Privacy Policy

1. Welcome

Dear Visitor!

Thank you for taking the time to read our privacy notice for https://dmgmori-heitec.hu/! This will provide you with detailed information about our data management practices, i.e. what happens to your data when you use the https://dmgmori-heitec.hu/ website (hereinafter referred to as the website or webpage) and the services sold through it.

We are committed to protecting the privacy of our customers. To this end, I will treat your personal data confidentially and in accordance with the applicable European and Hungarian legislation, in particular the following legislation:

– Regulation 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or GDPR);

– General Data Protection Regulation (GDPR), General Data Protection Act (General Data Protection Regulation, GDPR), the 2011 Act on the Right to Informational Self-Determination and Freedom of Information (Infotv.);

– Act V of 2013 on the Civil Code (Civil Code Act);

– Act CVIII of 2001 on certain aspects of electronic commerce services and information society services (Eker. tv.);

– Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions on Commercial Advertising (Act XLVIII of 2008);

– Act CLV of 1997 on Consumer Protection (Fgytv.);

– Act C of 2000 on Accounting (Accounting Act).

In accordance with Article 13 of the GDPR, we provide the following information on the processing of your data:

2. DEFINITIONS OF TERMS

2.1 “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2.2.’processing’ means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

2.3. “restriction of processing” means the marking of stored personal data for the purpose of restricting their future processing;

2.4 “profiling” means any form of automated processing of personal data in which personal data are used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with the performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person;

2.5. “pseudonymisation” means the processing of personal data in such a way that it is no longer possible to identify the natural person to whom the personal data relate without further information, provided that such further information is kept separately and technical and organisational measures are taken to ensure that no such personal data can be linked to identified or identifiable natural persons;

2.6 “controller” means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;

2.7. “processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

2.8. “recipient” means a natural or legal person, public authority, agency or any other body to whom or with which personal data is disclosed, whether or not a third party. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

2.9.’third party’ means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;

2.10. “data subject’s consent” means the data subject’s freely given, specific, informed and unambiguous indication of his or her wishes by which he or she signifies, by a statement or by an act unambiguously expressing his or her consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;

2.11. ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed;

2.12. ‘undertaking’ means any natural or legal person, regardless of its legal form, engaged in an economic activity, including partnerships or associations engaged in a regular economic activity;

2.13. ‘information society service’ means a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council (19) ;

3. GENERAL INFORMATION

Contact details of the Data Controller

Name: DMG MORI HEITEC Digital Kft.

Registered office: 1117 Budapest, Kaposvár utca 14-18.

Email:

4. DESIGNATED DATA PROCESSING

In the spirit of transparency required by the GDPR, you can find out about the data processed to achieve these purposes, their legal basis and the duration of processing, broken down by purpose below.

We will also indicate the data controllers to whom we transfer the data in order to achieve the purposes and the data processors who assist us in each processing operation.

We will also take all reasonable steps to ensure that the data is protected against unauthorised access.

4.1. Contacting us

If you have any questions or are interested in our services, you can contact us via the main email address or phone number on the website.

You can contact us by filling in the contact form under the Contact Us menu and providing your name, telephone number and e-mail address. In addition to your name, please only provide contact details that you would like us to use to respond to your enquiry or query.

4.1.1. Purpose of data processing: contacting the data subject

4.1.2. Scope of the data processed: e-mail address, first and last name, telephone number, subject and content of the message

4.1.3 Legal basis for processing: consent of the data subject [Article 6(1)(a) GDPR]

4.1.4. Duration of processing: until the end of the contact, up to a maximum of 6 months.

4.2. Issue of the invoice

The data processing is carried out in order to issue invoices in accordance with the law and to fulfil the obligation to keep accounting records. Pursuant to Article 169 (1) to (2) of the Act, we are required to keep the accounting documents that directly and indirectly support the accounting.

4.2.1. Purpose of data processing: to fulfil accounting obligations

4.2.2. Scope of the data processed: name, address of the data subject

4.2.3. Legal basis for processing: performance of a legal obligation [Article 6(1)(c) GDPR, § 169(1)-(2)]

4.2.4. Duration of data processing: invoices issued must be kept for 8 years from the date of issue of the invoice pursuant to Section 169 (2) of the Public Provisions Act.

4.2.5. Data transmission: invoices are issued using the Symbol Accounting System invoicing software (Company name: Symbol Tech Zrt.)

4.3. Handling consumer protection complaints

We do our utmost to ensure that our customers are satisfied with our service. However, if you do contact us with a complaint, providing data and processing is essential to resolve the matter, in order to resolve the consumer complaint and solve the problem.

4.3.1. Purpose of the processing: handling of consumer complaints

4.3.2. Scope of the data processed: name, address, telephone number of the data subject, content of the complaint

4.3.3. Legal basis for processing: performance of a legal obligation [Article 6(1)(c), § 17/A GDPR]

4.3.4. Duration of data processing:Complaints are kept for a period of 3 years in accordance with the law under Article 17/A (7) of Act CLV of 1997 on Consumer Protection.

4.4. Server logging

When you visit the website, the visitor data is automatically recorded (logged) by the system.

The data generated is not linked to other data when analysing the log files and is used for statistical purposes only.

4.4.1. Purpose of the processing:

To monitor the functioning of the services by automatically recording the visitor’s data when visiting the website.

4.4.2. Legal basis for processing:

Legitimate interest of the controller [Article 6 (1) (f) GDPR, Section 13/A (3) Ekertv.] Legitimate interest: the ability to control the operation necessary for the provision of the service.

4.4.3. Scope of the data processed:

IP address, URL, Referring URL, Exit URL, Browser type, Operating system, Date/time, Website requests, Website and service error messages Duration of processing: 2 years.

4.4.4. Data processor: hosting provider

………………

4.5. Sending a newsletter

If you expressly agree when filling in the registration form, we will send a newsletter to the e-mail account you have provided, containing primarily useful professional information and secondly, on an ad hoc basis, promotional information about our services.

4.5.1 Purpose of data processing: sending e-mail newsletters containing commercial advertising to subscribers.

4.5.2. Legal basis for processing: the data subject’s consent [Article 6 (1) (a) GDPR, Section 13/A (4) Ekertv. § 6 (1) and (5)]

4.5.3. Scope of data processed: e-mail address, name

4.5.4. Duration of processing: until the user’s consent is withdrawn, but for a maximum of five years

4.5.5. Processor: mailing and customer management service
Sales Autopilot Kft. (headquarters: 1024 Budapest, Margit krt. 31-33., mezzanine 4.)

4.6. Cookie management

4.6.1. Information

Cookies (“cookies”) are packets of information that are sent by the provider’s web server to the user’s device through the browser when using the website. The main purpose of cookies is to record the user’s data in order to analyse his/her activity on the website.

If the browser returns a previously saved cookie, the cookie management service provider may, for statistical purposes, link the user’s data saved during his current visits to previous visits, but only in respect of its own content, in a non-identifiable form.

Cookies allow the website to recognise previous visitors. Cookies therefore help the data controller to optimise the website, i.e. to tailor the website’s services to users’ habits. Types of cookies:

– Strictly necessary cookies: these cookies are essential for the use of the website and allow you to use its basic functions. Without them, many of the site’s features will not be available to you. The lifetime of these types of cookies is limited to the duration of the session.

– Cookies to improve your user experience: these cookies collect information about your use of the website, such as which pages you visit most often or what error messages you receive from the website. These cookies do not collect any information that identifies the visitor, i.e. they are completely generic and anonymous. We use the information they provide to improve the performance of the website. The lifetime of these types of cookies is limited to the duration of the session.

– Marketing cookies. The aim is to deliver more personalised advertising to individual users, displaying content that is tailored to their preferences.

You can delete cookies from your own computer or disable cookies in your browser. You can usually manage cookies by going to your browsers’ Tools/Preferences menu, Privacy/Preferences/Custom Settings menu, and selecting the cookie, cookie or tracking option. If you change these settings, some features or features may not work as intended.

For more information and details about cookies, please visit www.nopara.org, www.youronlinechoices.com/hu/ or http://www.allaboutcookies.org.

We use the following cookies:

………

4.6.2. Purpose of data management: to identify the current session of users, to store the data detailed above in order to improve the user experience, to make it more convenient

4.6.3. Legal basis for processing: consent of the data subject Article 6(1)(a) GDPR

4.6.4. Management of cookies from external service providers on the website

4.6.4.1. Google Analytics

Google Analytics by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) uses cookies to analyse how you use our online services. Google Analytics is Google’s analytics tool that helps website and application owners to get a more accurate picture of their visitors’ activities. Google
Analytics is the “__ga” cookie. In addition to generating reports from site usage statistics, Google Analytics, along with some of the advertising cookies described above, can also be used to display more relevant ads in Google products (such as Google Search) and across the web. In general, the information collected by the cookie about your usage behaviour is transferred to a Google server in the USA and stored there. In case IP anonymisation is activated for online services, Google will already shorten the IP address in the Member States of the European Union and the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of the online services to evaluate your use of the online services, compiling reports on your use of the online services and providing other services relating to your use of the online services and your browsing activities for the website operator. The IP address transmitted by your browser in the context of Google Analytics will not be merged with other data held by Google. The saving of cookies can be prevented by the appropriate setting in your browser software. However, in this case you will not be able to take full advantage of all the features of the online services. The collection of data generated by cookies and their use by Google can be prevented by downloading and installing the browser plugin at the following link (https://tools.google.com/dlpage/gaoptout?hl=en). Detailed information on the terms of use and privacy policy can be found here: https://marketingplatform.google.com/about/analytics/terms/hu/

4.6.4.2. Facebook

The plug-ins of Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA), can be recognised by the Facebook logo or the “Share” button. For an overview of Facebook plug-ins, click here: http://developers.facebook.com/docs/plugins/ When you use our online service, the plugin establishes a direct connection between your browser and Facebook’s servers. In this way, Facebook is informed that you are using the online services with your IP address. When you click on Facebook’s “Share” button while logged into your Facebook account, you can link the content of our online services to your Facebook profile. Facebook can then link your use of our online services to your account. As a provider of online services, we do not have any knowledge of the content of the data transmitted and how it is used by Facebook. For more information, please read Facebook’s privacy policy: https://www.facebook.com/policy.php.

If you do not wish to allow Facebook to link your use of our online services to your Facebook account, please log out of your Facebook account.

Facebook retargeting

We advertise our website on Facebook platform. This is done by Facebook sending a cookie when you visit the website, which enables interest-based advertising ads based on the pseudonymous cookie ID and the page you have visited. As a Facebook member, you can deactivate the retargeting cookie by clicking on the following link: https://www.facebook.com/settings/?tab=ads

Alternatively, you can configure your browser to be informed about the use of cookies and decide individually whether to accept them, or to exclude the use of cookies in certain cases or in general. Again, please note that refusing to accept cookies may restrict your use of certain features of our website.

4.6.4.3. Instagram

On our website we also use the social plugins of the online service provider Instagram, operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA. The plug-ins are marked with an instagram logo, e.g. “Instagram-camera”, an overview of the plug-ins and their appearance can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.

When you use our online services, you are directly connected to Instagram’s servers. With this connection, Instagram receives the information that this page of our web presence has been opened from your browser. This information (together with your IP address) is sent directly from your browser to Instagram’s servers in the USA, which store it. As a provider of online services, we do not have any knowledge of the content of the data transmitted and its use by Instagram. For more information, please read the Instagram Privacy Policy: https://help.instagram.com/155833707900388.

4.6.4.4. YouTube

YouTube is operated by YouTube (LLC, 901 Cherry Ave., San Bruno, CA 94066, USA). When you use our online service with YouTube plugin, it is connected to YouTube servers and information about the online service you use is transmitted to YouTube servers. If you are logged in to the

YouTube account, you allow YouTube to link your browsing activity directly to your user profile. This can be prevented by logging out of your YouTube account. For more information, please read YouTube’s privacy policy: https://www.google.com/intl/en/policies/privacy/.

4.7. Processing of data related to social networking sites

To promote our service, recruit candidates and /LinkedIn awareness, we maintain our own public Facebook/Instagram page and Youtube channel on social media.

4.7.1.Purpose of data processing: to promote the virtual assistant service on social networking sites, to share certain content, services, promotions or the website itself, or to provide the opportunity to “like”, follow, subscribe to the shared content, thereby promoting the Company.

4.7.2 Legal basis for processing: consent of the data subject [Article 6(1)(a) GDPR],

4.7.3. Scope of the data processed: the name and public profile picture of the person registered on Facebook/Instagram/YouTube.

4.7.4 Duration of data processing: data processing is carried out on social networking sites, so the duration of data processing and the possibility to delete and modify data are governed by the rules of the social networking site concerned.

5. DATA PROCESSOR

name

activity

located at

…………………….

hosting service

located at

6. HOW PERSONAL DATA ARE STORED, SECURITY OF PROCESSING

With data security in mind, we follow strict security procedures when storing, transmitting and protecting personal data against accidental loss, destruction and damage. We aim to guarantee this through IT measures (such as the choice of appropriate software, firewall, SSL standard, backups, password protection and antivirus), technical measures (such as physical protection, whereby documents are stored in a locked room).

Personal data is stored within the European Union.

7. RIGHTS OF DATA SUBJECTS

7.1 Right of access to personal data (Article 15 GDPR)

By exercising this right, you will have the opportunity to request a copy of the personal data we hold about you and to make sure that we have acted lawfully.

The information is free of charge, but we will charge a fee based on the administrative cost for additional copies.

7.2 Right to rectification (Article 16 GDPR)

You have the right to have inaccurate personal data corrected or incomplete personal data completed at your request. We will do so promptly (without undue delay).

7.3 Right to erasure (right to be forgotten, Article 17 GDPR)

You have the right to have your personal data deleted at your request. We will do so promptly (without undue delay). Where personal data has been disclosed, we will take all reasonable steps to inform other data controllers that you request the deletion of links to or copies of the personal data in question.

In any case – not on request – we are obliged to delete your personal data without undue delay in the following cases:

7.3.1. the personal data is no longer necessary for the purposes for which it was collected;

7.3.2. if you withdraw your consent on the basis of which the processing was carried out and there is no other legal basis for the processing;

7.3.3. if you object to the processing and there are no overriding legitimate grounds for the processing;

7.3.4. despite our best efforts, we have unlawfully processed the personal data;

7.3.5. the personal data must be erased in order to comply with a legal obligation under applicable EU or Member State law;

7.3.6. personal data was collected in connection with the provision of information society services to children under the age of 16.

7.4 Right to restriction of processing (Article 18 GDPR)

7.4.1 In the event that the personal data processed is not accurate, you may request the restriction of processing until the actual accuracy or inaccuracy of the data is discovered.

7.4.2 If the processing is unlawful but you do not want us to delete your data, you may request that we restrict the processing instead.

7.4.3 If the purpose of the processing has ceased, but you do not want us to delete the data because it is necessary for the purposes of pursuing a claim, you may also request a restriction.

7.4.4 If you have objected to the processing but the Data Controller’s legitimate grounds prevail – in which case the restriction will apply for the period until that issue is resolved.

7.5 Right to data portability (Article 20 GDPR)

You have the right to request your processed data in electronic and structured form and to transfer it to another controller or, where technically feasible, to request us to do so.

7.6 Right to object (Article 21 GDPR)

You have the right to object to the processing of your personal data for direct marketing or profiling purposes. In this case, the data will not be processed for these purposes.

You may also object if the processing is based on a legitimate interest of the Controller (or a third party). In such cases, the data may only be further processed in very exceptional cases (compelling legitimate grounds).

8. PROCEDURAL RULES

You may exercise your rights free of charge by sending a letter to the e-mail or postal address specified in this Notice. However, if your request is manifestly unfounded or excessive, in particular because of its repetitive nature, taking into account the administrative costs of providing the information or information requested or of taking the action requested, we may charge a reasonable fee or refuse to act on the request.

We will investigate the request and inform you within 25 days of receipt of the request of the action taken on any such request, the reasons for non-action or an extension of the time limit for response. An extension of up to 2 months may be granted if justified by the number of requests or the complexity of the request.

9. CHANGES TO THE PRIVACY NOTICE

We reserve the right to unilaterally amend this Notice at any time. In the event of a modification to this Notice, we will inform you electronically, but will not be required to obtain the consent of the individual concerned.

10. ENFORCEMENT OPTIONS

To enforce your rights, you can contact the National Authority for Data Protection and Freedom of Information, whose contact details are:

Location: 1055 Budapest, Falk Miksa street 9-11.
postal address: 1363 Budapest, Pf.: 9.Phone: +36-1-391-1400
Fax: +36-1-391-1410
E-mail:

Website: http://www.naih.hu

In addition to the above, you can also go to court. The court has jurisdiction to hear the case. You can also choose to bring the case before the court in your place of residence or domicile.