I. BASICS PROVISIONS
- MAGNETIT undertakes that all data processing related to its activities complies with the requirements set out in these regulations and the applicable European GDPR legislation.
- MAGNETIT is committed to the protection of the personal data of its users and partners, and considers it extremely important to respect the right of information visitors and customers of the site to self-determination.
- MAGNETIT, as the operator and data controller of this website, treats personal data confidentially and takes all security, technical and organizational measures that guarantee the security of the data.
- In this document, the operator describes below its data management principles, activities and rules related to the data managed by the site.
- The data management principles related to the operation of the website are in accordance with the applicable GDPR data protection legislation.
II. DEFINITIONS, INTERPRETATIONS
- Data Subject: identified or under any other personal data specified - directly or indirectly - identifiable natural person;
- Personal data: data which may be contacted by the data subject, in particular the name, identification mark and knowledge of one or more physical, physiological, mental, economic, cultural or social identities of the data subject, and the conclusion which may be drawn therefrom concerning the data subject;
- Contribution: the wishes of concerned volunteers and resolute expression, which is based on appropriate information, and which unambiguously consent to the personal data concerning them - management - covering full or certain operations;
- Objection: a statement by the data subject objecting to the processing of their personal data and requesting the termination of the data processing or the deletion of the processed data;
- Data Manager: the natural or legal person or organization without legal personality who or which, alone or jointly with others, determines the purpose of data management, makes and implements the relevant decisions on data management (including the means used) or implements them with the data processor entrusted by them;
- Data management: Regardless of the method used in any operation or set of operations performed on data totality, in particular the collection, recording, organization, storage, alteration, use, availability, transmission, disclosure, alignment or combination, blocking, erasure or destruction, and prevent further use of the data, photos, audio or picture record and the identity of the person recording the physical characteristics (such as fingerprints and palm prints, DNA samples and iris image);
- Data transmission: to make specific third party to access the data;
- Disclosure: making data available to anyone;
- Data erasure: making data unrecognizable in such a way that it is no longer possible to recover it;
- Data marking: providing the data with an identification mark in order to distinguish it;
- Data blocking: to identify the data in order to limit its further processing permanently or for a specified period of time;
- Data destruction: complete physical destruction of the data carrier;
- Data processing: technical tasks related to data processing operations, regardless of the method and equipment used to perform the operation, and the place of application, provided that the technical task is performed on the data;
- Data processer: any natural or legal person or organization without legal personality, who is including a contract under the provisions of the legislation which is processing the data on the basis of a contract with the data controller;
- Third person: any natural or legal person or organization without legal personality who or which is not the subject, the data controller or data processor;
- Third Country: any country that is not an EEA state.
III. PRINCIPLES OF DATA MANAGEMENT DURING THE OPERATION OF THE SITE
- Personal data can be processed if
(a) the data subject consents thereto, or
b) it is ordered by law or - on the basis of the authorization of law, within the scope specified therein - by a decree of a local government for a purpose based on the public interest (mandatory data management).
- Personal data may also be processed if it would be impossible or disproportionate to obtain the data subject's consent and the processing of personal data is necessary to fulfil a legal obligation to the controller or a legitimate interest of the controller or a third party. proportionate to the restriction of the right to
- If the personal data was collected with the consent of the data subject, the data controller shall, unless otherwise provided by law,
(a) for the purpose of fulfilling a legal obligation incumbent on it, or
(b) for the purpose of enforcing a legitimate interest of the controller or of a third party where the exercise of that interest is proportionate to the restriction of the right to the protection of personal data without further specific consent and after withdrawal of the data subject's consent.
- Personal data may only be processed for a specific purpose, in order to exercise a right and fulfil an obligation. At all stages of data processing, this purpose must be met and the collection and processing of data must be fair.
- Only personal data may be processed that is essential for the purpose of the data processing, suitable for the purpose of the purpose and only to the extent and for the time necessary to achieve the purpose. Personal data may only be processed with informed consent.
- The data subject must be informed before the start of the data processing that the data processing is based on consent or is mandatory. The data subject shall be informed in a clear, comprehensible and detailed manner of all facts relating to the processing of their data, in particular the purpose and legal basis of the processing, the person authorized to manage and process the data, the duration of the processing, the processing of the data subject's personal data with the consent of the data subject and the fulfilment of a legal obligation who can know the data. The information should also cover the data subject's rights and remedies.
- In the course of data management, it must be ensured that the data is accurate, complete and up-to-date, and that the data subject can be identified only for the time necessary for the purpose of data management.
- Personal data may be transferred to a controller or processor in a third country
- if the data subject has given their explicit consent or the conditions for data processing set out above are met and an adequate level of protection of personal data is ensured in the processing and processing of the transferred data in the third country. Data transfers to EEA States should be considered as domestic transfers.
IV. SCOPE OF PROCESSED PERSONAL DATA AND CHARACTERISTICS OF DATA MANAGEMENT
- The data management of the magnet-it.shop website
and the activities of MAGNETIT is based on voluntary consent. In some
cases, however, the handling, storage and transmission of a given set of
data is required by law, of which we will notify the visitors and users
- Data of website visitors
o The purpose of data management: during the visit to the website, the website hosting provider records the visitor data in order to check the operation of the service and prevent abuse.
o Legal basis for data management: consent of the data subject.
o The range of data managed: date, time, IP address of the user's computer, address of the page visited, address of the previously visited page, information about the user's operating system and browser.
o Duration of data management: 365 days from the date of viewing the website.
o Google Analytics' web analytics software and external server help you independently measure and audit website traffic and other web analytics data. The data controller can provide detailed information on the management of measurement data at www.google-analytics.com.
o External service providers place and read back a small data packet, called a cookie, on the user's computer in order to provide customized service. If the browser returns a previously saved cookie, the service providers that handle it have the option to link the user's current visit to the previous ones, but only for their own content.
- Contacting the website, requesting information, communication
o The purpose of data management: contacting, keeping in touch, communicating information, requesting information.
o Legal basis for data processing: consent of the data subject.
o The scope of the data processed: name, e-mail address, telephone number, subject, text, date and time of the message, as well as other personal data provided by the data subject.
o Deadline for deletion of data: 5 years from the communication. Deletion or modification of personal data may be initiated at the contact details provided in Section VI.
- Personal data of registered users of the website
o The purpose of data management: to ensure the use of certain registration-related functions of the website and to ensure the creation of the contract in the process of ordering services and products, to create the legal conditions for the purchase and conclusion of the contract.
o Legal basis for data processing: consent of the data subject.
o The scope of the managed data: name, telephone number, e-mail address, date, IP address, billing address data, account number data, as well as other personal data provided by the data subject.
o Deadline for deleting data in case of unconfirmed registration: 30 days. The deadline for deleting data in the case of a confirmed registration is one year from the confirmation or the last login, 8 years from the last purchase after a completed purchase. Deletion or modification of personal data may be initiated at the contact details provided in Section VI.
- Personal data of the customers of the website, buyers who use the service or product offered by the website
o The purpose of data management: to prove the conditions of the service, the contract and the concluded contract, to record the data of the service or product used in accordance with the provisions of the Accounting Act.
o Legal basis for data management: consent of the data subject.
o The scope of the managed data: name, telephone number, e-mail address, date of birth, date, IP address, billing address data, account number data, as well as other personal data provided by the data subject.
o Deadline for deletion of data: 8 years from the communication. Deletion or modification of personal data may be initiated at the contact details provided in Section VI.
- Personal information of the recipients of the website newsletter
o The purpose of data management: to send e-mail newsletters, DM letters to those interested, subscribers, for the purpose of informing about current information, promotions and business offers.
o The legal basis for data management is the consent of the data subject and the Act on the Basic Conditions and Certain Restrictions of Commercial Advertising.
o The scope of the managed data: name, e-mail address, date, IP address.
o Deadline for deleting data: 30 days for withdrawal of consent or for unconfirmed subscriptions. Deletion or modification of personal data may be initiated at the contact details provided in Section VI.
V. USERS 'RIGHTS REGARDING THE PROCESSING OF THEIR PERSONAL DATA, DELETION OF DATA
- The legal basis for the processing of personal data indicated and detailed in Section IV is the voluntary consent of the users. MAGNETIT maintains a data transfer register in order to check the lawfulness of data transfer and to inform users and customers, which contains the date of transfer of personal data processed by it, the legal basis and recipient of data transfer, the definition of the scope of transferred personal data and other data specified by law. Retention in the data transfer register for personal data is 5 years.
- Any visitor, interested, registered user or customer using the service or product may request information about the handling of their personal data. Upon request, the data controller shall provide the data subject with written information on the data processed by them, the purpose, legal basis, duration, name, address (registered office) and activities related to the data processing, as well as who received or received them and for what purpose. the data. The information can be requested by anyone at the contact details given in Section VI, by giving their postal address.
- Users may object to the processing of their personal data by requesting the rectification and deletion of their personal data from the data controller at the contact details provided in Section VI. The data controller shall respond to the deletion of data requested by e-mail or by post no later than within 8 working days from the receipt of the request or objection.
VI. STORAGE OF PERSONAL DATA, DATA MANAGEMENT, DATA PROCESSOR DATA, CONTACT DETAILS
Name: MAGNETIT LLP
Registered office: Kemp House, 160 City Road, London, United Kingdom, EC1V 2NX
Online contact: firstname.lastname@example.org
VII. LEGAL REMEDIES, DATA PROTECTION AUTHORITIES
- United Kingdom - The Information Commissioner’s
Wilmslow - Cheshire SK9 5AF, Water Lane, Wycliffe House
Tel. +44 1625 545 745
- European - European Data Protection Supervisor
1047 Bruxelles/Brussel, Rue Wiertz 60.
Office: Rue Montoyer 63, 6th floor
Tel. +32 2 283 19 00
- Hungary - National Authority for Data Protection and Freedom of Information
H-1125 Budapest, Szilágyi Erzsébet fasor 22/C
Tel. +36 1 3911 400
MAGNETIT may make changes to this Privacy Notice at any time without notice. Any changes will be effective immediately upon posting on the MAGNETIT website.