1. Purpose and Scope of Privacy Statement, Applicable Laws
This Statement stipulates the data protection and processing principles applied by Bodrogolaszi Rugógyártó Kft, and the Company’s data protection and processing policies, to which the Company as controller shall adhere.
This Statement was drafted pursuant to including, without limitation, the following applicable laws: Regulation (EU) 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), Act No CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (“Information Act”), Act No V of 2013 on the Civil Code of Hungary (“CCH”), Act No XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity (“Business Advertising Act”).
This Statement applies to data processing related to the use of the website www.bodrogrugo.hu/eng (hereinafter referred to as: “Website).
Unless stated otherwise, this Statement shall not apply to services and data processing related to promotions, events, services, other advertisements and content shared by third parties advertising on the Website. Unless stated otherwise, this Statement shall not apply to services and data processing of websites and service providers, whose contact links are available at the Website. This Statement shall not apply to data processing of persons (natural or legal), which share statements, newsletters or promotional material with the User through the Website.
2. Definitions
Data Processing: irrespective of the applied process, means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination (including profiling) restriction, erasure or destruction.
Controller: the person indicated under Article 3, which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor: a service provider which processes personal data on behalf of the Controller;
User: a natural person who completes the Contact Form by providing his/her data on the Website, including the provision of data pursuant to Articles 8 and 9 hereunder.
Intermediary Service Provider: third party service providers contracted (directly or indirectly) by the Controller or the operator of the Website for purposes of providing particular services, who receive or may receive Personal Data for the purpose of providing services, and who may transfer Personal Data to the Controller. Furthermore, Intermediary Service Providers include service providers who are not engaged in a contractual relationship with the Controller or the service provider, but by virtue of their access to the Website, they collect User data relating to a User, which, on their own or if combined by other data, can identify a certain User. Furthermore, the User shall be considered an Intermediary Service Provider by the Controller in relation to data processing performed on the hosting server used by the User.
Statement: the present Statement of the Controller.
3. Controller Data and Activities
Name: Bodrogolaszi Rugógyártó Kft.
Company Seat: 3943 Bodrogolaszi, Ország ut 1/A., Hungary
Phone Number: +36 47 503007
E-mail: info@bodrogrugo.hu
Tax Number: 11580771205
Company Registration Number: 05 09 006134
Data Protection Officer Position: Lawyer
Data Protection Registration Number of Bodrogolaszi Rugógyártó Kft: [registration pending].
The Controller is a company incorporated in Hungary.
The Controller is the operator of this Website, which serves the purpose of introducing the Company over the Internet.
4. Principles and Methods of Processing, Applicable Laws
4.1. During processing, the Controller shall act in accordance with the requirements of good faith, fairness and transparency, cooperating with the Users. The Controller shall only process data allowed under laws or submitted by Users for the purposes stipulated hereinunder. The scope of Personal Data processed shall be proportionate to the purpose of processing.
4.2. The Controller may only use Personal Data for a purpose different from that of the original data collection, he shall inform the User thereof; such use of Personal Data shall only be allowed pursuant to a prior explicit consent of the User, who shall have the right to prohibit such use.
4.3. The Controller shall not verify Personal Data submitted. The person providing Personal Data shall be exclusively responsible for the accuracy thereof.
4.4. Personal Data of data subjects under the age of 16 shall only be processed with the consent of the holder of parental responsibility over the child. As the Controller cannot verify the lawfulness or authenticity of the consenting party, the User or the holder of parental responsibility over the child shall be responsible for the lawfulness of such consent. Without consent, the Controller shall not collect Personal Data pertaining to data subjects under the age of 16.
4.5. The Controller shall only transfer Personal Data processed by him to Processors or Intermediary Service Providers stipulated and referenced hereinunder.
The provision stipulated under the present paragraph shall not apply to the use of statistically aggregated data, which shall not contain any data suitable for the identification of the User as data subject, and therefore, such use shall not be considered as Processing or data transfer.
In certain cases – including official court or police inquiries, legal proceedings, breach of intellectual property rights, property rights or other rights or the reasonable suspicion thereof, breach of Controller interests, risk of security breach related to the provision of services etc. -, the Controller shall disclose the accessible Personal Data of User as data subject to third parties.
Personal Data transferred by the Controller to the Processor and Intermediary Service Providers after May 25, 2018, as well as Personal Data processed or used by the Processor or Intermediary Service Providers shall be recorded, processed or and used pursuant to the provisions of the GDPR; these subjects shall make a statement towards the Controller regarding such activities.
4.6. The Controller shall inform the User as data subject, as well as all recipients of the Personal Data who received the pertinent data for Processing purposes, regarding the correction, restriction or erasure of Personal Data processed by the Controller. Such notification may be omitted if such conduct does not breach the lawful interests of the User pursuant to the purpose of Processing.
4.7. Pursuant to the relevant provision of GDPR, considering that the Controller is not a public authority or body, the core activities of the Controller do not consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale, and furthermore, the core activities of the Controller do not consist of processing special categories of data and personal data relating to criminal convictions, the Controller is not obliged to appoint a data protection officer.
4.8. The Controller shall process Personal Data pursuant to the relevant provisions of applicable laws. These applicable laws include, without limitation:
- Act No CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (“Information Act”);
- Act No XLVIII of 2008 on Essential Conditions of and Certain Limitations to Business Advertising Activity (“Business Advertising Act”);
- Regulation (EU) 2016/679 of the European Parliament and of the Council;
- Act No CVIII of 2001 on Certain Aspects of Electronic Commerce Services and Information Society Services (E- Commerce Act);
- §169 of Act No C of 2000 on accounting (regarding the storage of invoices).
5. Legal Basis of Processing
5.1. Considering the activities of the Controller, the legal basis for processing is the voluntary, informed and explicit consent of Users (§5 (1) a) of the Information Act), the appropriate informing of the User pursuant to the GDPR regarding profiling, and furthermore, Article 6 (1) f) of the GDPR. The Users engage with the Controller voluntarily, their registration is voluntary, and they choose to use the services of the Controller voluntarily. Without consent of the Users, the Controller shall only process personal data if such processing is clearly allowed under applicable laws.
5.2. The User has the right to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
5.3. For the purpose of providing services, considering the lawful interests of the Controller and for the purpose of providing lawful services (e.g. prevention of misuse or erasure of illegal content), the Controller shall register the IP address of the User upon him/her visiting the pertinent website without the explicit consent of the User.
5.4. The Transfer of Personal Data to Processors stipulated hereinunder shall be allowed without the explicit consent of the User. Unless stipulated otherwise under applicable laws, the disclosure of Personal Data to third parties or official authorities
shall only be allowed pursuant to a binding court decision or with the prior explicit consent of the User.
5.5. Upon submitting his/her e-mail address, every User assumes responsibility for being the sole user of services from the e-mail address submitted or through data provided by him/her. Considering this obligation, the User registering the e-mail address and submitting the pertinent data shall assume exclusive responsibility for any obligations relating to that e-mail address.
5.6. In some cases, processing is necessary for compliance with a legal obligation. The main applicable laws on data processing are stipulated under Article 4.8 of the present Statement. The Controller shall process personal data contained under the invoice issued thereby pursuant to relevant provisions of applicable laws on accountancy.
5.7. In some cases, processing is processing is necessary for the purposes of the legitimate interests pursued by the Controller; in such case, the Controller has and may perform the test of proportionality, which verifies that the pertinent processing is necessary for the purposes of the legitimate interests pursued by the Controller, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. In case of such request, the Controller shall inform the data subject pursuant to the provisions of this Statement and in accordance with the provisions of this paragraph.
6. Purpose of Data Processing
The Controller shall only process Personal Data for legitimate purposes, to exercise rights and fulfill obligations. Processing shall always adhere to the purpose thereof. Data shall be collected and processed fairly and lawfully. The Controller shall aim to process only Personal Data that is limited to what is necessary in relation to the purposes for which they are processed. The processing of Personal Data shall be limited to the scope and period needed to achieve the purpose of processing.
The primary purpose of processing is to operate the Website and forward promotions related to the services of the Controller.
Pursuant to the aforementioned, purposes of processing are:
- Identification and contacting the User;
- Fulfillment of obligation and exercise of rights by the Controller;
- Protection of User rights.
7. Data Sources
The Controller shall only process Personal Data provided by the Users; he shall not collect data from other sources.
Data shall be provided by the User during submitting a price quotation request. During the process, the User shall submit his/her name and e-mail address.
8. Scope of Data Processed
The Controller shall only process Personal Data provided by the Users. The scope of processed data includes: last name, first name, e-mail address.
Apart from the aforementioned, the Controller shall process technical data, including the IP address, pursuant to the provisions of Article 12 hereinunder.
9. Description of Data Processing
The source of data is the User, who submits data during the price quotation request. Unless stated explicitly otherwise, submission of data under the request form is mandatory.
The User shall submit data himself/herself, without any mandatory instructions or content requirements from the Controller. The User explicitly consents to the processing of data provided by him/her.
By submitting a price quotation request on the Website, the User explicitly consents to the storage, processing and use of (personal) data provided during the price quotation request by Bodrogolaszi Rugógyártó Kft pursuant to applicable laws.
10. Processing for Marketing Purposes, Newsletter Subscription
Upon consent of the User, the Controller may contact the User through the contact details provided and send direct advertisement to the User. Promotional material may be forwarded via mail, over the phone (including text messages) or via e-mail.
The legal basis for sending promotional material is always the consent of the User. The User may withdraw his/her consent at any time, with or without reason.
11. Processing of Technical Data and Cookies
The system of the Controller automatically records the IP address of the User’s computer, the time of visiting the website, and furthermore, in certain cases – pursuant to the settings of the computer -, browser and operational system data. Such recorded data shall not be combined by other personal data. These data shall only be processed for statistical purposes. The User accepts that the Website operated by Bodrogolaszi Rugógyártó Kft uses macros/cookies, including, without limitation, browser cookies, tracking cookies and computer cookies.
Cookies enable the Website to identify previous visitors. Cookies help the Controller as the operator of the Website to optimize its content and tailor the services offered on the Website to custom User preferences. Furthermore, cookies are used to
- save settings, so the User does not have to submit them again when navigating to a different site,
- remember previously submitted data, so they do not need to be submitted again,
- analyze the use of the Website, in order to use information gathered to perform improvements that aim to customize the Website to User preferences, and
- allow the User to find the requested information easier, and
- track the effectiveness of our advertisements.
If the Controller displays various content on the Website through the use of external hosting services, it may result in the storage of certain cookies which are not under control of the Controller, and therefore, the Controller cannot control whether such third-party websites or domains collect certain data. Further information on cookies may be found under the rules applicable to pertinent services.
The User may use the settings of his/her browser to allow all cookies, block all cookies, or notify the User if a cookie has been placed on his/her computer. Settings are usually accessible through the “Settings” or “Preferences” menu of the browser. Upon blocking the use of cookies, the User acknowledges that he/she may only access certain parts of the Website.
You may find further information in English language on cookie settings in various browsers at www.aboutcookies.org.
12. Data Transfer
The Controller shall only transfer Personal Data to third parties upon the explicit consent of the User (being aware of the scope of transferred data and the recipient thereof), or pursuant to applicable laws.
The Controller has the right and shall be obliged to transfer all lawfully stored and held Personal Data to official authorities,
the transfer of which is mandatory pursuant to applicable laws or legally binding decisions of official authorities. The Controller shall not be liable for such Data Transfer or any consequences arising therefrom.
The Controller shall always document all data transfers and keep records thereof.
13. Processors
In order to perform his obligations, the Controller may use the services of processors. Processors shall not make individual decisions; they shall only act pursuant to the contract concluded with the Controller and instructions received. The Controller shall monitor the work of processors. Processors may use subprocessors only with the consent of the Controller.
All processors used by the Controller shall be stipulated hereinunder.
Processors used by the Controller:
Development: Alphadesign Bt.
Server Operations: tarhelypark.hu
14. Intermediary Service Providers
During the operation of the Website, the Controller uses Intermediary Service Providers, who cooperate with the Controller.
Regarding Personal Data processed in the systems of Intermediary Service Providers, the provisions of the privacy statements adopted by Intermediary Service Providers shall prevail.
The Controller shall make all reasonable efforts to ensure that the Intermediary Service Providers process Personal Data received lawfully and exclusively for the purpose identified by the User or stipulated under the present Statement.
The Controller shall inform the Users regarding the data transfer to Intermediary Service Providers under the present Statement.
15. Data Protection, Access to Data
The Controller shall ensure the protection of data, adopt all technical and organizational measures and implement procedures to achieve compliance with relevant and applicable laws and regulations on data and privacy protection. The Controller shall ensure the protection of data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, as well as inaccessibility arising from altering the applied technology, using appropriate technical or organizational measures.
The Controller shall keep records of processed data pursuant to applicable laws, ensuring that only employees and other person acting on behalf of the Controller (processors) shall gain access to them for the purpose of performing their work and tasks. Within the organization of the Company, data shall only be accessed through logging. Employees of the Controller may perform queries or perform individual data operation only if instructed by the Controller or if such operations are necessary to provide certain services.
When identifying and implementing data protection measures, the Controller shall consider the technologies available at that time. The Controller shall select the processing method that ensures the highest level of data protection, without assuming undue efforts.
The Controller shall, within his data protection tasks, particularly:
- Adopt measures to prevent unauthorized access, including software and hardware protection and physical protection (access and network protection);
- Adopt measures to restore data, including regular backups, safe and separate processing of copies (making copies, data backups);
- Adopt measures of antivirus protection (antivirus measures);
- Adopt measures of protecting the integrity of data carriers, including fire, water, electrical or other damages caused by natural elements, and measures to restore data following damage caused by such events (archiving, fire protection).
Employees and other persons acting on behalf of the Controller shall store data carriers used or controlled by them, which contain personal data, in a safe manner, irrespective of the method used to record data, and furthermore, protect them from unauthorized access, alteration, transfer, disclosure, erasure, loss, accidental loss or damage.
The Controller operates the electronic log through a computer system, which shall comply with data protection requirements. This program shall ensure that data shall be accessed only by persons who need such data to perform their tasks, for the purpose followed and in a controlled environment.
16. Duration of Data Processing
The Controller shall erase personal data, if:
1. a) the processing is unlawful:
The Controller shall erase personal data that are processed unlawfully without undue delay.
1. b) upon request of the User (except for processing based on applicable laws):
The User may request the erasure of personal data provided under voluntary consent. In such cases, the Controller shall erase the personal data. Erasure may only be refused if the pertinent data may be processed pursuant to applicable laws. In every case, the Controller shall notify the data subject regarding the refusal of erasure and the lawfulness of processing pursuant to applicable laws.
1. c) the personal data is incomplete or inaccurate, and it cannot be remedied, if erasure is not prohibited under applicable laws;
1. d) the purpose of processing has ceased to exist, or the statutory period of processing has expired;
Erasure may be refused in the following cases: (i) data are necessary for exercising the right of freedom of expression and information; or (ii) for compliance with a legal obligation which requires processing; or (iii) for the establishment, exercise or defence of legal claims.
In every case, the Controller shall notify the User regarding the refusal of the erasure claim, indicating the reason of such refusal. Following the fulfillment of a claim for the erasure of personal data, previously erased data shall not be restored.
As the Controller provides continuous services to the User, the relationship between the Parties is concluded for an unlimited period. Considering this, the Controller shall process the personal data until the existence of the relationship between the Controller and the User (provided that the User has not requested the termination thereof), and until the Controller may provide services to the User.
All other data shall be erased by the Controller, if evident, that such data will not be used in the future, that is, the purpose of processing has ceased to exist.
1. e) the National Authority for Data Protection and Freedom of Information (NAIH) has ordered the erasure of data
The Controller shall erase personal data pursuant to a binding decision of the National Authority for Data Protection and Freedom of Information or a binding court decision.
Along with notifying the User, the Controller may restrict personal data, if requested by the User, or it may be assumed based on information available that the erasure would breach the lawful interests of the User. Restricted personal data may be processed until the existence of the purpose of processing that prohibits the erasure thereof. The Controller shall also restrict personal data if the User claims it is inaccurate or incomplete, but the accuracy or completeness of the pertinent personal data cannot be clearly assessed.
Regarding processing based on applicable laws, the provisions thereof shall apply in relation to the erasure of data.
Upon erasure, the Controller shall make the pertinent data unidentifiable. The Controller shall destroy the data carrier if instructed so by legal obligations.
17.User Rights, Exercise of Rights
18.1. Upon contacting the User, the Controller shall notify the User regarding the processing of data. Moreover, the User has the right to be informed regarding the data processing.
Upon request of the User, the Controller shall inform the User regarding the scope of personal data processed by the Controller or used by the Processor as per Controller instructions, including the source thereof; the purposes and duration of the processing for which the personal data are intended as well as the legal basis for the processing; the identity and the contact details of the controller; the categories of personal data concerned; the circumstances and effects of any personal data breaches and measures taken to eliminate them; and furthermore, upon transfer of User data, the recipients and legal basis of data transfer. The Controller shall provide information without undue delay but by no later than 25 days after receiving the request, in a concise way and in writing. The controller shall provide a copy of the personal data undergoing processing for free, if the data subject has not lodged a request to access the same scope of requested information in the pertinent year. For any further copies requested by the data subject, the controller may charge a reasonable fee. If data was processed unlawfully or the provision of information resulted in rectification, the administrative fee shall be refunded.
18.2. The User has the right to rectify personal data processed by the Controller. If rectifiable data served a purpose of providing regular information, the Controller may, as needed, inform the recipient of data provision about the rectification, and furthermore, notify the User that he/she shall request rectification from other controllers as well.
18.3. Except for processing pursuant to applicable laws, the User shall have the right to obtain from the Controller the erasure of personal data concerning him or her. The Controller shall notify the User regarding the erasure.
18.4. Pursuant to the relevant provisions of the Information Act, the User has the right to object against the processing of personal data concerning him or her.
18.5. The User may lodge a request for information, rectification or erasure in writing, via mail to the address or business site of the Controller, or by contacting the Controller via e-mail at info@bodrogrugo.hu.
18.6. If the User contests the accuracy of personal data processed, the User has the right to obtain from the Controller restriction of processing. Such restriction shall exist for a period enabling the Controller to verify the accuracy of the personal data. The Controller shall also restrict personal data if the User claims it is inaccurate or incomplete, but the accuracy or completeness of the pertinent personal data cannot be clearly assessed.
The Controller shall also restrict the processing of personal data, if the processing is unlawful and the data subject opposes the erasure of the Personal Data and requests the restriction of their use instead.
The Controller shall also restrict the processing of personal data, if the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
18.7. The User shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided.
18.8. If the Controller rejects the request of the User to rectify, restrict or erase personal data, it shall communicate the reasons for such refusal in writing within 25 days of receiving the pertinent request. Upon rejection of the request of the User to rectify, restrict or erase personal data, the Controller shall inform the User regarding the right to challenge the decision in a court of law, as well as contacting the Hungarian National Authority for Data Protection and Freedom of Information (NAIH).
18.9. The User may exercise his rights by using the contact details of the Controller stipulated under Article 2 hereinabove.
18.10. The User may file a complaint directly with the Hungarian National Authority for Data Protection and Freedom of Information (Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c.; Phone Number: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu) as well. Upon breach of his/her rights, the User may initiate proceedings before a court competent pursuant to §22 (1) of the Information act. The legal case shall be heard before the court competent. The User may, at his own discretion, initiate proceedings before the court competent pursuant to the permanent address or residence as well. Upon request, the Controller shall provide information to the User regarding the available means of legal remedies.
18. Modification of the Privacy Statement
19.1. The Controller reserves the right to modify the present Statement at any time and at his own discretion. The Controller may (but is not obliged) to inform the Users regarding any potential modifications of the present Statement through a system message. Pursuant to the information contained in the notification message, the User may exercise his/her rights in accordance with the provisions of applicable laws and the present Statement as amended.
19.2. If the User submits a price quotation request following the modification of this Statement, he/she accepts the provisions thereof as amended, without the need to obtain the consent of other Users.
Navigation
Product Groups
Request a Quote
In order to produce a price quotation, we will ask You to submit certain data on our inquiry page.
Click here to submit a detailed inquiry!
Contact Information
Bodrogrugó Kft.
3943 Bodrogolaszi, Ország út 1/A
Hungary