1. GENERAL INFORMATION
Data controller: Prelement Home Kft. (headquarters: 1094 Budapest, Tűzoltó utca 57.; company registration number: 01-09-375229, e-mail address: email@example.com).
Data subject: means the Data Controller’s Potential Client or Client who uses the Data Controller’s services (hereinafter: Service), is interested in using them, or is interested in them.
A Potential Customer is a natural person who provides their personal data in order to request an offer from the Data Controller or request other information.
A Customer is a Potential Customer who enters into a contract with the Data Controller regarding one of the data controller’s services.
Personal Data: any information relating to the Data Subject.
1.1. The purpose of this Data Management Notice is for the Data Controller to inform the Data Subject about the most important circumstances of the data management carried out by the Data Controller in view of data protection regulations.
1.2. The Data Controller is committed to protecting the personal data of the data subjects and considers it of utmost importance to respect the data subjects’ right to self-determination of information.
1.3. The Data Controller reserves the right to change the Notice, about which it provides information in accordance with the applicable legislation.
1.4. The Data Controller:
handles personal data in a legal and fair manner, as well as in a transparent manner for the Data Subject (“legality, fair procedure and transparency”);
collects personal data only for specific, clear and legitimate purposes and does not process them in a manner incompatible with these purposes (“purpose limitation”);
personal data managed by are adequate and relevant from the point of view of the purposes of data management, and their management is limited to what is necessary (“data saving”);
personal data managed by is accurate and up-to-date (“accuracy”);
the personal data is stored in a form that allows the identification of the data subjects only for the time necessary to achieve the goals of personal data management (“limited storage”);
handles personal data in such a way as to ensure adequate security of personal data (“integrity and confidentiality”).
1.5. The data management principles of the Data Controller are in accordance with the applicable legislation related to data protection, and in particular with the following:
Basic Law of Hungary (Freedom and Responsibility, Article VI);
REGULATION (EU) 2016/679 of the European Parliament and Council (April 2016) on the protection of natural persons with regard to the processing of personal data and on the free flow of such data, and on the repeal of Regulation 95/46/EC (General Data Protection Regulation) – (“GDPR”);
CXII of 2011 on the right to information self-determination and freedom of information. law – (“Infotv”);
1.6. Act V of 2013 on the Civil Code – (“Ptk”).
1.7. The Data Management Notice and other information related to the data management of the Data Controller are available on the website of the Data Controller https://prelement.hu/adatkezelesi-tajekoztato/ (hereinafter: Website).
1.8. If you have any questions about the Data Management Notice or the data management of the Data Manager, please contact our colleague at szällts@prelement.hu.
2. DATA MANAGEMENT
2.1. The Data Controller strives to limit the processing of personal data as much as possible, but at the same time, the processing of certain personal data is unavoidable. The Data Controller manages the personal data provided by the Data Subject, as well as the personal data related to the Data Subject that arise during the contractual relationship between the Data Controller and the Data Subject in connection with the Data Subject’s data request, the Data Controller’s offer or the use of the Service. The data controller processes the following personal data – on the basis of the legal basis indicated there and for the purposes:
2.2. General contact details
Purpose of data management: Personal data management for the purpose of maintaining contact with Potential Customers. The Potential Customer can provide his/her personal data to the Data Controller by phone, e-mail, on the Website, social media websites, other digital media channels or in person in order to request additional information or a price quote regarding the Services of the Data Controller.
Scope of processed personal data: full name, e-mail address, telephone number (if the Data Subject provides it voluntarily), written communication between parties, including all documents provided by the Data Subject to the Data Controller as part of it and the personal data recorded in them.
Legal basis for data management: Data management is necessary to take steps at the Data Subject’s request prior to the conclusion of the contract (GDPR Article 6 (1) point b).
Duration of data management: The Data Controller deletes the contact data ten years after the end of the business relationship between the parties. If no business relationship is established between the parties
, the data will be deleted by the Data Controller ten years after they were entered.
Foreign data transfer: The Data Controller does not transfer personal data abroad.
Data transmission: If it is necessary to contact the Data Controller’s manufacturing partner for the accurate offer, the Data Controller may, while informing the Data Subject at the same time, forward the architectural license or construction plans provided by the Data Controller to the Data Controller’s manufacturing partner based in Poland, thomas preafab Miedzyrzecz S.o.o. (headquarters: ul. Budawlanych 9, 66-300 Miedzyrzecz, Poland, company registration number: 0000191574, tax number: 596-10-00-357, e-mail address: firstname.lastname@example.org) as data processor. The plans are transmitted in such a way that the Data Processor makes all personal data relating to the Data Subject or third parties that are not absolutely necessary for the interpretation of the plans unrecognizable and irretrievable. According to the above, the Data Controller is entitled to forward the plans to the Hungarian architect and static designer with whom it has a contractual relationship.
2.3. Contract conclusion procedure
Purpose of data management: Management of personal data in order to conclude contracts with customers. If the Potential Customer accepts the Data Controller’s offer, in order to conclude the contract between the parties, it is necessary to provide all the data necessary to conclude and fulfill the contract.
Scope of processed personal data: name, e-mail address, telephone number, residential address, identity card number, tax identification number, selected Service and related data, communication between parties.
Legal basis for data management: Data management is necessary to take steps at the Data Subject’s request prior to the conclusion of the contract, and after the conclusion of the contract, data management is necessary to fulfill a contract in which the Data Subject is one of the parties (GDPR Article 6 (1) point b)).
Duration of data management: Contact data will be deleted by the Data Controller 5 years after the termination of the business relationship between the parties (general limitation period). The personal data included in the contract are stored for 20 years, the personal data included in the related databases are deleted after 5 years (general limitation period).
Data provision: Necessary to conclude the contract, the Customer is obliged to provide personal data, otherwise the contract cannot be concluded.
Foreign data transfer: The Data Controller does not transfer personal data abroad.
2.4. Marketing inquiries (Only if you have given your express consent to inquiries for this purpose by checking the relevant checkbox during registration or using the website and then clicking on the confirmation link sent in the e-mail)
Purpose of data management:
recommending the Data Controller’s own products and services;
in relation to certain products and services of the Data Controller, giving individual offers to the Data Subject, informing them about the availability of discounts and the possibility of using them;
informing and informing the Data Subject about news related to the Data Controller, campaigns, promotions and events organized by it;
Scope of processed personal data: name, e-mail address.
Legal basis for data management: The Data Subject has given his consent to the processing of his personal data (GDPR Article 6 (1) point a)). The Data Subject has the right to withdraw his consent to data processing at any time by sending an e-mail message to the Data Controller to the e-mail address email@example.com.
Duration of data management: The Data Controller manages the data until consent is withdrawn, but for a maximum of 10 years.
Foreign data transfer: To The Rocket Science Group LLC d/b/a (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, United States of America) providing the MailChimp service as a data processor. The country of nationality of the data processor has the so-called Privacy Shield (https://www.privacyshield.gov/EU-US-Framework) certification established on the basis of the US-EU data protection framework agreement, which provides an adequate level of protection, for this reason Article 45 of the GDPR (1) personal data may be forwarded to you.
2.5. Please note that we are entitled to process the Data Subject’s personal data even after the Data Subject withdraws their data processing consent, in the event that further data processing
for the purpose of fulfilling a legal obligation concerning the Data Controller,
due to the protection of vital interests of the Data Subject or another natural person
necessary for the purpose of asserting the legitimate interests of the Data Controller or a third party, or
it is necessary to fulfill a contract in which the Data Subject is one of the parties, or it is necessary to take steps at the Data Subject’s request prior to the conclusion of the contract.
We also draw the Data Subject’s attention to the fact that the withdrawal of his consent to data processing does not affect the legality of the data processing carried out before the withdrawal
3. OTHER DATA MANAGEMENT
3.1. On a case-by-case basis, the Data Controller may also manage other personal data. The Data Controller provides information on data processing not listed in the Data Management Information when the data is collected.
3.2. We inform the Contact Person that the court, the prosecutor, the investigative authority, the infringement authority, the public administrative authority, the National Data Protection and Freedom of Information Authority (“NAIH”), or other bodies based on the authorization of the law, provide information, communicate data, transfer, or in order to provide documents, they can contact the Data Controller, who will release the requested data to the requesting authority within the legal framework. If the authority has specified the exact purpose and scope of the data, the Data Controller will only release personal data to the authorities to the extent and to the extent that is absolutely necessary to achieve the purpose of the request.
4. INFORMATION REGARDING COOKIES USED ON THE WEBSITE
4.1. In order to analyze the use of the Website and thereby improve its services, the Data Controller stores small data packages on the Data Subject’s computer, so-called cookies are placed and read back with the assistance of the Data Subject’s browser. This is necessary because if the Data Subject’s browser returns a previously saved cookie, the service provider managing the cookies has the opportunity to link the Data Subject’s current visit with the previous ones, but only with regard to the content of its own website .
4.3. Information about individual cookies:
|wp-wpml_current_language||A tracker for storing language settings.||Functional||Session length|
|_gid (Google Analytics)||Tracking cookie for Google Analytics, it tracks the duration of each|
visit. Enables the use of advertising features such as audiences,
conversions, targeting and optimization, and Google
|_gat (Google Analytics)||Tracking cookie for Google Analytics, it tracks the duration of each|
visit. Enables the use of
advertising features such as audiences,
conversions, targeting and optimization, and Google
|_fbp (Facebook pixel)||Enables the use of advertising features|
such as audiences, conversions, targeting and optimization
as well as Facebook Analytics data.
|PHPSESSID||The purpose of the cookie is to identify the actions performed by the user on the website.||Functional||Session length|
|DONEGDPRConsent, DONEGDPRAlertBoxClosed||Two DONE. cookie tools. Measure does not measure, it only stores what the cookie settings are and how they should look.||Functional||Session length|
5. DATA PROCESSORS
5.1. The data controller entrusts the following data processors during the data management operations:
AC Computing Bt. (headquarters: 1035 Budapest, Kerék utca 26., company registration number: 01-06-747958) providing hosting services.
The Rocket Science Group, LLC; (head office: 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA; electronic contact: https://mailchimp.com/contact), MailChimp electronic direct marketing service.
Absolute Done Kft. (head office: 1095 Budapest, Gát u. 2 fszt. 1.; company registration number: 01-09-355741) website development, maintenance.
Thomas Preafab Miedzyrzecz Sp. z o.o. (headquarters: ul. Budawlanych 9, 66-300 Miedzyrzecz, Poland., company registration number: 0000191574), a company that manufactures the product required for the service offered by the Data Controller. Data processing activity: Interpretation of plans provided by the data subject for the purpose of calculating production material requirements.
Hungarian static design engineers with a contractual relationship with the Data Controller. The Data Controller informs the Data Subject about the transfer of data to such a Data Processor and the person of the Data Processor at the same time as the data is forwarded. Data processing activity: analysis of the plans provided by the Data Subject for the purpose of checking the feasibility of the construction technology used by the Data Processor and making an offer.
6. MANAGEMENT OF PERSONAL DATA OF THIRD PARTIES
6.1. If the Data Subject provides the personal data of third parties, the Data Subject is obliged to ensure that he obtains the necessary consent for data disclosure or fulfills the other legal basis, and to notify the Data Controller in the event of any related changes. The Data Subject must refrain from transferring the personal data of third parties, unless the data disclosure is necessary for the fulfillment of the contract with the Data Controller. The Data Subject is solely responsible for the management of the personal data of these third parties.
7. DATA SECURITY
7.1. The Data Controller treats personal data confidentially and – taking into account the state of technology, the nature of the personal data and the risks – takes all measures that guarantee the security of the data and protect it against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction, damage, as well as against becoming inaccessible, whether due to human activity, physical or environmental impact. The Data Controller selects and operates the IT tools used for the management of personal data during the provision of the Service in such a way that the managed data:
accessible to those authorized to do so (availability);
its authenticity and authentication are ensured (authenticity of data management);
its immutability can be verified (data integrity);
protected against unauthorized access (data confidentiality)
8. RIGHTS AND REMEDIES
8.1. The Data Subject has the right to: Request information, access:
The Data Subject can at any time request information on whether their personal data is being processed at the e-mail address firstname.lastname@example.org, and if so, they can request the following information:
the purposes of data management,
categories of personal data concerned,
recipients to whom your personal data has been disclosed or will be disclosed,
the planned period of storage of your personal data,
information about your rights to correct, delete or restrict the processing of personal data and to object to the processing of such personal data
the right to file a complaint,
about the fact that automated decision-making based on the Data Subject’s personal data (including profiling) is relevant to the applied logic and data management, and what the expected consequences are for the Data Subject (the Data Controller does not use profiling or automated decision-making).
The Data Controller is obliged to provide the information without undue delay, no later than one month from the receipt of the request. The Data Controller’s response is primarily sent in the form in which the request for information was received, so in the case of a verbal request, please indicate separately if you request our response in writing.
Please note that the first information provided in a given calendar year is free of charge. We are entitled to charge an administration fee for repeated information regarding the same data, provided that no violation of law was established during the repeated information, or the data was not corrected. Re-application fee: HUF 2,000.
8.1.2. Request to correct your personal data
If the personal data managed by the Data Controller does not correspond to the reality, and the personal data corresponding to the reality is provided to the Data Controller, then the Data Subject’s data will be corrected.
8.1.3. Deleting your personal data
The processed personal data will be deleted by the Data Controller if the processing of the data is illegal;
The data subject withdraws his consent to the data management and there is no other legal basis for the data management;
the Data Subject objects to data processing
data management is no longer necessary for the purpose for which it was collected by the Data Controller;
personal data must be deleted in order to fulfill a legal obligation.
8.1.4. Locking your personal data
Instead of deletion, the Data Controller restricts the processing of the Data Subject’s personal data in the following cases:
if the Data Subject disputes the accuracy of the personal data managed by the Data Controller (in this case, the restriction applies to the period until we check the correctness of the data);
if the data management is illegal and the Data Subject requests the restriction of their use instead of deleting the personal data;
if the Data Controller no longer needs the personal data for the purpose of data management, but the Data Subject requires the data in order to present, enforce or protect his legal claims.
if the Data Subject objects to data processing (in this case, the restriction applies to the period until it is established whether the legitimate interests of the Data Subject or the Data Controller take precedence in the given case).
The Data Controller informs the Data Subject in advance of the lifting of the limitation of data management.
The Data Subject may object to the processing of his personal data if he considers that, in the absence of his consent, the Data Controller will use his data for the purpose of direct business acquisition or forward it to others for such purposes. The Data Subject may also object to the processing of their personal data if the legal basis for data processing is solely the enforcement of our rights as a Data Controller (e.g. the collection of a claim against the Data Subject). In this case, the Data Controller may no longer process his personal data, unless he proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the Data Subject, or that are related to the presentation, enforcement or defense of legal claims.
The Data Controller can send his objection in writing to one of the contact details provided in point 1 above, so that the Data Controller can only establish the identity of the Data Subject from the letter. In your letter, please explain the reason for your objection. The Data Controller examines your objection as soon as possible, but no later than 15 days after its delivery, and informs you of the result in writing. Please include in your letter the postal address or e-mail address to which we can send the Data Controller’s reply. Failing this, the Data Controller will deliver the answer to one of the contact details previously provided by the Data Subject.
If the Data Subject does not agree with the decision communicated in the response, or does not receive a response within the deadline, he is entitled to appeal to the court within 30 days from the notification of the decision or the last day of the deadline.
If the Data Controller considers the processing of data by the Data Controller to be harmful, the Data Subject may file a complaint with the National Data Protection and Information Authority (NAIH) pursuant to Article 8.3 of the NAIH. his contact details recorded in point
8.1.7. Right to data portability
The Data Subject has the right to receive his personal data in a widely used, machine-readable format upon request, and he is also entitled to transmit this data to another data controller. Based on your request, the Data Controller will send the Data Subject to the Data Subject in a segmented, widely used, machine-readable format.
8.2. The Data Controller shall inform the Data Subject without undue delay, but in any case within one month of the receipt of the request, of the measures taken as a result of the request. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months. The Data Controller shall inform the Data Subject of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request. If the Data Subject has submitted the request electronically, the Data Controller shall, if possible, provide the information electronically, unless the Data Subject requests otherwise. If the Data Controller does not take measures following the Data Subject’s request, it shall inform the Data Subject without delay, but at the latest within one month of the receipt of the request, of the reasons for the failure to take action, as well as of the fact that the Data Subject may file a complaint with a supervisory authority and exercise his right to judicial redress.
8.3. The data subject’s right to legal remedy:
Filing a complaint with a supervisory authority: Without prejudice to other administrative or judicial remedies, the Data Subject is entitled to file a complaint with the supervisory authority (National Data Protection and Freedom of Information Authority: address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.; Tel.: +36 1 391 1400, Fax: +36 1 391 1410, email: email@example.com; website: https://naih.hu/index.html), if the handling of personal data violated your rights.
Right to a judicial remedy: Without prejudice to the available administrative or non-judicial remedies, including the right to file a complaint with the supervisory authority, the Data Subject is entitled to a judicial remedy if, in his judgment, his rights according to the data protection rules have been violated as a result of inappropriate handling of his personal data . The Data Controller is obliged to compensate the Data Subject for any damage caused to the Data Subject by unlawful handling of the Data Subject’s data or by violating data security requirements. The Data Controller is exempt from liability if the damage was caused by an unavoidable cause outside the scope of data management. The data controller is not obliged to compensate the damage to the extent that it resulted from the Data Subject’s intentional or grossly negligent behavior.
Effective from 21.09.2022