A GIA-Hungária Kft. (hereinafter: the Service Provider) places particular emphasis on ensuring that, during data processing, it acts in the interests of clients / visitors in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: “GDPR”) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC, as well as all other applicable data protection laws.
Name of the Data Controller
Name: GIA-Hungária Commercial and Installation Limited Liability Company
Registered office: 1165 Budapest, Újszász Street 45., Building Z
Email address: gia@gia.hu
Data Processor (Hosting Provider):
Name: Magyar Hosting Ltd.
Registered office: 1132 Budapest, Victor Hugo Street 18–22
Legal Basis for Data Processing
Data processing carried out through the website is based on the voluntary consent of users pursuant to Article 6(1)(a) of the GDPR. Consent is granted by the user through the use of the website and, in the case of newsletter subscription, by voluntarily providing personal data. The website may contain links to external websites. Data processing practices of such external websites are governed by their own privacy policies.
Scope, Purpose, and Duration of Data Processing
Duration of data processing: 180 calendar days following the termination of the contract.
The Data Controller informs website Visitors and Users that the website uses cookies to ensure efficient operation.
The Data Controller informs website Visitors and Users that Google Analytics is used to independently measure website traffic and other web analytics data. Google Analytics uses additional cookies to identify visitors. During data processing, Google Analytics does not record IP address data that would allow the identification of the data subject. Detailed information on the collected data and its processing is provided by Google at the following link: https://policies.google.com/technologies/types
By using the website, visitors consent to the use of the following cookies by the Data Controller:
| Type | Consent | Description | Purpose | Validity |
| system essential cookies | required | essential cookies required for the operation of the web application | ensuring proper website functionality | until browser session ends |
| system essential cookies | required | cookies requiring user consent to enable access to additional functions after page load | cookie usage consent and confirmation of age over 18 | 365 days |
| functional cookies | required | cookies required for enhanced functionality and personalization | enables full system functionality; without them many features do not work | until browser session ends |
| tracking cookies | required | required for analytics and user experience optimization | 365 days | |
tracking cookies (third-party) | not required | suitable for visitor identification and web tracking (integrated into the system and can also be configured individually) (Google, Facebook) | Google Ads conversion tracking cookies used to measure the effectiveness of Ads campaigns | 30 days |
Disabling cookies:
The Data Controller informs website Visitors and Users that they may disable cookies through the settings of their own devices. This setting is usually available in the browser settings of the device under the Privacy and Security menu.
Chrome
Quick Menu >> Settings >> Advanced Settings >> Content Settings under Privacy and Security >> Cookies >> Enable or disable the option “Allow sites to save and read cookie data (recommended)”
Browser URL: chrome://settings/content/cookies
A leírás a Google Chrome 66.0.3359.181 (64 bites) verziója alapján készült.
Firefox
Quick Menu >> Settings >> Select the Privacy and Security menu from the side panel >> In the Cookies and Site Data section, the option “Block cookies and site data (may cause websites to malfunction)” can be enabled.
Browser URL: about:preferences#privacy
This description is based on Firefox Quantum version 60.0 (64-bit).
Edge
Quick Menu >> Settings >> Open Advanced Settings >> In the Cookies section, cookie usage can be enabled or disabled from the drop-down menu.
Browser URL: not applicable
This description is based on Microsoft Edge version 42.17134.1.0.
The Service Provider’s websites may be visited without providing any personal data. However, certain services require registration and the provision of personal data; the types of data processing related to such events are detailed below.
Name of Activity and Purpose of Data Processing| Legal Basis | Scope of Processed Data | Duration | |
Visiting the Website The purpose is to ensure the proper and high-quality operation of the website, and to monitor and improve the quality of our services. identification of malicious visitors attempting to attack our website, measuring website traffic, statistical purposes | legitimate interest of the company | IP address date and time of visit data of visited subpages, type of operating system and browser used | During website visits, cookies placed on the user’s device may be removed at any time, and the use of cookies can be disabled in the browser settings. |
| Newsletter subscription | for users who consent, the Company prepares and sends personalized marketing offers, contacts them on a regular basis, and provides information about products and services distributed by the Company | name email address | unsubscribing from the newsletter |
Contact via email If you contact us via the email address provided on the website, we will process the personal data provided during correspondence in accordance with the nature of your inquiry. | consent, performance of a contrac | email address, data necessarily provided during contract conclusion, other voluntarily provided data | In the case of general inquiries, email addresses and other voluntarily provided data are deleted within 1 year following the contact.If the inquiry relates to contract performance, the data will be deleted within 1 year following the end of the 8-year statutory retention period for accounting documents. |
Responses will be sent to the contact details provided by you. Where necessary, taking into account the complexity of the request and the number of requests, this deadline may be extended by a further two months. The Data Controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. If the data subject submitted the request electronically, the information shall be provided electronically where possible, unless the data subject requests otherwise. If the Data Controller does not take action on the request, it shall inform the data subject without undue delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and of the possibility to lodge a complaint with a supervisory authority and to seek judicial remedy.
In the above cases, only the data strictly necessary for browsing the website are processed, or—where consent is given—for improving usability and user experience, and, in the case of newsletter subscription, for the purpose of delivering newsletters, until the data subject unsubscribes from the newsletter. If you contact us via the email address provided on the website, the related personal data will be deleted within 1 year following the contact. If you contact the Company in connection with the conclusion of a contract (including complaints, warranty, or guarantee cases), data processing will be governed by the data protection notice applicable to contractual partners.
Personal data provided for newsletter subscription or for other purposes will not be linked together, as identifying visitors is not our primary objective.
Personal data are provided voluntarily when subscribing to the newsletter or contacting the Service Provider. Therefore, we kindly ask you to ensure the accuracy, correctness, and completeness of the data you provide, as you are responsible for them. Incorrect, inaccurate, or incomplete data may prevent the use of our services.
If you provide personal data relating to another person instead of your own, it is assumed that you have the necessary authorization to do so.
You may withdraw your consent to data processing at any time, free of charge
- by deleting your registration,
- by withdrawing your consent to data processing, or
- by withdrawing consent for, or requesting the restriction of, the processing or use of any mandatory data provided during registration.
Due to technical reasons, the registration of consent withdrawal may take up to 5 days; however, please note that for the fulfillment of legal obligations or the enforcement of our legitimate interests, certain data may still be processed after consent has been withdrawn.
In the event of the use of misleading personal data, or if a visitor commits a criminal offense or attacks the Company’s systems, the visitor’s registration will be terminated and their data will be deleted without delay, or—where necessary—retained for the duration required to establish civil liability or conduct criminal proceedings.
Other Data Protection Matters
Your personal data may be transferred only within the limits defined by law, and in the case of data processors, we ensure through contractual obligations that they may not use your personal data for purposes contrary to your consent.
For the data processing activities listed in this notice, our Company uses the following data processors:
SmartFront Ltd. (1132 Budapest, Váci út 18) – provides support for the Smart ERP software used to store customer data and databases created for newsletter distribution
SURIEL IT Commercial and Service Limited Liability Company (1131 Budapest, Reitter Ferenc Street 132, Building C, 2nd floor, Unit 209) – provision of system operation and system administration services
Magyar Hosting Ltd. (1132 Budapest, Victor Hugo Street 18–22) – hosting services
R-Salus Ltd. (3900 Szerencs, Alkotmány út 53) – external maintenance
Our Company does not transfer personal data abroad.
Courts, the Public Prosecutor’s Office, and other authorities (e.g. police, tax authority, National Authority for Data Protection and Freedom of Information) may contact our Company to request information, data disclosure, or access to documents. In such cases, we are obliged to comply with data disclosure requirements, but only to the extent strictly necessary to fulfill the purpose of the request.
Employees and contributors involved in the Service Provider’s data processing activities are authorized to access personal data to a predefined extent, subject to confidentiality obligations.
The Service Provider stores the personal data provided by you on servers located at its registered office and sites, as well as on the servers of the data processor providing web hosting services to the Service Provider (Magyar Hosting Ltd.). Our Company implements appropriate measures to ensure that personal data are accessible only to authorized persons, and the web hosting provider applies data protection safeguards, such as storing servers containing personal data in secured rooms accessible only to senior executives and authorized employees of Suriel Ltd., and restricting server access to employees with unique user IDs and passwords, as well as authorized Suriel Ltd. staff.
Suriel Ltd. monitors on a daily basis the technical conditions necessary for data protection and the storage of backup copies.
Rights of Visitors and Legal Remedies
- Right to Access Information
The data subject may at any time request information from the Data Controller in writing via the contact details provided above, requesting the Data Controller to inform them about:
- what personal data,
- on what legal basis,
- for what data processing purpose,
- from what source,
- for how long it is processed,
- to whom, when, and on what legal basis the Data Controller has granted access to, or
to whom the Data Controller has disclosed the personal data.
The Data Controller shall comply with the data subject’s request within a maximum of 30 days by sending a response to the contact details provided by the data subject.
- Right to Rectification
The data subject may at any time request in writing, via the contact details provided above, that the Data Controller rectify or modify any of their personal data (for example, change their email address). Prior to fulfilling the request, the Data Controller may request appropriate verification of the change in the personal data (e.g. change of email address or name). The Data Controller shall comply with the request within a maximum of 30 days and shall notify the data subject via the contact details provided.
- Right to Erasure
The data subject may request the erasure of their personal data from the Data Controller in writing via the contact details provided above. The Data Controller shall reject the request if it is required by law to retain the personal data, or if data processing is based on a legal ground other than consent (e.g. retention of data is necessary for the establishment, exercise, or defense of legal claims). If no such obligation or legal ground exists, the Data Controller shall comply with the request within a maximum of 30 days and notify the data subject via the contact details provided.
- Right to Restriction of Processing
The data subject may request in writing, via the contact details provided above, that the Data Controller restrict the processing of their personal data. The restriction shall apply for as long as the reason indicated by the data subject necessitates the storage of the data. For example, the data subject may request restriction if they believe the Data Controller has processed the data unlawfully, but the data subject requires the data to be retained for the initiation of authority or court proceedings. In such cases, the Data Controller shall continue to store the personal data until contacted by the authority or court, after which the data shall be erased.
- Right to Data Portability
The data subject is entitled to receive the personal data concerning them, which they have provided to the Data Controller based on consent or for the performance of a contract, and which are processed by automated means, in a structured, commonly used, and machine-readable format. The data subject is also entitled to transmit those data to another data controller; therefore, upon request, the Data Controller shall provide the data to the data subject on a CD within 30 days.
- Right to Object
The data subject may object in writing to the processing of their personal data via the contact details provided above if the Data Controller intends to transfer or use personal data for direct marketing, opinion polling, or scientific research purposes. For example, the data subject may object if they received a newsletter from the Data Controller without prior consent. The data subject may also object to data processing if, in their opinion, it is carried out solely for the legitimate interests of the Data Controller or a third party, unless the processing is justified by compelling legitimate grounds which override the interests, rights, and freedoms of the data subject, or which relate to the establishment, exercise, or defense of legal claims. For example, no objection may be raised if personal data are disclosed to an authority in the course of an ongoing official procedure.
- Initiation of Court Proceedings
In the event of unlawful data processing experienced by the data subject, they may initiate civil proceedings against the Data Controller. The adjudication of such proceedings falls within the jurisdiction of the courts. A list of courts and their contact details is available at the following link:
http://birosag.hu/torvenyszekek
- Complaint to the Supervisory Authority
The data subject may file a complaint and request an investigation if they believe that the processing of their personal data has infringed their rights or poses an imminent risk thereof:
National Authority for Data Protection and Freedom of Information (Hungary):
1530 Budapest, P.O. Box 5
1125 Budapest, Szilágyi Erzsébet fasor 22/c
+36 1 391 1400
+36 1 391 1410 (fax)
ugyfelszolgalat@naih.hu
www.naih.hu