Privacy policy

Annex 1 of the Data Management Regulation

NOTICE ON DATA MANAGEMENT REGARDING THE RIGHTS OF INDIVIDUALS CONCERNING THE MANAGEMENT OF THEIR PERSONAL DATA

CONTENT

INTRODUCTION

CHAPTER I – NAME OF THE DATA CONTROLLER

CHAPTER II – NAME OF THE DATA PROCESSORS

  1. The IT provider of our Company
  2. The ticketing system developer of our Company

CHAPTER III – ENSURING COMPLIANCE OF DATA MANAGEMENT WITH THE LAW

  1. Data management based on consent from the data subject
  2. Data management based on legal obligations
  3. Promotion of the rights of the data subject

CHAPTER IV – DATA MANAGEMENT OF WEBSITE VISITORS – NOTICE ON THE USE OF COOKIES

CHAPTER V – NOTICE ON THE RIGHTS OF DATA SUBJECTS

INTRODUCTION

Based on REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) (hereinafter: the Regulation), concerning the protection and free movement of data during the management of personal data of individuals, and the repeal of Directive 95/46/EC, the Data Controller must take appropriate actions to ensure that the data subject, whose data is being collected, is provided with all necessary information regarding the management of personal data in a concise, clear, transparent, understandable, and accessible format, and to ensure conditions for the fulfillment of the rights of the data subject.

The obligation to inform individuals in advance about their right to informational self-determination and freedom of information is also prescribed by Act CXII of 2011.

The following text fulfills our obligations as required by the aforementioned laws and regulations.

This notice must be displayed on the company's website or sent to the data subject upon request.

CHAPTER I

NAME OF THE DATA CONTROLLER

The issuer of this notice and the Data Controller:

Company name: ZirkonDentArt Kft.
Headquarters: Szeged
Tax number: 23301560-2-06
Company registration number: 06-09-016995
Representative: Balázs Piri Johanna
Phone number: +36 30 229 00 78
Email address: info@zirkondentart.com
Website: zirkondentart.com/en

(hereinafter referred to as: the Company)

CHAPTER II

NAME OF THE DATA PROCESSORS

A data processor is a natural or legal person, a public authority, agency, or any other body that processes personal data on behalf of the data controller (Article 4, point 8 of the Regulation).

The use of a data processor does not require prior consent from the data subject, but the individual must be informed. In accordance with these regulations, we provide the following notice:

1. IT provider of the Company

The Company uses the services of a data processor to maintain and manage its website, which provides IT services (hosting services), and within the framework of these services, in accordance with the content of the agreement between the two parties, manages the personal data left on the website by storing them on a server.

Name and details of the data processor:
Company name: ErdSoft doo
Headquarters: 24000 Subotica, Somborski put 33a, Serbia
Company registration number: 21354619
Tax number: 110478829
Representative: Daniel Erdudac
Phone number: +381 60 44 60 555
Fax: none
Email address: daniel.erdudac@erdsoft.com
Website: erdsoft.com

CHAPTER III

ENSURING COMPLIANCE OF DATA MANAGEMENT WITH THE LAW

1. Data management based on consent from the data subject

(1) If the Company intends to manage data based on consent, it is necessary to request the consent for managing personal data from the data subject via a form, the content of which is defined in the data management regulation.

(2) Consent may be considered given when the user checks a box related to the request for consent for data processing on the Company’s website, completes the technical settings related to the use of information society services, or makes any other statement or action that clearly indicates the individual’s consent to the intended management of their personal data. Silence, pre-checked boxes, or inactivity do not constitute consent.

(3) Consent applies to all data management activities aimed at the same purpose(s). If data management is aimed at multiple purposes, consent must be requested for each purpose.

(4) If consent is given as part of a written statement that also covers other purposes (e.g., entering into a sales or service agreement), the request for consent must be presented clearly, simply, and understandably, and must be distinctly separate from other purposes. Any parts of such statements that pertain to consent and do not comply with the Regulation will not be legally valid.

(5) The Company cannot make the conclusion or execution of a contract conditional on consent to process personal data that is not necessary for the performance of the contract.

(6) Withdrawal of consent must be as easy as giving consent.

(7) If personal data is collected based on consent, the data controller may continue to use the collected data in accordance with the law, even after the individual withdraws consent.

(8) The Company’s website does not intentionally collect data from minors (under 16 years of age). If data is inadvertently collected from a minor, upon learning of this fact, the data will be deleted immediately.

2. Data management based on legal obligations

(1) In cases where data is managed based on legal obligations, the scope of the data, the purpose of data management, the retention period, and the users of the data are determined by law.

(2) Data management based on legal obligations does not depend on the consent of the data subject. The individual must be informed about the mandatory collection of data prior to collection, including the purpose, legal basis, retention period, and user rights.

3. Protection of the rights of the data subject

The Company is obliged to ensure that all individuals whose data is managed have the right to exercise their legally prescribed rights concerning the management of their data.

CHAPTER IV

DATA MANAGEMENT OF WEBSITE VISITORS – NOTICE ON THE USE OF COOKIES

1. Visitors must be informed about the use of cookies, and for all cookies except those technically necessary for the session, the visitor's consent must be obtained.

2. General information about cookies

2.1. A cookie is a piece of data that a website sends to the user's browser for storage and later use. Cookies may remain valid until the browser is closed or indefinitely.

2.2. Cookies identify the user and enable the recognition of the user during future visits. Cookies can also enable tracking of the user and the creation of a profile.

2.3. Types of cookies:

Technically necessary cookies: Enable basic site functionalities (e.g., adding items to the cart).
Cookies that ease usage: Remember user preferences.
Performance cookies: Track user behavior on the site (e.g., Google Analytics).

2.4. Accepting cookies is not mandatory. Users can set their browser to reject cookies or notify them when cookies are sent by the site.

• Google Chrome: Chrome support

• Firefox: Firefox support

• Microsoft Internet Explorer 11: Microsoft support 

• Microsoft Internet Explorer 10: Microsoft support 

• Microsoft Internet Explorer 9: Microsoft support

• Microsoft Internet Explorer 8: Microsoft support

• Microsoft Edge: Microsoft support

• Safari: Apple support

 

However, it should be noted that certain site features or services may not function properly without cookies.

3. Information about cookies used on the Company’s website and data collected during the visit

3.1. Data collected during the visit

The website of our Company may record and manage the following data about the visitor or the device they are using:

  • Visitor's IP address,
  • Browser type,
  • Operating system characteristics (configured language),
  • Time of visit,
  • (Sub)pages, features, or services accessed,
  • Clicks.

This data is stored for up to 90 days and is primarily used to analyze security incidents.

3.2. Cookies used on the website

3.2.1. Technically necessary session cookies

The purpose of managing this data is to ensure the proper functioning of the website. These cookies allow uninterrupted use of the site and all its functionalities, including identifying logged-in users during the visit. The duration of these cookies is limited to the duration of the visitor's session and they are automatically deleted after the browser is closed.

The legal basis for managing this data is the Electronic Commerce and Information Society Services Act, which allows the data controller to manage personal data that is technically necessary for providing services.

3.2.2. Cookies that facilitate use

These cookies remember the user's preferences, such as language settings or preferred page view. They store user settings on the device to facilitate the use of the website.

The legal basis for managing this data is the user's consent.

The purpose of management is to improve the user experience and make the site easier to use.

3.2.3. Performance cookies

These cookies collect information about user behavior on the site, the time spent on the page, and clicks. They typically come from third-party applications such as Google Analytics or AdWords.

The legal basis for managing this data is the user's consent.

The purpose is to analyze the usage of the site and tailor promotional offers.

CHAPTER V

STATEMENT OF RIGHTS OF DATA SUBJECTS

  1. The right to transparent information, communication, and modalities for exercising rights.
  2. The right to prior information when collecting data.
  3. The right to information when data is not collected directly from the individual.
  4. The right to access data.
  5. The right to rectification of data.
  6. The right to erasure ("the right to be forgotten").
  7. The right to restrict data processing.
  8. The obligation to notify about changes or deletion of data or restrictions on processing.
  9. The right to data portability.
  10. The right to object.
  11. Automated decision-making, including profiling.
  12. Restrictions.
  13. The right to be notified of a data security breach.
  14. The right to file a complaint with a supervisory authority.
  15. The right to an effective judicial remedy against the supervisory authority.
  16. The right to a judicial remedy against the data controller.

II Rights of Data Subjects - Detailed:

1. Transparent information, communication, and means of exercising the rights of data subjects

1.1. The data controller shall take all necessary measures to provide the data subject with information about data processing in a concise, transparent, intelligible, and easily accessible manner, using clear and plain language, particularly when the information is addressed to a child. Information shall be provided in writing or by other appropriate means, including, where appropriate, by electronic means. If the data subject requests, information may also be provided orally, provided that the identity of the data subject is verified by other means.

1.2. The controller shall facilitate the exercise of data subject rights.

1.3. Upon request, the controller shall provide the data subject with information about the actions taken without undue delay and, at the latest, within one month of receiving the request. This period may be extended by two further months if necessary, in which case the controller must inform the data subject within one month.

1.4. If the controller does not act on the data subject’s request, it must inform the data subject without delay, and at the latest within one month, of the reasons for not taking action, as well as the possibility to lodge a complaint with a supervisory authority and seek a legal remedy.

1.5. All information, communications, and actions shall be provided free of charge, except where the Regulation allows for the imposition of a fee.

Detailed rules are provided in Article 12 of the Regulation.

2. Right to prior information when data is collected from the data subject

2.1. When personal data is collected directly from the data subject, the controller is required to provide the following information:

a) The identity and contact details of the controller, and, where applicable, its representative; b) Contact details of the data protection officer, where applicable; c) The purposes of the processing for which the personal data is intended, as well as the legal basis for the processing; d) The legitimate interests pursued by the controller or a third party (where applicable); e) Recipients or categories of recipients of the personal data, if any; f) Information about any intended transfers of personal data to a third country or international organization.

2.2. The controller must also provide additional information necessary to ensure fair and transparent processing of the data:

a) The period for which the personal data will be stored, or the criteria used to determine that period; b) The existence of the rights to request access, rectification, erasure, restriction of processing, objection, and data portability; c) The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; d) The right to lodge a complaint with a supervisory authority; e) Whether the provision of personal data is a legal or contractual requirement, or a necessity for entering into a contract, and whether the data subject is obliged to provide the data, as well as the possible consequences of failing to provide such data; f) The existence of automated decision-making, including profiling, and relevant information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

2.3. If the controller intends to further process the data for a purpose other than that for which it was initially collected, it must inform the data subject of this new purpose and any additional relevant information before proceeding.

Detailed rules are provided in Article 13 of the Regulation.

3. Information when data is not collected directly from the data subject

3.1. When personal data is obtained from other sources, the controller must inform the data subject within one month of the collection, detailing the data collected, its source, and other relevant information as outlined in section 2.

3.2. Other rules regarding notification follow those provided in section 2 (Right to prior information).

Detailed rules are provided in Article 14 of the Regulation.

4. Right of access to data

4.1. The data subject has the right to obtain confirmation from the controller as to whether or not personal data concerning them is being processed, and if so, access to that data, as well as the information outlined in sections 2 and 3 (Article 15 of the Regulation).

4.2. If personal data is transferred to a third country or an international organization, the data subject has the right to be informed about the appropriate safeguards pursuant to Article 46.

4.3. The controller shall provide a copy of the personal data being processed. For any additional copies requested, the controller may charge a reasonable fee based on administrative costs.

Detailed rules on the right of access are provided in Article 15 of the Regulation.

5. Right to rectification

5.1. The data subject has the right to obtain rectification of inaccurate personal data without undue delay.

5.2. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by providing a supplementary statement.

These rules are provided in Article 16 of the Regulation.

6. Right to erasure ("right to be forgotten")

6.1. The data subject has the right to obtain from the controller the erasure of their personal data without undue delay, and the controller has the obligation to erase the data if one of the following grounds applies:

a) The personal data is no longer necessary in relation to the purposes for which it was collected; b) The data subject withdraws consent, and there is no other legal basis for processing; c) The data subject objects to the processing, and there are no overriding legitimate grounds for the processing; d) The personal data has been unlawfully processed; e) The personal data must be erased to comply with a legal obligation; f) The personal data was collected in relation to the offer of information society services to a child.

6.2. Exceptions to the right of erasure apply in cases where processing is necessary, such as:

a) For exercising the right of freedom of expression and information; b) To comply with a legal obligation; c) For reasons of public interest in the area of public health; d) For archiving purposes in the public interest or for scientific research; e) For the establishment or defense of legal claims.

These rules are provided in Article 17 of the Regulation.

7. Right to restrict processing

7.1. When processing is restricted, data may only be processed with the consent of the data subject or for legal claims.

7.2. The data subject has the right to request the restriction of processing if they contest the accuracy of the data, if the processing is unlawful, or if the data is no longer needed but is required for legal claims.

7.3. The controller must notify the data subject before lifting the restriction on processing.

These rules are outlined in Article 18 of the Regulation.

8. Obligation to notify regarding rectification or erasure of personal data or restriction of processing

The controller is obliged to inform any recipient to whom the personal data has been disclosed of any rectification, erasure of personal data, or restriction of processing, unless this proves impossible or involves disproportionate effort. The controller is also required to inform the data subject about these recipients if the data subject requests it.

Detailed rules are provided in Article 19 of the Regulation.

9. Right to data portability

9.1. The data subject has the right to receive personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller without hindrance from the original controller, provided that:

a) The processing is based on consent or a contract; and b) The processing is carried out by automated means.

9.2. The data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

9.3. Exercising the right to data portability does not affect the right to erasure ("right to be forgotten") and does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. This right must not adversely affect the rights and freedoms of others.

Detailed rules are provided in Article 20 of the Regulation.

10. Right to object

10.1. The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them, under Article 6(1)(e) or (f), including profiling based on these provisions. The controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

10.2. If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

10.3. The data subject must be explicitly informed of this right at the first communication and in a clear and understandable manner.

10.4. The data subject may exercise their right to object through automated means using technical specifications.

10.5. Where personal data is processed for scientific or historical research purposes or statistical purposes, the data subject has the right to object, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Detailed rules are provided in Article 21 of the Regulation.

11. Automated decision-making, including profiling

11.1. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

11.2. This right does not apply if the decision:

a) Is necessary for entering into, or performance of, a contract between the data subject and the controller; b) Is authorized by Union or Member State law which provides suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or c) Is based on the data subject’s explicit consent.

11.3. In the cases referred to in points (a) and (c), the controller shall implement suitable measures to safeguard the data subject’s rights, freedoms, and legitimate interests, at least the right to obtain human intervention, express their point of view, and contest the decision.

Detailed rules are provided in Article 22 of the Regulation.

12. Restrictions

Based on Union or Member State law, the rights provided in Articles 12 to 22, Article 34, and Article 5 may be restricted under certain conditions, respecting fundamental rights and freedoms.

The conditions for these restrictions are detailed in Article 23 of the Regulation.

13. Notification of a personal data breach

13.1. When a personal data breach is likely to result in a high risk to the rights of individuals, the controller must notify the data subject of the breach without undue delay. The notification must include:

a) The name and contact details of the data protection officer; b) A description of the likely consequences of the breach; c) The measures taken or proposed to address the breach.

13.2. Notification is not required if:

a) The data is protected by appropriate technical measures, such as encryption; b) Measures have been taken to ensure that the high risk no longer exists; c) Notification would involve disproportionate effort – in such cases, a public communication or similar measure shall be made instead.

Detailed rules are provided in Article 34 of the Regulation.

14. Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with a supervisory authority in the Member State of their habitual residence, place of work, or place of the alleged infringement, if they believe that the processing of their personal data infringes the Regulation.

Detailed rules are provided in Article 77 of the Regulation.

15. Right to an effective remedy against a supervisory authority

15.1. The data subject has the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them.

15.2. The data subject also has the right to an effective judicial remedy if the supervisory authority does not handle a complaint or fails to inform the data subject within three months about the progress or outcome of the complaint.

15.3. The competent courts for such proceedings are those in the Member State where the supervisory authority is established.

Detailed rules are provided in Article 78 of the Regulation.

16. Right to an effective remedy against a controller

16.1. The data subject has the right to an effective judicial remedy if they consider that their rights under the Regulation have been infringed as a result of the processing of their personal data.

16.2. The competent courts for such proceedings are those of the Member State where the controller or processor is established, or where the data subject has their habitual residence.

Detailed rules are provided in Article 79 of the Regulation.

Cookie settings

We use cookies to personalise content and ads, to provide social media features and to analyse website traffic. You can read more by clicking on the "Settings" button.
We use cookies to personalise content and ads.