Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR), the Data Controller hereby provides the following information to data subjects regarding the processing of personal data.
Data Controller
Auditique Consulting and Services Limited Liability Company
Registered seat: 1114 Budapest, Bartók Béla út 29., 1st floor, Door 4
Company registration number: 01-09-450705
Tax number: 32943135-2-43
Legal basis of data processing
Definition of “personal data” under the GDPR
Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Definition of “recipient”
A natural or legal person, public authority, agency or another body to which personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of such data by those public authorities shall comply with the applicable data protection rules according to the purposes of the processing.
PERSONAL DATA PROCESSING
Purpose of processing
The processing of personal data is carried out for the purpose of fulfilling obligations related to the use and operation of the website www.auditique.hu, and to ensure the full functionality of services provided through the website.
Personal data are obtained directly from the data subject based on their consent.
Categories of personal data processed
Legal basis of processing: The data subject’s consent.
By ticking the consent checkbox available on the website www.auditique.hu, the data subject provides written consent to the processing of their personal data by the Data Controller for the above-specified purposes, including collection, recording, organisation, storage, use, retrieval, disclosure, restriction, erasure, destruction and prevention of further use.
Duration of processing: Personal data are processed until 10 working days following the withdrawal of consent.
Automated decision-making and profiling: Does the Data Controller apply automated decision-making or profiling? No.
RECIPIENTS OF PERSONAL DATA
As a general rule, the personal data of the data subject may be accessed by the management and employees of the Data Controller, as well as by contributors engaged by the Data Controller under a contractual relationship, for the purpose of performing their duties. Accordingly, for example, employees and contributors of the Data Controller involved in the operation of the website www.auditique.hu may access the personal data of the data subject for the purposes of operating the website and fulfilling their contractual obligations.
The Data Controller transfers the personal data of the data subject to other public authorities only in exceptional cases. For example, if court proceedings are initiated in an ongoing legal dispute between the data subject and the Data Controller, and it becomes necessary to provide the court conducting the proceedings with documents containing the personal data of the data subject, the police may contact the Data Controller and request the transfer of documents containing the personal data of the data subject for the purposes of the investigation. In addition, for example, the lawyer providing legal representation for the Data Controller may also become acquainted with the personal data if a legal dispute arises between the data subject and the Data Controller.
DATA SECURITY MEASURES
The Data Controller stores the personal data provided by the data subject in electronic form on the data servers used by the Data Controller and, where necessary, in electronic form at its registered seat and/or registered place of business. For the processing of the personal data of the data subject, the Data Controller uses the services of the data processor indicated under the Recipients.
The Data Controller implements appropriate information security measures to ensure the protection of the personal data of the data subject, including protection against unauthorised access or unauthorised alteration. For example, access to personal data stored on servers is logged, on the basis of which it is always possible to verify who accessed which personal data and when. The Data Controller also implements appropriate organisational measures to ensure that personal data cannot become accessible to an indeterminate number of persons.
RIGHTS OF THE DATA SUBJECT
Pursuant to Article 15 of the GDPR, the data subject may request access to the personal data relating to him or her as follows:
(1) The data subject shall have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where such processing is taking place, access to the personal data and the following information:
(2) The Data Controller shall provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, the information shall be provided in a commonly used electronic form, unless the data subject requests otherwise. The right to obtain a copy shall not adversely affect the rights and freedoms of others.
Pursuant to Article 16 of the GDPR, the data subject shall have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning him or her.
Upon such a request by the data subject, the Data Controller shall be obliged to rectify inaccurate personal data concerning the data subject without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of providing a supplementary statement.
Pursuant to Article 17 of the GDPR, the data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her as follows:
(1) The data subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her, and the Data Controller shall be obliged to erase personal data concerning the data subject without undue delay where one of the following grounds applies:
(2) Where the Data Controller has made the personal data public and is obliged pursuant to paragraph (1) to erase the personal data, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
(3) The restriction of the data subject’s right to erasure may take place only where one of the following exceptions provided for in the GDPR applies; in such cases, further retention of the personal data shall be considered lawful:
Pursuant to Article 18 of the GDPR, the data subject shall have the right to obtain from the Data Controller restriction of processing of personal data concerning him or her as follows:
(1) The data subject shall have the right to request that the Data Controller restrict the processing where one of the following applies:
(2) Where processing has been restricted pursuant to the above, such personal data shall, with the exception of storage, only be processed with the consent of the data subject or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
(3) The Data Controller shall inform the data subject, at whose request processing has been restricted pursuant to paragraph (1), in advance of the lifting of the restriction on processing.
Pursuant to Article 20 of the GDPR, the data subject shall have the right to data portability as follows:
(1) The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format, and shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(2) In exercising the right to data portability, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
(3) The exercise of the right to data portability shall be without prejudice to the right to erasure. The right to data portability shall not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
(4) The right to data portability shall not adversely affect the rights and freedoms of others.
Pursuant to Article 21 of the GDPR, the data subject shall have the right to object to the processing of personal data concerning him or her by the Data Controller as follows:
(1) The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is carried out in the public interest, in the exercise of official authority vested in the Data Controller, or for the purposes of the legitimate interests pursued by the Data Controller (or a third party), including profiling based on those provisions. In such cases, the Data Controller shall no longer process the personal data, unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
(2) Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
(3) At the latest at the time of the first communication with the data subject, the right to object shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
(4) In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise the right to object by automated means using technical specifications.
(5) Where personal data are processed for scientific or historical research purposes or statistical purposes, the data subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Pursuant to Article 7(3) of the GDPR, the data subject shall have the right to withdraw his or her consent to the processing of his or her personal data at any time as follows:
The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. The data subject shall have the right to withdraw consent in a manner that is as easy as the giving of consent.
LEGAL REMEDIES AND COMPLAINTS
In the event of unlawful processing of personal data experienced by the data subject, the data subject may initiate civil proceedings against the Data Controller. The adjudication of the action falls within the jurisdiction of the competent regional court. The action may also be brought, at the choice of the data subject, before the regional court of the data subject’s place of residence (a list of the courts and their contact details is available at the following link: http://birosag.hu/torvenyszekek).
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority — in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement — if the data subject considers that the processing of personal data relating to him or her infringes the GDPR.
National Authority for Data Protection and Freedom of Information (NAIH)
Address: 1055 Budapest, Falk Miksa utca 9–11
Postal address: 1363 Budapest, P.O. Box 9
Email: ugyfelszolgalat@naih.hu
phone: +36 (1) 391 1400; +36 (30) 683-5969; +36 (30) 549-6838
fax.: +36 (1) 391-1410
Website: www.naih.hu
COOKIE NOTICE
Auditique Consulting and Services Limited Liability Company
(registered seat: 1114 Budapest, Bartók Béla út 29., 1st floor, Door 4;
company registration number: 01-09-450705;
tax number: 32943135-2-43;
hereinafter: the Data Controller)
uses cookies and similar technological solutions on the website www.auditique.hu (hereinafter: the “Website”). In the following, these are collectively referred to as cookies.
When visiting the Website, you may consent to the use of cookies applied on the Website for the purpose of improving the browsing experience and displaying personalised offers tailored to your interests; however, certain cookies necessary for the operation of the Website are installed without your consent. This page contains all information relating to the use of cookies applied on the Website.
What are cookies?
Cookies are small data packets that are stored by the browser on your device when websites (web servers) are accessed. Websites store temporary, but important, information in these cookies for the purpose of providing services through the websites, identifying users in this context, improving the browsing experience, displaying personalised offers tailored to users’ interests, and analysing traffic data of our websites.
How can you control the use of cookies?
You can control the use of cookies through your browser settings. If your browser is set to allow cookies, this shall be considered your consent to the use of cookies and to the processing of personal data associated therewith.
Most browser programs are set by default to allow the use of cookies. For the most commonly used browsers, information on how to manage cookie settings is available on the following websites:
If you disable the use of cookies through your browser settings, the websites or certain functions thereof may become unavailable or unusable until you re-enable the use of cookies, i.e. remove the blocking. You may modify the settings and, consequently, the use of cookies at any time.
You may also view and delete cookies that have previously been stored on your computer via your browser.
The websites, information and add-ons (programs) available through the above links are completely independent of the Data Controller; therefore, the Data Controller cannot provide information regarding their availability or the content available thereon, and assumes no liability in this respect.
What types of cookies do we use?
When a user opens a website, a cookie stored in the browser may be saved on the user’s device. This cookie contains a characteristic string of characters that enables the browser to be identified when the website is reopened.
These cookies ensure the proper functioning of the Website, facilitate its use, and collect information about its use without identifying our visitors. Without the use of these cookies, we cannot guarantee the convenient use of our Website.
The legal basis for the processing of essential cookies on the Website is Article 6(1)(f) of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: the General Data Protection Regulation, or GDPR). We use cookies that are primarily necessary for the functions of online shops. Certain elements of our Website require that the browser used remains identifiable even after navigating to another page. On the basis of Article 6(1)(f) of the GDPR, the processing of personal data for this purpose constitutes our legitimate interest.
Cookies are stored on the user’s computer and transmitted from there to our Website. Accordingly, as a user, you have full control over the use of cookies and may object to their use at any time as follows. By modifying a setting in your browser, you may stop or restrict the transmission of cookies. Stored cookies may be deleted at any time, including automatically. If cookies are disabled on our websites, it is possible that not all functions of the Website will be fully usable.
Most of the cookies we use are so-called session cookies, which are deleted from your computer when you close your browser. In addition, there are some longer-lived cookies that allow us to recognise you as a returning visitor. Cookies do not cause damage to your computer and do not contain viruses.
The following data and information are stored and processed in cookies:
For the purpose of developing our Website and improving the user experience provided to users, we also use cookies that enable us to collect information on how visitors use our Website. These cookies do not allow you to be personally identified; they collect information such as which pages are viewed by the visitor, which parts of the website the user clicks on, how many pages are visited, and the duration of viewing time of individual sessions.
We implement tracking measures in order to determine statistical data regarding the use of our Website and to evaluate such data for the purpose of optimising our offerings. If you have already registered on our Website, the information obtained about you may be used to further tailor and personalise your profile on the Website and to provide you with information that may be of interest to you.
The processing of such data enables the optimisation of the functionality of our websites and the improvement of our offers. Such processing is based on voluntary consent pursuant to Article 6(1)(a) of the GDPR.
Cookies are stored on the user’s computer and transmitted from there to our Website; accordingly, as a user, you have full control over the use of cookies. By modifying a setting in your browser, you may stop or restrict the transmission of cookies. Stored cookies may be deleted at any time. In addition, visitors to our Website may object to the storage of their pseudonymised visitor data, as a result of which such data will no longer be collected in the future.
