Privacy Policy
Please read our Data Management Information carefully.
1. PURPOSE AND SCOPE OF THE DATA MANAGEMENT NOTICE
1.1. The operator of the arbexal.com website is Arbexal Group Ltd. (hereinafter: Data Controller). The purpose of this Data Management Notice is to record the data protection and management principles and policy applied by the Data Controller, which the Data Controller recognizes as binding on itself.
1.2. This Data Management Notice contains the principles of handling personal data provided by Users on the Website or when using other Services, voluntarily, in order to use the Services provided by the Data Controller.
1.3. When developing the provisions of the Data Management Information, the Data Controller took into account in particular the European Parliament and the Council (EU) 2016 on the protection of natural persons with regard to the management of personal data and on the free flow of such data, as well as on the repeal of Regulation 95/46/EC /679 Regulation (hereinafter: „GENERAL DATA PROTECTION REGULATION“ or „GDPR“), CXII of 2011 on the right to information self-determination and freedom of information. Act , as well as the provisions of Act V of 2013 on the Civil Code.
1.4. In the absence of information to the contrary, the scope of the Data Management Notice does not cover the services and data management that are related to the promotions, services, other campaigns of third parties other than the Data Controller who advertise on the Website referred to below in this Data Management Notice, or appear in any other way, as well as the content published by them.
1.5. In the absence of information to the contrary, the scope of the Data Management Notice also does not cover the services and data management of websites and service providers to which a link on the website covered by the Data Management Notice leads. Such services are governed by the provisions of the third-party data management information provided by the operator of the service, and the Data Controller does not assume any responsibility for such data management.
2. TERM DEFINITIONS
2.1. „Data management“: any operation or set of operations performed on personal data or data files in an automated or non-automated manner, such as the collection, recording, organization, segmentation, storage, transformation or change, query, insight, use, communication, transmission, distribution or otherwise by making available, coordinating or connecting, limiting, deleting or destroying.
2.2. „Data controller“: the person who determines the purposes and means of processing personal data independently or together with others.
2.3. „Personal data“: any information relating to an identified or identifiable natural person („data subject“); a natural person can be identified directly or indirectly, in particular on the basis of an identifier such as name, number, location data, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person can be identified.
2.4. „Data protection incident“: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored or otherwise handled.
2.5. „Website“: the arbexal.com website operated by the Data Controller.
2.6. „Service(s)“: services operated by the Data Controller and provided by the Data Controller.
2.7. „User“: the natural person who uses the Services and provides the data listed below.
2.8. „Data Management Notice“: this Data Management Notice of the Data Controller.
3. SCOPE OF PROCESSED PERSONAL DATA
3.1. If the User visits the Website, the Data Controller’s system automatically records the User’s IP address.
3.2. Based on the User’s decision, the Data Controller may process the following data in connection with the use of the Services, with regard to some Services:
3.2.1. In case of subscription to the newsletter, e-mail address.
3.2.2. Contact: If the User sends the Data Manager an e-mail or a letter by post (e.g. a message, a message via the contact interface available on the Website), the Data Manager will record the User’s name, company, and e-mail address, if provided by choice, it handles your phone number and other data provided by the User to the extent and duration necessary to provide the service.
3.2.3 Request for a quote: If the User wants to request a price quote from the Data Controller, the Data Controller records the User’s name, e-mail address, phone number, and other data provided by the User and processes it to the extent and for the duration necessary to provide the service.
3.3. Regardless of the above, it may happen that a service provider technically related to the operation of the Services carries out data management activities on the Website without informing the Data Controllers. Such activity does not qualify as Data Management by the Data Controller. The Data Controller will do everything in its power to prevent and filter out such data management.
4. SCOPE OF ADDITIONAL DATA MANAGED BY THE DATA PROCESSOR
4.1. In order to provide customized service, the Data Controller stores a small data package on the User’s computer. you can place a „cookie“. The purpose of the cookie is to ensure the operation of the given page at the highest possible level, to provide personalized services, and to increase the user experience. The User can delete the cookie from his computer or set his browser to prohibit the use of cookies. By prohibiting the use of cookies, the User acknowledges that the operation of the given page is incomplete without cookies.
4.2. Technically recorded data during the operation of the systems: the data of the User’s logged-in computer, which are generated during the use of the Service, and which are recorded by the Data Managers‘ system as an automatic result of the technical processes. The automatically recorded data is automatically logged by the system upon entry and exit without a separate declaration or action by the User.
5. PURPOSE AND LEGAL BASIS OF DATA MANAGEMENT
5.1. The purpose of the data management carried out by the Data Controller:
5.1.1. Newsletter subscription:
– online content service;
– contact with the User
– performance of services;
– inquiries for direct business acquisition or marketing purposes (e.g. newsletter, etc.);
– protecting the rights of Users;
– enforcement of the Data Controller’s legitimate interests.
5.1.2. Contact:
– contact with the User;
– performance of services;
– managing and dealing with individual user inquiries;
– protecting the rights of Users;
– enforcement of the Data Controller’s legitimate interests.
5.1.3. Requesting an offer:
– providing a price quote;
– contact with the User;
– performance of services;
– managing and dealing with individual user inquiries;
– protecting the rights of Users;
– enforcement of the Data Controller’s legitimate interests.
5.2. The Data Controller does not use the provided Personal Data for purposes other than those described in these points.
5.3. Data management takes place on the basis of the Users‘ voluntary declaration based on adequate information, which declaration contains the Users‘ express consent to the use of their Personal Data provided by them during the use of the Website or in a mail message, or the Personal Data generated from them. In the case of data management based on consent, the User has the right to withdraw his consent at any time, which, however, does not affect the legality of the data management before the withdrawal.
5.4. When the User accesses the Website, the Data Controller records the User’s IP address in connection with the provision of the Service, in view of the legitimate interest of the Data Controller and for the reason of the legal provision of the Service (e.g. to filter out illegal use or illegal content), even without the User’s separate consent.
5.5. The User guarantees that, in the case of personal data provided or made available by him or her about other natural persons during the use of the Services, the consent of the person concerned has of course been legally obtained.
5.6. All responsibility for user content provided by the User rests with the User. Any User, when entering his e-mail address and the recorded data, assumes responsibility for the fact that only he uses the Service from the e-mail address provided and by using the data provided by him. In view of this responsibility, any responsibility related to the use of services made with a specified e-mail address and/or data rests solely with the User who recorded the e-mail address or other data and entered the data.
6. PRINCIPLES AND METHODS OF DATA MANAGEMENT
6.1. The Data Controller processes Personal Data in accordance with the principles of good faith and fairness and transparency, as well as the provisions of the current legislation and this Data Management Information.
6.2. Personal data essential for the use of the Services are used by the Data Controller based on the consent of the concerned User and only for a specific purpose.
6.3. The Data Controller processes Personal Data only for the purposes specified in this Data Management Information Sheet and in the relevant legislation. The scope of personal data managed is proportionate to the purpose of data management, and may not extend beyond that. In all cases, if the Data Controller intends to use the Personal Data for a purpose other than the purpose of the original data collection, the User shall be informed of this and the User’s prior express consent shall be obtained, or the User shall be given the opportunity to prohibit the use.
6.4. The Data Controller does not check the personal data provided. The person providing the Personal Data is solely responsible for the adequacy of the Personal Data provided, while the Data Controller shall take all reasonable measures to immediately delete or correct inaccurate personal data for the purposes of data management.
6.5. The personal data of a person under the age of 16 may only be processed with the consent of an adult exercising parental supervision over him. The Data Controller is unable to verify the authorization of the consenting person or the content of his statement, so the User or the person exercising parental supervision over him guarantees that the consent complies with the law. In the absence of a consent statement, the Data Controller does not collect Personal Data of the affected person under the age of 16, with the exception of the IP address used when using the Service, which is recorded automatically due to the nature of Internet services.
6.6. The Data Controller does not transfer the Personal data it manages to third parties within the scope of this Data Management Information.
6.7. An exception to the provision contained in this point is the use of data in a statistically aggregated form, which may not contain any other data suitable for identifying the User concerned, and therefore does not qualify as Data Management or data transmission.
6.8. The Data Controller notifies the concerned User of the correction, restriction or deletion of the Personal data it manages. The notification may be omitted if this does not violate the legitimate interests of the data subject in view of the purpose of Data Management.
6.9. The Data Controller ensures the security of the Personal Data, takes the technical and organizational measures and establishes the procedural rules that ensure that the recorded, stored and managed data are protected, as well as prevent their accidental loss, unlawful destruction, and unauthorized access, unauthorized use and unauthorized modification, unauthorized distribution.
7. PERIOD OF DATA PROCESSING
7.1. The automatically recorded IP addresses are stored by the Data Controller for a maximum of 1 year after their recording.
7.2. In the absence of a legal provision to the contrary, in the case of e-mails and letters sent by post sent by the User solely for the purpose of contact, the requested Data Controller will delete the e-mail address, or any address indicated in the letter, within 1 year after the conclusion of the case referred to in the request, except if, in individual cases, the Data Controller’s legitimate interest justifies the further processing of Personal Data, until such legitimate interest of the Data Controller exists.
7.3. The processing of Personal Data provided by the User for the purpose of sending newsletters will continue until the User unsubscribes from the Service, otherwise requests the deletion of Personal Data, withdraws the given consent, or the Data Controller terminates the provision of the Service. In this case, the Personal Data will be irrevocably deleted from the Data Controller’s systems.
7.4. The User’s request to terminate Data Management without opting out of the Service does not affect his right to use the Service, however, it is possible that he will not be able to use some Services due to the absence of Personal Data.
7.6. In the event of illegal or misleading use of Personal Data or in the event of a crime committed by the User or an attack against the system, the Data Controller is entitled to delete the User’s Personal Data immediately, and at the same time – in the event of suspicion of a crime or suspicion of civil liability – is entitled to retain the Personal Data for the duration of the procedure to be conducted.
7.7. If a court or authority legally orders the deletion of Personal Data, the deletion will be carried out by the Data Controller.
8. THE RIGHTS OF THE USER, HOW TO ENFORCE THEM
8.1. The User may request that the Data Controller inform him whether he manages the User’s personal data and, if so, to provide him with access to the Personal Data managed by him, especially in view of the following:
– the purposes of Data Management;
– categories of Personal Data concerned;
– the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations;
– where appropriate, the planned period of storage of personal data or, if this is not possible, the criteria for determining this period;
– the right of the User to request from the Data Controller the correction, deletion or restriction of processing of personal data concerning him and to object to the processing of such personal data;
– the right to submit a complaint addressed to a supervisory authority;
– if the data were not collected from the data subject, all available information about their source;
– the fact of possible automated decision-making, including profiling, as well as, at least in these cases, understandable information about the logic used and the significance of such Data Management and the expected consequences for the data subject.
8.2. The User may request information on the handling of his Personal Data at any time in writing, by registered or registered mail sent to the address of the Data Controller, or on the contact page.
8.3. The Data Controller considers the request for information sent by letter to be authentic if the User can be clearly identified based on the sent request. The Data Controller considers a request for information sent by e-mail as authentic only if the User sends it from the specified e-mail address.
8.4. The User may request the correction or modification of his Personal data managed by the Data Controller.
8.5. Taking into account the purpose of Data Management, the User may request the addition of incomplete Personal Data.
8.6. The Personal Data provided by the User in connection with the given Service can be modified by sending an e-mail to the above e-mail address of the Data Controller or by clicking on the link at the end of each Newsletter. Once a request to modify personal data has been fulfilled, the previous (deleted) data can no longer be restored.
8.7. The User may request the deletion of his Personal Data managed by the Data Controller. Deletion can be refused,
– if the law authorizes or makes it mandatory for the processing of Personal Data; as well as
– to present, enforce and defend legal claims.
8.8. In all cases, the Data Controller informs the User of the refusal of the deletion request, specifying the reason for the refusal of the deletion. After fulfilling the request to delete personal data, the previous (deleted) data can no longer be restored.
8.9. Newsletters sent by the Data Controller can be unsubscribed via the unsubscribe link in them. In case of unsubscribing, the Data Controller deletes the User’s Personal Data in the newsletter database.
8.10. The User may request that the processing of his Personal Data be restricted by the Data Controller if
– the data subject disputes the accuracy of the personal data, in which case the limitation applies to the period that allows the data controller to check the accuracy of the personal data;
– the data management is illegal and the data subject opposes the deletion of the data and instead requests the restriction of their use;
– the data controller no longer needs the personal data for the purpose of data management, but the data subject requires them to present, enforce or defend legal claims; obsession
– the data subject objected to the data processing, in this case the restriction applies to the period until it is determined whether the legitimate reasons of the data controller take precedence over the legitimate reasons of the data subject.
8.11. The User may request that the Data Controller hand over the Personal data provided by the User and handled in an automated manner by the Data Controller in a segmented, widely used, machine-readable format and/or forward them to another data controller.
8.12. If the Data Protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the Data Controller shall inform the User of the Data Protection incident without undue delay. The User does not need to be informed if any of the following conditions are met:
– the Data Controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the Data Protection incident, in particular those measures – such as the use of encryption – that make them unintelligible to persons not authorized to access personal data the data;
– after the Data Protection incident, the Data Controller has taken additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;
– providing information would require a disproportionate effort. In such cases, the Data Controller informs the data subjects through publicly published information, or takes a similar measure that ensures similarly effective information to the data subjects.
9. POSSIBILITY OF DATA TRANSMISSION
9.1. The release of personal data to third parties or to authorities – unless the law provides otherwise – is only possible on the basis of an official decision or with the prior express consent of the User.
9.2. The Data Controller is entitled and obliged to forward all Personal Data at its disposal and legally stored by it to the competent authorities, which it is required by law or legally binding authority to forward Personal Data. The Data Controller cannot be held responsible for such data transfer and the resulting consequences.
9.3. The Data Controller keeps a data transfer register in order to check the legality of the data transfer and to ensure that the User is informed.
10. MODIFICATION OF DATA MANAGEMENT INFORMATION
10.1. The Data Controller reserves the right to unilaterally modify this Data Management Information at any time.
10.2. By using the website, the User accepts the provisions of the Data Management Notice in force at all times, and there is no need to ask for the consent of individual Users.
11. OPTIONS FOR ENFORCEMENT
11.1. Employees of the Data Controller can also be contacted on the contact page with any questions or comments related to data management.
11.2. The User can file a complaint about Data Management directly with the National Data Protection and Freedom of Information Authority (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; phone: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu).
11.3. In the event of a violation of the User’s rights, he may go to court. The adjudication of the lawsuit falls within the jurisdiction of the court. At the choice of the data subject, the lawsuit can also be initiated before the court of the data subject’s place of residence or residence. Upon request, the Data Controllers inform the User of the possibility and means of legal redress.