PRIVACY POLICY
Personal data
Information about an identified or identifiable natural person. It is possible to identify, directly or indirectly, in particular by means of an identifier such as name, number, location data, online identifier or physical, mental, cultural, etc. of a natural person identifiable on the basis of one or more factors relating to the identity of the data subject.
Data controller
The natural or legal person or any other body that determines the purposes and means of the processing of personal data (even together with others); if the purposes and means of the processing are defined by Union or Member State law, the controller (…) may also be defined by Union or Member State law.
Data handling
Irrespective of the procedure used, any operation or set of operations on personal data or files, whether automated or non-automated, in particular the collection, recording, recording, systematisation, segmentation, storage, modification or alteration, access, use, consultation, transmission and disclosure , or otherwise make available, blocking, restricting, deleting and destroying the data and preventing further use of the data, taking photographs, sound or images, and physical characteristics capable of identifying the person (eg fingerprints or palmprints). , DNA sample, iris image).
Data processor
The natural or legal person or any other body which processes personal data on behalf of the controller.
Data processing
Perform technical tasks related to data management operations, regardless of the method and means used to perform the operations and the place of application.
Privacy Incident
A breach of data security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal information processed.
I. Principles governing the processing of personal data
The Matro Kft. keep records of the natural persons and companies who come into contact with it in accordance with the following principles:
- legality, due process and transparency
- purpose
- data saving
- accuracy
- limited storage
- integrity and confidentiality
- accountability
II. Legal bases for data management
The Matro Kft. keep records of the natural persons and companies who come into contact with it in accordance with the following principles:
- the consent of the data subject
- contracting
- fulfillment of a legal obligation
- vital interest
- data management in the public interest
- law, legitimate interest, balance of interests
In the case of the processing of the personal data of the data subject on the basis of a legitimate interest, we perform a balance of interests, during which:
– identify and record a legitimate interest
– identify and record the interests and rights of the data subject
– consideration based on the principles of necessity and proportionality, purpose limitation, data saving, limited storage
– inform the data subject of the balance of interests
The data subject has the right to object, on the basis of which the personal data will not be further processed, unless the compelling reason justifies the processing (eg in the case of data that must be processed in connection with the employment relationship)
Direct marketing (newsletter)
The Matro Kft. Use direct marketing (newsletter) to deliver relevant content about your products and services to your customers. Customer data obtained in the course of previous sales activity may be used to promote products and services through direct marketing, the legal basis of which is a legitimate interest, ensuring the possibility of unsubscribing at any time.
There is no compelling reason for direct marketing, in case of protest the data will be deleted.
Children under the age of 16 can only subscribe to our newsletters with parental consent! As stated in the decision and resolution of the NAIH and in accordance with the expectations of the GDPR, the subscription to the newsletter:
- voluntary
- definite
- based on adequate information
- unambiguous.
The scope of the managed data: the Data Controller handles the following data of the User who has voluntarily subscribed to the newsletter on the basis of express consent: name, company name, e-mail address, telephone number.
III. Purpose of data management
The company processes data in accordance with the law for the following purposes:
(a) maintaining a customer relationship;
(b) marketing activities to potential customers;
(c) processing of data on employees and applicants;
(d) managing the contact details of contractors for the performance of the contract;
e) fulfillment of customer orders;
Direct marketing (newsletter)
Sending e-mails and newsletters with marketing content electronically, based on their legitimate interest to the Users, their voluntary, unambiguous consent, to be able to find out about our current promotions, latest products and premium services.
IV. Duration of data management
The Matro Kft. inform data subjects of the period for which the data will be retained.
The accounts will be kept for at least 8 years due to a legal obligation. The retention period of the documents on which the invoice is based is 8 years.
Retention period of the documents serving as the basis of the employment relationship: the employer is obliged to keep the employment and social security documents arising in connection with the insurance relationship for 5 years after reaching the retirement age applicable to his / her insured.
data saving
The retention period of the data provided for the purpose of contact is 1 year after the termination of the contact.
Retention of data related to the performance of the contract: 5 years.
Retention of data related to the accounting of application projects is the period specified in the grant agreement.
Direct marketing (newsletter)
The Data Controller processes the personal data of the Users listed above in the newsletter list (based on a legitimate interest, voluntary, express consent based on appropriate information) until the withdrawal of the User’s consent, failing which for 10 years from the collection of the data.
V. Rights of data subjects
In relation to your personal data, the data subject has the rights specified by law.
(a) the right of access
(b) the right of rectification
(c) the right of cancellation
(d) the right to restrict the processing of the data
(e) an obligation to notify the rectification or erasure of personal data or the restriction of data processing
(f) the right to data portability
(g) the right to protest.
Direct marketing (newsletter)
The Data Controller may revoke the personal data of the Users listed above in the newsletter, free of charge, at any time, without restriction or justification. In this case, the name of the declarant and all other personal data will be deleted and we will not send you any newsletter for direct marketing purposes. We provide the opportunity to make a revocation statement by both mail and e-mail so that the person making the statement can be clearly identified.
User may withdraw consent in writing by mailing to:
Matro Kft. 7631 Pécs, Nagyárpádi út 7. A. Hungary / In an electronic way: info@matro.hu
VI. Stakeholder information process
As a data controller, Matro Kft. The information shall be provided in writing or by any other appropriate means, including, where appropriate, by electronic means. Oral information may be provided at the request of the data subject, provided that the identity of the data subject has been otherwise established.
I. Collection of personal data directly from data subjects
If we collect personal data about the data subject, we will inform the data subject about the following information at the time of obtaining the personal data:
(a) the identity and contact details of the controller and, if any, of the controller ‘s representative;
(b) the contact details of the Data Protection Officer, if any;
(c) the purpose of the intended processing of the personal data and the legal basis for the processing;
(d) where the processing is necessary for the legitimate interests of a third party, the legitimate interests of the third party;
(e) where applicable, the recipients or categories of recipients of the personal data, if any;
(f) where applicable, the fact that the controller intends to transfer the personal data to a third country or to an international organization.
To ensure fair and transparent data management, the data subject shall be provided with the following additional information:
(a) the period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
(b) the data subject’s right to request the controller to access, rectify, delete or restrict the processing of personal data concerning him or her and to object to the processing of such personal data and the data subject’s right to data portability;
(c) the right to withdraw the consent at any time, without prejudice to the lawfulness of the processing carried out prior to the withdrawal;
(d) the right to lodge a complaint with the supervisory authority;
(e) whether the provision of personal data is based on a law or a contractual obligation or a precondition for the conclusion of a contract, whether the data subject is obliged to provide personal data and the possible consequences of not providing such data;
(f) the fact of automated decision-making, including profiling, and at least in such cases, comprehensible information on the logic used and the significance of such data processing for the data subject.
If the controller intends to carry out further processing of personal data for a purpose other than that for which they were collected, it shall inform the data subject of this different purpose and of any relevant additional information prior to the further processing.
II. Collection of personal data from other sources
If the personal data was not obtained from the data subject, in addition to the information listed above, we will also inform the data subject about the following:
(a) the categories of personal data concerned;
(b) the source of the personal data and, where applicable, whether the data come from publicly available sources.
VIII. Dealing with a privacy incident
The Matro Kft. ensure data security commensurate with the degree of risk associated with the data processing, in the event of a breach of which the data controller / processor or his / her representative shall notify the supervisory authority without delay, but no later than 72 hours after becoming aware of it, and inform the data subject.
Our company shall take the necessary security measures immediately after becoming aware of the data protection incident in order to eliminate or restore the damage that gave rise to the data protection incident.
The data subject will be notified of the measures taken and their outcome.
IX. Remedies information
The data protection supervisory authority: National Data Protection and Freedom of Information Authority (hereinafter: NAIH, address: 1125 Budapest, Szilágyi Erzsébet fasor 22 / C, e-mail address: ugyfelszolgalat@naih.hu). The data subject may submit a complaint to the NAIH if, in his or her opinion, the processing of personal data concerning him or her does not comply with the legal obligations.
A judicial review may be initiated against the decision of the NAIH.
X. Information on records
The Matro Kft. performs the processing and processing of data in a lawful, transparent and verifiable manner, for the purposes of which it shall continuously establish and update the following records:
a) Data inventory;
b) Records of data processing;
c) Records of data transmission;
d) Records of termination of data processing;
e) Register of relevant and official requests and responses;
f) Record of data protection incidents;
g) Record the activities of the Data Protection Officer;
h) Register of “lost” data, inquiries;
i) Record of prior data protection impact assessment.