Privacy policy
PRIVACY POLICY
I. General
The purpose of this Privacy Policy is to lay down the data processing and data protection procedures implemented by the controller (a business organization operating the www.pghungary.com website); and by complying with such procedures, the controller (hereinafter: “the Controller”) will pay particular attention in the course of its activities to the protection and safeguarding of personal data, as well as the safe and fair processing thereof.
Details of the Controller:
Palota-Gipsz Hungary Kft.
H-1131 Budapest, Dolmány street 26.
Company Reg. no. 01 09 186790
Tax number: 24869010-2-41
email: info@pghungary.com
website: www.pghungary.com
The following laws shall govern the present Privacy Policy:
- Act CVIII of 2001 on Certain Issues of Electronic Commerce Activities and Information Society Services;
- Act XLVIII of 2008 on the Basic Requirements and Certain Restrictions of Commercial Advertising Activities;
- Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information;
- Act V of 2013 on the Civil Code;
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
The Controller unilaterally undertakes to comply with this Privacy Policy in order to respect rights relating to personality and privacy in accordance with the applicable laws. The Controller reserves the right to modify this Privacy Policy, and also agrees to publish such modification in an appropriate manner.
II. Terms and statutory interpretation under the Privacy Policy
Data subject: means a natural person identified or identifiable based on any information;
Personal data: means any information relating to a data subject;
Sensitive data: means any data falling in the special categories of personal data that are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data intended for uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation;
Consent: means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Controller: means a natural or legal person, or organisation without legal personality which alone or jointly with others — within the framework laid down in an Act or in a binding legal act of the European Union — determines the purposes and means of the processing of data; makes and executes decisions concerning data processing (including the means used) or have it executed by a processor;
Processing: means any operation or the aggregate of operations performed on data, irrespective of the procedure applied; in particular, collecting, recording, registering, classifying, storing, modifying, using, querying, transferring, disclosing, synchronising or connecting, blocking, deleting and destructing the data, as well as preventing their further use, taking photos, making audio or visual recordings, as well as registering physical characteristics suitable for personal identification (such as fingerprints, palm prints, DNS samples or iris scan);
Data transfer: means providing access to the data for a designated third party;
Disclosure: means making the data accessible to anyone;
Data erasure: means making the data unrecognisable in such a way that its restoration is no longer possible;
Technical processing: means the set of processing operations performed by a processor on behalf of or as instructed by the Controller;
Data destruction: means the complete physical destruction of any media;
Processor: means a natural or legal person or organisation without legal personality which — under the conditions laid down in an Act or in a binding legal act of the European Union — acting according to a mandate or instructions given by the controller, processes personal data;
Data set: means all data processed in a single file;
Third party: means a natural or legal person, or an organisation having no legal personality, other than the data subject, controller, processor and the persons who, under the direct supervision of the controller or the processor, carry out operations aimed at processing personal data;
EEA State: means any Member State of the European Union and any State Party to the Agreement on the European Economic Area, as well as any state the nationals of which enjoy the same legal status as nationals of State Parties to the Agreement on the European Economic Area on the basis of an international agreement concluded between the European Union and its member states and the state which is not party to the Agreement on the European Economic Area;
Third country: means any state that is not an EEA State;
Personal data breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised transfer or disclosure of, or unauthorised access to personal data transferred, stored or otherwise processed.
III. Legal grounds for processing
In the course of its activities, the Controller follows the legal principle whereunder personal data shall be processed only for clearly specified and legitimate purposes, in order to exercise certain rights and fulfil obligations. The purpose of processing shall be met in all stages of processing; data shall be collected and processed fairly and lawfully. In the course of its activities, the Controller shall at all times process personal data on grounds of a permission granted by the laws or a voluntary and express consent.
The Controller observes the principle that only those authorised under the laws or by the consent of the data subject shall have access to the personal data of the latter.
Only the Controller and its employees and/or the Processor engaged by it shall have access to the data processed, and the Controller shall not disclose such data to Third Parties who are not authorised to access the data.
IV. Scope of the personal data processed
Recording of personal data is permitted exclusively when the Controller has made the present Privacy Policy underlying the processing available to the data subject for inspection. The processing of personal data is based on the voluntary consent of the data subject on grounds of the information provided herein.
The Controller will process the e-mail address indicated by the data subject in respect of its activities falling under the scope of the present Privacy Policy.
The Controller shall not use the personal data submitted to it for any purpose other than those specified in the present Privacy Policy. The purpose of processing is to make the information available in the preferred format as indicated by the data subject.
Unless otherwise regulated by an Act, personal data may be disclosed to third parties or authorities with the prior, express consent of the data subject.
By submitting their e-mail address, data subjects assume liability for the fact that they are the sole users of the services from the submitted e-mail.
The Controller is under no obligation to verify whether the submitted e-mail address belongs to the data subject submitting it; i.e. the Controller may assume that the processing is lawful in respect of the personal data disclosed to it.
The process of data recording is controlled by the data subject. If, during the data recording, the data subject interrupts such process either explicitly or by implied conduct, the Controller shall suspend the recording and delete all personal data submitted so far.
V. Rights of the data subject
A/ The data subject shall be entitled to receive information, prior to the start of processing, on the facts connected to the processing (hereinafter “right to prior information”).
B/ The data subject may have his or her personal data and the information related to their processing provided by the Controller on his or her request (hereinafter “right to access”).
For the purpose of the enforcement of the right to access, the Controller shall, upon request, inform the data subject whether his or her data are processed by the Controller itself or by a Processor acting on behalf of, or instructed by, the Controller. In such case, the Controller shall provide the data subject with his or her personal data being processed by the Controller or by a processor acting on behalf of, or instructed by the Controller, as well as with information concerning the circumstances described in Section 17(2) of Act CXII of 2011.
The Controller undertakes to make such information available within 15 days from the submission of the request by the data subject.
C/ The data subject shall have the right to have his or her personal data rectified or completed by the Controller on his or her request.
For the purpose of the enforcement of the right to rectification, if the personal data processed by the Controller or by the processor acting on behalf of, or instructed by, the controller are inaccurate, incorrect or incomplete, the Controller shall, in particular upon the data subject’s request, further specify or rectify them without delay, or it shall supplement them with further personal data provided by the data subject or with a declaration attached by the data subject to the personal data processed, provided that it is compatible with the purpose of processing. The Controller shall be exempted from the obligation specified in this paragraph if the accurate personal data are neither available nor provided by the data subject, or the authenticity of the personal data provided by the data subject cannot be verified beyond doubt.
D/ The data subject is entitled to have the processing of his or her personal data restricted by the Controller.
For the purpose of enforcing the right to the restriction of processing, the Controller shall restrict processing to processing operations specified in the Act.
E/ The data subject shall have the right to have his or her personal data erased by the Controller on request.
The Controller shall erase the data subject’s personal data without delay if: (i) the processing is unlawful; (ii) the data subject withdraws his or her consent given to the processing or requests the erasure of his or her personal data; or (iii) the erasure of the data is required by law.
F/ The data subject shall have the right to object to the processing of his or her personal data if such processing — or the transfer — thereof is carried out solely for the purposes of enforcing the rights and legitimate interests of the Controller or the recipient, unless processing is mandatory based on an Act.
In the event of objection, the Controller shall suspend the processing and investigate the cause of objection within the shortest possible time but within 15 days the latest from the submission of the request and notify the data subject in writing of its decision. If the objection of the data subject is reasoned, the Controller shall terminate the processing, block the data, and notify any parties to whom such personal data was earlier transmitted.
If the Controller infringes his or her rights, the data subject may seek judicial remedy or lodge a complaint to data protection authority against the Controller at the following contact details:
National Authority for Data Protection and Freedom of Information
Address: H-1125 Budapest, Szilágyi Erzsébet fasor 22/c.
Telephone: + 36 1 391-1400
Fax: + 36 1 391-1410
E-mail:
ugyfelszolgalat@naih.hu
Website:
www.naih.hu
VI. Modification and erasure of data; duration of processing
The data subject may at any time request information on the data processed by the Controller, on the date when the data has been recorded, the scope of the data processed and the method of recording.
The data subject shall have the right to request — at any time, free of charge and without restriction — that his or her data be modified, or even erased from the Controller’s data base, by submitting such request at the following contact details:
The processing of personal data submitted during the recording will commence at the time of such recording, and the duration thereof will end at the time of erasure or at any other time specified by the Act.
The Controller will store the data of customers who have not registered for 5 years from the date of purchase. For registered customers, such term will end at the time of cancelling the registration, but after the lapse of 5 years, the latest.
VII. Security of personal data
The Controller undertakes that during the processing, it shall maintain the security of data, and implement all technical and organisational measures required for safe and secure data storage.
The data shall be protected by appropriate technical means against unauthorised access, alteration, unauthorised transfer, unauthorised disclosure, erasure or destruction, as well as accidental destruction or damage, and any cases where such data becomes unavailable due to the foregoing. It is necessary to use technical protection equipment that prevent the direct connection and association with the data subjects, unless permitted by the Act.
In order to safeguard the data sets processed electronically in various records, the Controller and — within the framework of its own activities — the processor shall ensure that the data stored in such records cannot be directly connected or associated with the data subjects.
The Controller reserves the right to engage a processor in the processing of personal data.
Processors acting on behalf of the Controller are also entitled to process personal data. The digital storage of the website of Palota-Gipsz Hungary Kft. is the responsibility of UNIQUE IMG BT. (registered office: H-9700 Szombathely, Kós Károly utca 18.; company registration number: 18-06-104378; represented by: Adrián Hajdu; e-mail:
info@ysolutions.hu), and the phyical storage is ensured on the servers of EZIT Kft., located at H-1132 Budapest, Victor Hugo u. 18–22., safeguarded by security guards 24/7 and connected to the Hungarian internet trunk network. Contact details:
info@ezit.hu Telephone: +36 1 700 40 30.
VIII. Personal data breach
Personal data breach means an event leading to the accidental or unlawful destruction, loss, alteration, unauthorised transfer or disclosure of, or access to personal data transmitted, stored or otherwise processed.
The Controller or the processor engaged by it shall notify the Authority about any personal data breach discovered by it within 72 hours. The personal data breach should not be notified when it is unlikely to result in a risk to the enforcement of the data subjects’ rights. The notification will describe the nature of the personal data breach, including, where possible, the scope and number of data subjects and personal data records concerned, the likely consequences of the personal data breach, and the measures implemented or proposed by the Controller.
Where a personal data breach is likely to entail consequences materially influencing the enforcement of a fundamental right of the data subject, the Controller shall inform the data subject about such personal data breach without delay by publishing a notice to that effect on its website. The Controller will be exempt from the information obligation, if:
- the Controller had implemented appropriate technical and organisational protection measures prior to the personal data breach, in particular those, such as encryption, that render the personal data unintelligible to any person who is not authorised to access them;
- after having become aware of the personal data breach, the Controller has implemented subsequent measures that ensure that the consequences materially influencing the enforcement of a fundamental right of the data subject are not likely to occur;
- informing the data subject directly requires disproportionate efforts by the Controller, and therefore the Controller provides the data subjects with adequate information on the personal data breach by way of public communication accessible to anyone; or
- communication is prohibited by the laws.
The Controller shall maintain a record about any personal data breaches.
IX. Cookie Policy
The website uses the following cookies:
- cookies gathering information about visitors and their devices;
- cookies that remember the unique settings of visitors, e.g. chosen language;
- cookies making the use of the website more convenient;
- cookies that offer quality user experience.
In order to provide customized service, a small data package (“a cookie”) is placed on the user’s computer and retrieved at a later visit. If the browser returns a cookie that has been stored earlier, the cookie provider has the option to link the user's current visit to the previous ones, but only in respect of their own content.
Cookie types:
Strictly necessary, session cookies:
These cookies is to allow visitors to fully and seamlessly browse the pghungary.com website, use its functions and the services offered by it. These types of cookies last until the end of each session (browsing), and they are automatically deleted from your computer or other device used for browsing once the browser is closed. Our site uses the following cookies that are absolutely necessary for operation: Purpose of PHPSESSID: to store the user's status while browsing the page.
Third-party cookies (statistics and marketing):
Google (reCaptcha) and Google Maps are also used on the www.pghungary.com website as third-party cookies. Through Google's statistical services, Google collects information about how visitors use websites. Such data is used to improve the website and the user experience. Such cookies also remain on the browser of the visitor's computer or other device used for browsing until their expiry or until the visitor deletes them. Personal data will not be available to third parties. Our site uses the following third-party cookies: 1P_JAR, __Secure-3PSIDCC, _ga_psi_gid, _ga_psi, _gat_gtag_UA_22137612_2, _gat_tracker, _ga, _gid, CGIC, CONSENT, DV, NID, OGPC, OGP, OTZ, PAIDCONTENT, SEARCH_SAMESITE, SNID.
Blocking of cookies:
You may delete cookies placed by pghungary.com or by third parties from your device at any time through your browser. For details on how to delete or manage cookies, please refer to your browser's help menu. You may also use your browser to block cookies or to request a notification each time a new cookie is received on your browser.
Blocking cookies may prevent you from using our website.
X. Closing provisions
The present Privacy Policy shall take effect by virtue of an instruction of the Managing Director of the Company, and it shall become effective upon its publication on the Company’s website; these provisions shall also govern any future modifications hereof.