Privacy Policy

1. 1. Introduction

Alap Inspektor Méréstechnikai és Minőségügyi Kft. (registered address: 8200 Veszprém, Állvány u. 7., tax number: 24655958-2-19) (hereinafter referred to as: Service Provider, Data Controller) is subject to the following regulation:

In accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (27^th April 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), we hereby provide the following information:

This Privacy Policy regulates data processing on the following pages:
http://alapinspektor.com/
http://alapeuropa.com/hu/

This Privacy Policy is available on the following website:
http://alapinspektor.com/adatvedelem
http://alapeuropa.com/hu/adatvedelem

Any modification of this Policy enters into force if published on the website specified above.

1. 1. 1. Contact information of the data controller:

Name: Alap Inspektor Méréstechnikai és Minőségügyi Kft.

Registered address: 8200 Veszprém, Állvány u. 7.

E-Mail: hello@alapinspektor.com

Phone: +36 88 40 77 66

1. 2. Definitions

   1. 1. “personal data”: means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

   2. „data processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

   3. „data controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

   4. „data processor”: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

   5. „recipient”: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

   6. „consent of the data subject”: means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

   7. „personal data breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

3. Principles relating to the processing of personal data

Personal data shall be:

1. processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);

2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89 (1), not be considered to be incompatible with the initial purposes (“purpose limitation”);

3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (”data minimization”);

4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (”accuracy”);

5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 (1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (”storage limitation”);

6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (”integrity and confidentiality”).

The controller shall be responsible for and be able to demonstrate compliance with the above (”accountability”).

The data controller hereby declares that any data processing by the data controller is carried out in accordance with the principles set forth herein.

4. Specific data processing situations

1. 1. Contacting

1. Fact of collecting personal data, categories of the data processed and purpose of data processing:

Personal data	Purpose of processing	Legal basis
Name	Identification	Paragraphs a), b) and c) of Article 6 (1)
E-mail address	Keeping in touch, sending replies	Paragraphs a), b) and c) of Article 6 (1)
Content of message	Necessary for reply	Paragraphs a), b) and c) of Article 6 (1)
Date of getting in touch	Carrying out technical operations	Paragraphs a), b) and c) of Article 6 (1)
IP address used for contacting	Carrying out technical operations	Paragraphs a), b) and c) of Article 6 (1)

The e-mail address does not need to include personal data.

2. Data subjects: Any data subject who sends messages or gets in touch with us via the ‘contact us’ template or any of the contact information.

3. Duration of data processing, time limit for erasure of the data: If any of the conditions set forth in Article 17 (1) of the GDPR applies, it lasts until the data subject request erasure of his or her data.

4. Potential controllers entitled to receive the data, the recipients of the personal data: The personal data may be processed by authorized employees of the data controller.

5. Informing data subjects of their rights relating to the processing of their data:

• The data subject may request the data controller to ensure access to, rectification or erasure of or restriction of processing of his or her personal data, and

• the data subject has the right to data portability and the right to withdraw his or her consent at any time.

6. The data subject may initiate access to, erasure or rectification of, restriction of processing of or portability of personal data in the following ways:

• via post at the following address: 8200 Veszprém, Állvány u. 7.,
• by e-mail at the following e-mail address:  hello@alapinspektor.com ,
• by phone at the following phone number: +36 88 40 77 66.

7. Legal basis of processing: The data subject’s consent, Paragraphs a), b) and c) of Article 6 (1). By contacting us, you give your consent to the processing of your personal data (name, e-mail address) disclosed to us while getting in touch with us in accordance with the provisions of this Policy.

8. Please, be informed that

• this data processing is based on your consent or necessary for making an offer or is based on statutory obligations in the case of contractual relationships (cooperation).
• you are obliged to give your personal data if you wish to contact us.
• failure to provide data results in your inability to contact the Service Provider.
• the withdrawal of your consent does not affect the lawfulness of data processing based on consent before such withdrawal.

5. Recipients to which personal data are disclosed

„recipient”: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

1. 1. Data processors (who carry out processing on behalf of the controller)

To facilitate its own data processing activities and meet its obligations arising from the contract concluded with the data subject or the relevant laws, the data controller uses data processors.

The data controller places great emphasis on using only data processors who provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements set forth in the GDPR and ensure the protection of the rights of the data subject.

The processor and any person acting under the authority of the controller or of the processor, who has access to personal data, shall not process those data except on instructions from the controller.

The data controller shall be liable for the activities of the data processor. A processor shall be liable for the damage caused by processing only where it has not complied with the obligations of the GDPR specifically directed to processors or where it has acted outside or contrary to the lawful instructions of the controller.

The data processor has no decision-making authority in connection with the processing of data.

1. 2. Specific data processors

Data processing activities	Name	Address, contact information
Web hosting services/b>	honlaptarhely.hu PlexNET Informatikai Kft	8441 Márkó, Búzavirág u. 9. info@honlaptarhely.hu +36 70 243 6090
Accounting tasks, invoicing	Csizi Mihály Csabáné, certified public accountant, tax advisor	Tel, fax: 06 88 403 433 Mobil: 06 20 950 7100 E-mail: zsuzsa.csizine@gmail.com 8200 Veszprém, Baláca u. 47
Auditing	Mérleg 2001 Kft.	8200 Veszprém, Cserhát ltp. 3. 3/3. merleg2001_kft@freemail.hu +36 88 789 416
IT administrator	Macrotel Kft. | it.hu	+36 20 2838063 meszaros.peter@it.hu H-8200 Veszprém, Gerenda u. 4-6.

6. Management of cookies

1. Fact of data processing, categories of the data processed: Unique identification number, dates, times

2. Data subjects: All the data subjects visiting the website.

3. Purpose of processing: Identification of users and monitoring visitors.

4. Duration of data processing and time limit for erasure of the data:

 

 

Cookie types	Legal basis of data processing	Duration of processing
Session cookies	§13/A Absatz (3) des Gesetzes Nr. CVIII von 2001 über einzelne Aspekte des elektronischen Geschäftsverkehrs sowie der Dienste der Informationsgesellschaft (Elkertv.)	Period until the visitor session in question is completed
Permanent or stored cookies	Article 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services	Until the data subject is erased
Statistical cookies	Article 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and information society services	1 month – 2 years

 

5. Potential controllers entitled to receive the data: The data controller does not process personal data through the use of cookies.

6. Informing data subjects of their rights relating to the processing of their data: The data subjects have the right to delete cookies in the Tools / Settings menu of their browsers, usually under the settings of the menu item ’Privacy’.

7. Legal basis of processing: The data subject’s consent is not required if the sole purpose of the use of cookies is the transmission of communications via an electronic communications network or if the provision of an information society service specifically requested by the subscriber or user is absolutely needed by the service provider.

8. Most browsers used by our users allow them to set which cookies they wish to save and allow (specific) cookies to be deleted again. If you restrict the storage of cookies on certain websites or do not allow third-party cookies, this may, in certain circumstances, result in our website no longer being used in its entirety. Here you can find information on how to customize cookie settings for standard browsers:

Google Chrome (https://support.google.com/chrome/answer/95647?hl=hu)

Internet Explorer (https://support.microsoft.com/hu-hu/help/17442/windows-internet-explorer-delete-manage-cookies)

Firefox (https://support.mozilla.org/hu/kb/sutik-engedelyezese-es-tiltasa-amit-weboldak-haszn

Safari (https://support.apple.com/kb/PH21411?locale=hu_HU)

7. The use of Google and Facebook services

1. 1. The use of Google Ads conversion tracking

1. The data controller uses an online advertising service called “Google Ads” and, as part of that, it uses the conversion tracking service of Google. Google conversion tracking is an analytics service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

2. When a User clicks on an ad served by Google, a conversion tracking cookie is placed on his or her computer. These cookies are of limited validity, do not contain any personally identifiable information, and are therefore not used to personally identify the User.

3. If the User visits certain pages on the website and the cookie has not yet expired, both Google and the controller can detect that the User has clicked on the advertisement.

4. Each Google Ads customer receives a different cookie, and so the cookies cannot be tracked via the websites of Ads customers.

5. The information obtained using the conversion cookie is used to generate conversion statistics for Ads customers using conversion tracking. This way, customers receive information on the number of users that clicked on their advertisement and were directed to the page marked with a conversion tracking tag. However, they will not receive any information that can be used to personally identify users.

6. If you want to opt out of conversion tracking, you can reject it by disabling the installation of cookies in your browser. After that, you will not be included in conversion tracking statistics.

7. For further information and for the privacy statement of Google, please visit the following: google.de/policies/privacy/

1. 2. The use of Google Analytics

1. 1. This website uses Google Analytics, a web analytics service offered by Google, Inc. (“Google”). Google Analytics uses ‘cookies’ that are text files placed on the User’s computer and which help analyze how Users use the site.

1. 2. The information generated by the cookie about the User’s use of the website is generally transmitted to and stored by Google on servers in the USA. If, however, IP anonymization is activated on the website, Google will beforehand shorten the User’s IP address within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area.

1. 3. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website to evaluate the User’s use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the website operator.

1. 4. The IP address that the User’s browser transmits as part of Google Analytics will not be associated with any other data held by Google. The User can prevent the storage of cookies by selecting the corresponding setting in his or her browser, but please note that in such a case the User may not be able to use all the functions on this website. The User can also prevent Google’s collection and use of data generated by the cookie and related to the User’s use of the website (including the User’s IP address) as well as the processing of this data by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=hu

1. 3. Social media sites

1. Fact of collecting data, categories of the data processed: The user’s name as registered on Facebook/Twitter/Pinterest/Youtube/Instagram etc. or other social media sites, and the user’s public profile picture.

2. Betroffene Personen: Data subjects: All data subjects who have signed up for Facebook / Twitter / Pinterest / Youtube / Instagram or other social media sites and have ‘liked’ the website or have contacted the data processor via the social media sites.

3. Zweck der Datenerhebung: Purpose of data collection: To share certain content elements of the website, or the products and promotions on the website or the website itself on these social media sites, and to promote the same, so that users ‘like’ them.

4. Duration of processing, time limit for erasure of the data, potential controllers entitled to receive the data, and information on the rights of data subjects related to processing: Data subjects may receive information about the sources, the processing of data, the method of data transfer and the legal grounds thereof by visiting the relevant social media site. Processing is performed on the social media sites, therefore the duration and manner of processing, and also the option of data erasure and rectification shall be governed by the policy of the relevant social media site.

5. Legal basis of processing: the data subject’s voluntary consent to the processing of their data on the social media sites.

8. Customer relations and other processing
   

1. If the data subject has any questions or problems during their use of the controller’s services, he or she can contact the controller at its contact information (phone, email, social media sites etc.) specified on the website.

2. The emails and messages received and the data provided by telephone or via Facebook etc., including the name, email address and any other voluntarily provided personal data of the data subject will be erased by the controller within a maximum of 2 years from the date of provision.

3. Regarding any type of processing not listed herein, we will provide information at the time of recording the data in question.

4. In exceptional cases at the authorities’ request, or at the request of other bodies authorized by law, the Service Provider may be obliged to provide information, disclose and transfer data, or supply documents.

5. In such cases, provided that the requesting entity has specified the exact purpose of use and the scope of the data, the Service Provider will only disclose those personal data to the requesting entity and only to such extent that is indispensable for the implementation of the purpose of the request.

9. The rights of data subjects

1. Right of access

You shall have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information listed in the Regulation.

2. Right to rectification

You shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to erasure

You shall have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay under certain conditions specified.

4. Right to be forgotten

Where the controller has made the personal data public and is obliged to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

5. Right to restriction of processing

You shall have the right to obtain from the controller restriction of processing where one of the following conditions applies:

• the accuracy of the personal data is contested by you: in such case such restriction is for a period enabling the controller to verify the accuracy of the personal data;

• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

• the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;

• you have objected to processing: in such a case, such restriction is for a period until it is verified whether the legitimate grounds of the controller override your legitimate grounds.

6. Right to data portability

You shall have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided (…)

7. Right to object

In the case of processing based on a legitimate interest or public authority as a legal basis, you shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data (…), including profiling based on those provisions.

8. Objection in case of direct marketing

Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

9. Automated individual decision-making, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

The previous paragraph shall not apply if the decision:

• is necessary for entering into, or performance of, a contract between you and a data controller;

• is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

• is based on your explicit consent.

10. Time limit for taking action

The controller shall provide you with information on action taken on the requests above without undue delay and in any event within 1 month of receipt of the request.

This period may be extended by 2 further months where necessary. The controller shall inform you of any such extension within 1 month of receipt of the request, together with the reasons for the delay.

If the controller does not take action on your request, the controller shall inform you without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

11. Security of processing

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:

1. the pseudonymization and encryption of personal data;

2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

3. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing;

5. The data processed must be stored in such a way that no unauthorized person can have access to them. This must be ensured in the case of paper-based data carriers through establishing physical storage and archiving procedures, while, in the case of data managed electronically, through the use of a centralized access management system.

6. The method of storing the data by IT means shall be chosen in such a way that their deletion can be carried out at the end of the erasure period, in view of the possibility of different time limits for erasure, or if otherwise necessary. Erasure shall be irreversible.

7. Paper-based data carriers shall be destroyed by shredding or with the help of an external organization specialized in the destruction of documents. In the case of electronic data carriers, physical destruction and, where necessary, prior secure and irretrievable deletion of the data shall be ensured in accordance with the rules on the disposal of electronic data carriers.

8. The data controller shall take the following specific data security measures:

1. 1. In order to ensure the security of personal data managed on a hard copy, the Service Provider applies the following measures (physical protection):

1. 1. 1. Storing documents in a secure, properly lockable, dry room.

      2. The Service Provider’s building and premises are equipped with fire prevention and property protection systems.

      3. Personal data may be accessed only by authorized persons and by no third parties.

      4. The employee of the Service Provider performing data processing may leave the premises where data processing is taking place only by securing the data carriers entrusted to him or by locking the given premises.

      5. If personal data managed on hard copies need to be digitized, the rules applicable to digitally managed data shall apply.

1. 2. IT security

1. 1. 1. The Service Provider owns the computers and mobile devices (other data carriers) used during data processing.

      2. Access to the data stored on the computers is only granted with a username and password.

      3. Access to the central server machine is only allowed to authorized and designated persons.

      4. To ensure the security of the digitally stored data, the Service Provider uses data backups and archiving.

      5. The computer systems containing personal data and used by the Service Provider are protected against viruses.

12. Communication of a personal data breach to the data subject

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.

The communication to the data subject shall describe in clear and plain language the nature of the personal data breach and contain the name and contact details of the data protection officer or other contact persons who can provide further information as well as the likely consequences of the personal data breach and a description of the measures taken or planned by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.

The communication to the data subject is not required if any of the following conditions are met:

• the controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption;

• following the personal data breach, the controller has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize;

• it would involve disproportionate effort. In such a case, there shall instead be a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

If the controller has not already communicated the personal data breach to the data subject, the supervisory authority, having considered the likelihood of the personal data breach resulting in a high risk, may require it to do so.

13. Notification of a personal data breach to the supervisory authority

In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

14. Review in case of mandatory processing

Unless the duration of the mandatory processing or the periodic review of its necessity is determined by law, local government regulation or a binding legal act of the European Union, the controller shall review, at least every three years from the start of the data management, whether the management of personal data processed by the controller or by a processor acting on its behalf or under its instructions is necessary for the purposes of the data management.

The controller shall document the circumstances and the results of this review, keep this documentation for ten years after the review and make it available to the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter referred to as the Authority) upon request.

15. Right to lodge a complaint

Complaints may be filed against the controller’s violation of law, if any, with the Hungarian National Authority for Data Protection and Freedom of Information:

Hungarian National Authority for Data Protection and Freedom of Information 1055 Budapest, Falk Miksa utca 9-11.

Postal address: 1374  Budapest, Pf.: 603.
Phone: +36 -1-391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu

16. Final provisions

When preparing the information document we took into account the provisions of the following laws:

• REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (27^th April 2016) on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and repealing Directive 95/46/EC (General Data Protection Regulation);

• Act CXII of 2011 – on Informational Self-Determination and Freedom of Information (hereinafter referred to as: Info Act);

• Act CVIII of 2001 – on Certain Issues of Electronic Commerce Activities and Information Society Services (Article 13/A in particular);

• Act XLVII on 2008 – on the Prohibition of Unfair Commercial Practices against Consumers;

• Act XLVIII of 2008 – on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities (Article 6 in particular);

• Act XC of 2005 on the Freedom of Information by Electronic Means;

• Act C of 2003 on Electronic Communications (Article 155 in particular)

• Opinion 16/2011 on EASA/IAB Best Practice Recommendation on Online Behavioral Advertising;

• Recommendation by the Hungarian National Authority for Data Protection and Freedom of Information on the Data Protection Requirements of Prior Information.

29^th April 2021

Alap Inspektor Méréstechnikai és Minőségügyi Kft.