INFORMATION NOTE
Data subjects’ rights in relation to data processing activities carried out by AQUACOMET Limited Liability Company
AQUACOMET Limited Liability Company (registered seat: 9027 Győr, Kőrisfa utca 15.; company registration number: 08-09-004809, tax number: 11401065-2-08, e-mail: ... ; hereinafter referred to as “Controller”) in the course of its activity the necessarily processes personal data of natural persons. For each processing activity, the Controller provides you, as the data subject, with a Privacy Notice. As a data subject, you may exercise your rights in relation to the processing of your personal data in accordance with the applicable legislation, as briefly described in the Controller’s Privacy Notice.
The Controller provides detailed information on the content of your rights as data subject and on the rules governing the exercise of those rights below.
Rules governing the exercise of the data subject’s rights
You may contact the Controller’s representative directly with any requests, questions, complaints or comments regarding the Controller’s conduct at the contact details detailed above. You may exercise your rights in relation to processing by making a request to the Controller. The Controller shall respond to any request made using any of its contact details without undue delay and at the latest within 30 days. The Controller shall take its decision on the requests in the light of the legal basis for the processing. You are entitled to exercise the above rights as follows:
| ÉRINTETTI JOGOK | ADATKEZELÉSEK JOGALAPJAI | ||||
| Consent | Performance of contract | Legal obligation | Legitimate interest | Performance of a public function | |
| request for information | yes | yes | yes | yes | yes |
| request for rectification | yes | yes | yes | yes | yes |
| restriction | yes | yes | yes | yes | yes |
| erasure | yes | yes | yes | yes | yes |
| objection | yes | yes | |||
| data portability | yes | yes | |||
| withdrawal of consent | yes | ||||
| right to complain | yes | yes | yes | yes | yes |
| right to seek remedy | yes | yes | yes | yes | yes |
| objection to automated individual decision-making, including profiling | yes | yes | yes | yes | yes |
Please contact the Controller electronically if possible. Please be informed that the Controller will respond to data protection requests in electronic form wherever possible, unless you explicitly request another means of communication or the Controller does not know your electronic contact details. Please note that if your request for the release of the data imposes disproportionate additional costs on the Controller (e.g. due to the format chosen), the Controller is entitled to charge you for the costs associated with the release of the data. The Controller will inform you in advance of any costs incurred. Please note that in the case of persons under the age of 18 their legal representative is entitled to act on their behalf.
Rights of the data subject
- Right to prior information and right of access:
You have the right to be informed in advance – prior to the start of processing – of the facts and events relating to the processing, which the Controller shall provide through the content of this notice and other information documents. You shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and related information as set out in the Regulation. For more detailed information, please refer to Articles 13-14 of the GDPR.
- Right to rectification
On the basis of the principle of accuracy, you shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning you. Please provide the correct information about you in your application. You will be informed of the fact of rectification. For more detailed information, please refer to Article 16 of the Regulation.
- Right to erasure (‘right to be forgotten’)
You shall have the right to obtain from the Controller the erasure of personal data concerning you, where one of the following grounds, as specified in Article 17 of the GDPR, applies:
o The data no longer need to be processed in relation to the purposes for which they were collected.
o You have withdrawn your consent and the Controller has no other legal ground for the processing.
o You object to the processing and there are no overriding legitimate grounds for the processing as compared to the exercise of your rights. The personal data have been unlawfully processed.
o Erasure of data is required by law.
For more detailed information, please refer to Article 17 of the GDPR.
- Right to restriction of processing
You shall have the right to obtain from the controller restriction of processing where one of the following applies:
o The accuracy of the personal data is contested by you, for a period enabling the Controller to verify the accuracy of the personal data.
o The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
o The personal data are no longer needed for the purposes of the processing, but they are required by you for the exercise or defence of legal claims.
o If the legal ground for processing is the legitimate interest of the Controller, but you object to the processing, the processing shall be restricted until it is established which interest prevails.
For more detailed information, please refer to Article 18 of the GDPR.
- Right to data portability
If the processing is based on your consent or on the performance of a contract and the processing is carried out by automated means, you shall have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller. For more detailed information, please refer to Article 20 of the GDPR.
- Right to object
You shall have the right to object at any time to processing of personal data concerning you for the purposes of public interest or in the exercise of official authority or legitimate interests (Article 6 (1) (e) or (f) of the GDPR) or for direct marketing purposes. In the event of an objection, the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override your rights or the processing is required for the establishment, exercise of legal claims. If the processing is for direct marketing purposes, no further processing may be carried out for this reason following your objection. For more detailed information, please refer to Article 21 of the GDPR.
- Right to complain
You have the right to lodge a complaint about the processing of your personal data, firstly with the Controller and its representative, and secondly with the supervisory authority in the Member State where you reside, work or where the alleged infringement occurred.
Contact details of the supervisory authority:
National Authority for Data Protection and Freedom of Information
postal address: 1374 Budapest, Pf. 603.
address: 1055 Budapest, Falk Miksa utca 9-11.
Phone: +36 (1) 391-1400
Fax: +36-1-391-1410
E-mail: ugyfelszolgalat@naih.hu
URL http://naih.hu
- Right to seek remedy
You have the right to a judicial remedy against a binding decision of the supervisory authority concerning you, or where the supervisory authority has not handled your complaint or has not informed you within three months on the progress or outcome of the complaint lodged. You may exercise your right to seek remedy before the competent tribunal court. For more detailed information, please refer to Article 78 of the GDPR. You also have the right to an effective judicial remedy against the Controller or the Processor if you consider that your personal data have not been processed in accordance with the GDPR. You may exercise your right to seek remedy before the competent tribunal court. For more detailed information, please refer to Article 79 of the GDPR.
- Right of information for children and persons under guardianship
The right of information also applies to children and persons under guardianship. The Controller shall fulfil this obligation by informing the legal representative or guardian, on the understanding that the legal representative or guardian shall undertake to inform the child or the person under guardianship in a manner appropriate to his or her capacity to understand. Where the age and maturity of the child allows, the Controller shall also provide the child with brief oral information on the processing of his or her data at the express request of the child or the legal representative.
- Right to withdraw consent
You may withdraw your consent at any time, without giving any grounds, but the withdrawal of consent shall not affect the lawfulness of the processing based on consent prior to the withdrawal.
- Notification obligation regarding rectification or erasure of personal data or restriction of processing
The Controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. For more detailed information, please refer to Article 19 of the GDPR.
- Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except for processing based on your consent for the performance of a contract or where such processing is permitted by law. For more detailed information, please refer to Article 22 of the GDPR.
- Communication of a personal data breach to you
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Controller shall communicate the personal data breach to you without undue delay. For more detailed information, please refer to Article 34 of the GDPR.
- Conditions applicable to child’s consent in relation to information society services
In relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child. For more detailed information, please refer to Article 8 of the GDPR.
For more detailed information, please contact the Controller using one of the contact details provided above.