-of-the-art technology when implementing measures to ensure the security of the data. The Controller shall ensure the IT and service environment for the processing of personal data in the provision of the service in such a way that
linking personal data provided by the data subject only and exclusively to the data and in the manner specified in this Policy.
Access to the storage of the data shall be restricted to those of the controller’s employees who have an indispensable need to know in order to perform their duties.
Any modification of data shall be made with an indication of the date of modification and the data shall be backed up.
Data shall be transmitted under the provision of an appropriate IT system. The Data Controller shall ensure that:
access protection: measures to protect against unauthorised access, protection of software and hardware devices;
software protection: protection of data files against viruses and other malware, firewalls, regular backups and documentation thereof;
hardware protection: physical protection of data files and the data storage devices on which they are stored, ensuring a high level of data archiving (physical intrusion protection), physical protection against elementary damage (fire, lightning protection).
By visiting the website, the data subject gives his/her consent to the data controller to record the data and information described in this policy and to place the necessary cookies for such recording. This data will not be linked to other personal user data and will not be used to identify the data subject. Access to such data is limited to the controller. This data may be collected using various technologies, such as cookies, log files. This data is also used by the data controller to tailor the website experience to the user’s needs. The data controller may use the information obtained in this way to compile and analyse statistics on the use of its website, and to transmit to third parties or make public, in aggregate and anonymously, statistical data which are not suitable for such identification.
Cookies: cookies are short text files that are sent by the website to the user’s computer hard drive and contain information about the user.
Log files: the Internet browser automatically transmits certain other data to the website, such as the IP address of the user’s computer, the type of operating system or browser program used, the domain name, the sub-pages visited within the website, the content viewed on the website.
If the data subject does not want the controller to collect the information described above in connection with the use of the website, he or she may disable the use of cookies in the settings of the Internet browser, in whole or in part, or otherwise change the settings of the cookie messages. The website may contain information, in particular advertisements, from third parties, advertising service providers, who are not related to the controller. These third parties may also place cookies on the user’s computer or collect data using similar technologies in order to send targeted advertising messages in connection with their services. In such cases, the data processing will be governed by the data protection standards set by these third parties and the controller will not assume any responsibility for such processing.
The Controller shall use its best endeavours to ensure that the data are not accidentally damaged or destroyed. The controller shall also impose the above undertaking on its employees involved in the processing activities and on processors acting on behalf of the controller.
Data processing
The processing of personal data is essentially carried out by the Controller. Where the Controller transfers data to processors, the Controller shall be responsible for the activities of the processors. The Controller may transfer personal data where the legal basis for the processing is clear and the data are necessary for the processing. The Data Controller shall not transfer or disclose individual data or data files as a whole to third parties without the prior consent of the data subject, except for mandatory data transfers based on law, and shall take all security measures to ensure that the data cannot be disclosed to unauthorised persons.
Other provisions
The processing of all data relating to the data subject in the context of the data processing activities and services provided by the controller is based primarily on voluntary consent and its general purpose is to ensure the provision of the service and to maintain contact.
The above general rule is complemented by processing based on other legal grounds, such as processing required by law, which the controller informs the data subjects about when defining the specific processing.
For certain services, it is possible to provide additional data which help to fully understand the needs of the data subject, but these are not a condition for the use of the services provided by the controller. The provision by the data subject of the data to be provided in the course of certain processing activities is a condition for the use of the services provided by the controller.
Cookies
The webpage uses cookies:
Cookie | Description |
---|---|
_ga | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_ga_9NZSDVNNTB | This cookie is installed by Google Analytics. |
apbct_cookies_test | CleanTalk sets this cookie to prevent spam on comments and forms and act as a complete anti-spam solution and firewall for the site. |
apbct_headless | No description |
apbct_page_hits | CleanTalk sets this cookie to prevent spam on comments and forms and act as a complete anti-spam solution and firewall for the site. |
apbct_pixel_url | No description |
apbct_prev_referer | Functional cookie placed by CleanTalk Spam Protect to store referring IDs and prevent unauthorized spam from being sent from the website. |
apbct_site_landing_ts | CleanTalk sets this cookie to prevent spam on comments and forms and act as a complete anti-spam solution and firewall for the site. |
apbct_site_referer | This cookie is placed by CleanTalk Spam Protect to prevent spam and to store the referrer page address which led the user to the website. |
apbct_timestamp | CleanTalk sets this cookie to prevent spam on comments and forms and act as a complete anti-spam solution and firewall for the site. |
apbct_urls | This cookie is placed by CleanTalk Spam Protect to prevent spam and to store the addresses (urls) visited on the website. |
cookielawinfo-checkbox-advertisement | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
CookieLawInfoConsent | Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie. |
ct_checked_emails | No description |
ct_checkjs | CleanTalk–Used to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site. |
ct_fkp_timestamp | CleanTalk sets this cookie to prevent spam on the site's comments/forms, and to act as a complete anti-spam solution and firewall for the site. |
ct_has_scrolled | No description |
ct_pointer_data | CleanTalk sets this cookie to prevent spam on the site's comments/forms, and to act as a complete anti-spam solution and firewall for the site. |
ct_ps_timestamp | CleanTalk sets this cookie to prevent spam on the site's comments/forms, and to act as a complete anti-spam solution and firewall for the site. |
ct_screen_info | No description |
ct_sfw_pass_key | CleanTalk sets this cookie to prevent spam on comments and forms and act as a complete anti-spam solution and firewall for the site. |
ct_timezone | CleanTalk–Used to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site. |
qtrans_front_language | This cookie is set by qTranslate WordPress plugin. The cookie is used to manage the preferred language of the visitor. |
viewed_cookie_policy | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |