Datenschutzerklärung

1. Name and Contact Details of the Data Controller

  • Name: Prolan Irányítástechnikai Zártkörűen Működő Részvénytársaság (Prolan Process Control Technology Private Limited Company)
  • Registered Office: H-2011 Budakalász, Szentendrei út 1-3., Hungary
  • Registration Number: 13-10-040721
  • Registering Court: Company Court of the Budapest Regional Court
  • Tax Number: 12351846-2-13
  • Email: adatvedelem@prolan.hu

There is no data protection officer in place at the Data Controller.

2. Applicable Law

  • Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter: "Info Act");
  • Regulation (EU) 2016/679 of the European Parliament and of the Council (27 April, 2016) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: "GDPR").

3. Scope of Personal Data Processed, Purpose, Legal Basis, and Duration of Processing in Relation to Contact Persons of Business Partners for the Purpose of Fulfilling Contracts with Business Partners

Personal Data Purpose of Processing Legal Basis for Processing Duration of Processing
a) Surname and First Name Identification of the Data Subject Performance of a contract (GDPR Article 6(1)(b)) 2 years following the termination of the contractual relationship
b) Position Identification of the Data Subject Performance of a contract (GDPR Article 6(1)(b)) 2 years following the termination of the contractual relationship
c) Mobile Number Contacting the Data Subject Performance of a contract (GDPR Article 6(1)(b)) 2 years following the termination of the contractual relationship
d) Email Address Contacting the Data Subject Performance of a contract (GDPR Article 6(1)(b)) 2 years following the termination of the contractual relationship

4. The personal data specified in point 3 constitutes data provided based on contractual obligations. If the Data Subject (respective partner) does not provide such required data, the fulfillment of the contract with the business partner may become impossible or significantly hindered.

5. Recipients of Personal Data

Courts, prosecutors’ offices, investigative authorities, misdemeanor authorities, administrative authorities, government offices, the National Tax and Customs Administration, the National Authority for Data Protection and Freedom of Information, and other bodies or authorities as authorized by law.

6. Rights of the Data Subject Regarding Personal Data Processed by the Data Controller

The Data Subject has the following rights in relation to the personal data processed by the Data Controller: the right to request information about the processing of their personal data, the right to request rectification of their personal data, and—except in cases of mandatory data processing—the right to request erasure or withdrawal, as well as the right to data portability and the right to object.

Right to receive Information (GDPR Article 12(1))

The Data Controller shall take appropriate measures to provide the Data Subject with all information relating to the processing of personal data as referred to in Articles 13 and 14 of the GDPR, and all communications under Articles 15 to 22 and 34, in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.
The right to receive information may be exercised in written based on the contact details provided in point 1. Subject to verification of identity, information may also be provided orally to the Data Subject upon request.

Right of access to information processed (GDPR Article 15)

The Data Subject has the right to obtain confirmation from the Data Controller as to whether or not their personal data is being processed, and where such processing is taking place, to access the personal data and the following information:

  1. purpose of processing;
  2. categories of personal data concerned;
  3. recipients or categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organizations;
  4. personal data storage period;
  5. the right to request rectification, erasure, or restriction of processing of personal data, and to object to such processing;
  6. the right to file a complaint with a supervisory authority;
  7. where personal data was not collected from the Data Subject, any available information referring to its source.

In the case of transferring personal data to a third country or international organization, the Data Subject is entitled to be informed of the appropriate safeguards relating to the transfer.

Right to Rectification (GDPR Article 16)

The Data Subject has the right to request the correction of inaccurate personal data relating to them and the completion of incomplete data.

Right to Erasure (“Right to be Forgotten”) (GDPR Article 17)

The Data Subject has the right to request the Data Controller to delete their personal data stored without undue delay in the following cases:

  1. the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  2. the Data Subject withdraws consent on which the processing is based, and there is no other legal ground for the processing;
  3. the Data Subject objects to the processing, and there are no overriding legitimate grounds for the processing;
  4. the personal data has been unlawfully processed;
  5. the personal data must be erased to comply with a legal obligation under Union or Member State law to which the Data Controller is subject;
  6. the personal data was collected in relation to the offer of information society services.

Erasure cannot be requested if the processing is necessary:

  1. to exercise the right to freedom of expression and information;
  2. to comply with a legal obligation under Union or Member State law to which the Data Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
  3. for reasons of public interest in the area of public health;
  4. for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, where the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise, or defense of legal claims.

Right to Restriction of Processing (GDPR Article 18)

The Data Subject has the right to request that the Data Controller restrict processing where one of the following applies:

  1. the Data Subject contests the accuracy of the personal data, in which case the restriction applies for a period enabling the Data Controller to verify the accuracy of the personal data;
  2. the processing is unlawful, and the Data Subject opposes the erasure of the data and requests the restriction of its use instead;
  3. the Data Controller no longer needs the personal data for the purposes of processing, but the Data Subject requires it for the establishment, exercise, or defense of legal claims; or
  4. the Data Subject has objected to processing, pending verification of whether the legitimate grounds of the Data Controller override those of the Data Subject.

Where processing has been restricted, such personal data may, with the exception of storage, only be processed with the Data Subject’s consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

The Data Controller shall inform the Data Subject in advance of lifting the restriction on processing.

Right to Data Portability (GDPR Article 19)

The Data Subject has the right to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object (GDPR Article 21)

The Data Subject has the right to object, on grounds relating to their particular situation, at any time to the processing of their personal data based on the performance of a task carried out in the public interest or in the exercise of official authority, or on the legitimate interests pursued by the Data Controller or a third party, including profiling based on those provisions. In such cases, the Data Controller may no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the Data Subject, or for the establishment, exercise, or defense of legal claims.

Right to Withdraw Consent (GDPR Article 7(3))

Where the processing of personal data is based on consent, the Data Subject has the right to withdraw their consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

7. Procedural Rules

Data Controller shall, without undue delay and in any event within one (1) month of receipt of the request, inform the Data Subject of the measures taken in response to a request under Articles 15–22 of the GDPR. If necessary, taking into account the complexity of the request and the number of requests, this period may be extended by an additional two (2) months.

Data Controller shall inform the Data Subject of any extension of the deadline, stating the reasons for the delay, within one (1) month of receiving the request. Where the Data Subject submits the request electronically, the information shall be provided electronically unless otherwise requested by the Data Subject.

If Data Controller does not take action on the Data Subject’s request, it shall inform the Data Subject without delay, and at the latest within one (1) month of receipt of the request, of the reasons for not taking action and of the Data Subject’s right to lodge a complaint with a supervisory authority and seek judicial remedy.

Data Controller shall provide the requested information and communications free of charge. If the Data Subject’s request is manifestly unfounded or excessive, particularly due to its repetitive nature, the Data Controller may, taking into account the administrative costs of providing the information or taking the requested action, charge a reasonable fee or refuse to act on the request.
Data Controller shall inform all recipients to whom the personal data has been disclosed of any rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. Upon the Data Subject’s request, the Data Controller shall inform them about these recipients.

Data Controller shall provide the Data Subject with a copy of the personal data undergoing processing. For any further copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs. If the request is submitted electronically, the information shall be provided in electronic format unless otherwise requested by the Data Subject.

8. Compensation and Damages

Any person who may have suffered material or non-material damage as a result of a breach of the GDPR is entitled to compensation from the Data Controller or the processor acting on its behalf for the damage suffered. A processor shall be liable for damages caused by processing only where it has not complied with obligations under the law specifically directed at processors or where it has acted outside or contrary to the lawful instructions of the Data Controller.
Where more than one controller (such as the Data Controller) or processor, or both a controller and a processor, are involved in the same processing and are liable for any damage caused by the processing, each controller or processor shall be held jointly and severally liable for the entire damage.

Data Controller or processor shall be exempt from liability if it proves that it is not in any way responsible for the event giving rise to the damage.

9. Right to File a Complaint

Right to Judicial Remedy

If the Data Subject’s rights are violated, they may bring an action against the Data Controller before a court. The Data Subject may, at their discretion, initiate the lawsuit before the competent court of their place of residence or habitual residence. The court shall handle the case with priority. The procedure is exempt from court fees. Information on competent courts can be found here:
http://birosag.hu/ugyfelkapcsolati-portal/illetekessegkereso

Data Protection Authority Procedure

A complaint may be lodged with the National Authority for Data Protection and Freedom of Information:

  • Name: National Authority for Data Protection and Freedom of Information
  • Registered Office: 1055 Budapest, Falk Miksa u. 9-11., Hungary
  • Mailing Address: 1363 Budapest, Pf.: 9., Hungary
  • Phone: +36 1 391-1400; +36 (30) 683-5969
  • Fax: +36 1 391-1410
  • Email: ugyfelszolgalat@naih.hu;
  • Website: http://www.naih.hu