THE PROTECTION OF NATURAL PERSONS RIGHTS WITH REGARD TO THE PROCESSING OF PERSONAL DATA
INTRODUCTION
Why is this privacy notice made?
During its operation, the Data Controller handles personal data for several purposes, while respecting the rights of the data subjects and fulfilling legal obligations. The Data Controller also considers it important to present to the data subject the handling and the most important characteristics of the personal data that came to the controller’s knowledge during the data processing activities.
What is the legal basis of processing the data subjects’ personal data?
Personal data is only processed for a specific purpose and on an appropriate legal basis. These purposes and legal bases are presented individually, in relation to specific data processing.
What external assistance is used to process your personal data?
Personal data is mostly processed by the Data Controller at own premises. However, there are operations for which a data processor’s external help is necessary. The data processor may change according to the characteristics of each data processing.
Who is processing your personal data?
The data subject may receive information about the data processors employed by the Data Controller and their contact details in section II of this privacy notice.
SECTION I.
NAME OF THE DATA CONTROLLER
The issuer of this privacy notice and the Data Controller: COMPANY NAME: APEBE s.r.o.
REGISTERED SEAT: Ružový háj 4281/55 929 01 Dunajská Streda, Slovakia
COMPANY REGISTRATION NUMBER: 54883318 TAX NUMBER: 2121808348
EUID IDENTIFIER: SKORSR.54883318
REPRESENTS: Ágnes Kovalcsik EMAIL: admin@ paristick.com CONTACT: http://paristick.com/ (hereinafter: Company)
SECTION II
NAME OF THE DATA PROCESSORS
Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; (Regulation 2016/679 Article 4 8.)
To use a data processor, prior consent from the data subject is not required, but he or she must be notified. Accordingly, the following information is provided:
Hosting Provider:
COMPANY NAME: Tárhely.Eu Kft.
REGISTERED SEAT: 1144 Budapest, Ormánság street 4. X. floor 241. CONTACT: https://mail.tarhely.eu/
Website development:
IT and marketing service provider company.
Data processor performing invoicing and payroll tasks:
COMPANY NAME: Shark kzm s.r.o.
REGISTERED SEAT: Senný trh 3116/7, 945 01 Komárno, Slovakia
COMPANY REGISTRATION NUMBER: 52 363 813
CONTACT: https://shark-kzm.sk/hu/
Recipients:
COMPANY NAME: Google LLC
REGISTERED SEAT: Mountain View, California, USA CONTACT: https://mail.google.com/
COMPANY NAME: Facebook, Inc.
REGISTERED SEAT: Menlo Park, California, USA CONTACT: https://www.facebook.com/
COMPANY NAME: Stripe, Inc.
REGISTERED SEAT: 1 Grand Canal Street Lower, Dublin, County Dublin, IE CONTACT: https://stripe.com/en-hu
COMPANY NAME: Zendesk, Inc.
REGISTERED SEAT: 1019 Market Street, San Francisco, CA 94103, US
CONTACT: https://www.zendesk.com/
COMPANY NAME: Tatra banka, a.s.
REGISTERED SEAT: Hodžovo námestie 3, 811 06 Bratislava 1
CONTACT: https://moja.tatrabanka.sk/html-tb/
COMPANY NAME: PayPal (Európa) S.à r.l. et Cie, S.C.A. REGISTERED SEAT: 283, route d'Arlon, L-1150 Luxembourg. CONTACT: https://www.paypal.com/
Where the Privacy Notice generally refers to transfers to the Company's data processors, in those cases it should also be understood to refer to transfers to the above recipients.
SECTION III. LAWFULNESS OF PROCESSING
1. Data processing based on the data subject’s consent
- Where the Company intends to carry out data processing based on consent, the data subject's consent to the processing of his or her personal data shall be obtained by means of the data request form and information as set out in the Data Processing
- Consent shall also be deemed to be given if the data subject ticks a box when viewing the Company's website, makes the relevant technical settings when using information society services, or makes any other statement or takes any other action which clearly indicates the data subject's consent to the intended processing of his or her personal data in the relevant Silence, ticking a box or inaction therefore does not constitute consent. The continuation of a telephone call after having been duly informed shall constitute consent.
- Consent covers all processing activities carried out for the same purpose or Where processing is carried out for more than one purpose, consent shall be given for all the purposes for which the processing is carried out.
- Where the data subject gives his or her consent in the context of a written statement which also relates to other matters, such as the conclusion of a sales or service contract, the request for consent must be presented in a manner clearly distinguishable from those other matters, in a clear and easily accessible form, in clear and plain
Any part of such a statement containing the consent of the data subject which is in breach of the Regulation shall not be binding.
- The Company shall not make the conclusion or performance of a contract conditional on the giving of consent to the processing of personal data which are not necessary for the performance of the
- The data subject may withdraw his/her consent at any time by sending an e-mail to the e-mail address indicated in Chapter
- If the data subject withdraws his/her consent, the controller may no longer process his/her Where consent is withdrawn, the controller must ensure that the data are erased, unless another legal basis allows for the processing of those data (e.g. storage requirements or the need to perform a contract). Where processing has been carried out for more than one purpose, the controller may not use the personal data for the purpose for which the data subject has withdrawn consent.
2. Data processing based on performing legal obligations
- In the case of data processing based on performing legal obligations, the scope of the data that can be processed, the purpose of the data processing, the duration of data storage and the recipients are governed by the provisions of the underlying
- The processing of personal data for compliance with a legal obligation is based on the regulation, regardless of the consent of the data
In this case, prior to the processing of the data, the data subject shall be informed that the data processing is obligatory and shall be clearly and in detail informed of all facts concerning the processing, in particular the purpose and legal basis of the data processing, the person authorized to handle and process the data, the duration of the data processing, whether the personal data of the data subject are processed by the Data Controller on the basis of the legal obligation applicable to him or her, and who can get access to the data. The information shall include the rights and remedies available to the data subject. In the case of mandatory data processing, the information may also take place with the publication of a reference to the legislative provisions which contain the foregoing information.
3. Data processing based on legitimate interests
- The legitimate interests of the Company or a third party may provide a legal basis for the processing, provided that the interests, fundamental rights and freedoms of the data subject do not The reasonable expectations of the data subject based on
his or her relationship with the controller should be taken into account, so that the processing of personal data for contact purposes, even for direct marketing purposes, may be considered to be based on legitimate interests.
- The processing based on legitimate interests requires a balancing of interests test, in which the Company will always take into account the current circumstances and the situation of the controller and the data In the case of processing in the interest of the Company, the balancing of interests tests carried out separately have led to the following result: in the balancing of interests test, the Company has concluded, taking into account the conditions described for the processing in question, that the processing is justified subject to the appropriate safeguards, as set out in this Policy, without which the Company would not be able to operate competitively. In this light, the emotional impact on data subjects and the harm to their right to privacy can be considered proportionate.
4. Data processing for the protection of the vital interests of the data subject or other natural person
- The protection of the vital interests of the data subject or of another natural person may also provide a legal basis for processing, given that the right to data protection is fundamental but not exclusive, and that the right to the protection of personal data is naturally overridden by the right to life in a life and death
5. Data processing based on contractual interests
- Data processing may also be based on a contractual interest if it is necessary for the performance of a contract in which the data subject is a party or if it is requested by the data subject in order to prepare the
6. Promoting the rights of the data subject
- The Company is obliged to ensure the exercise of the rights of the data subject during all data
SECTION IV.
INFORMATION ABOUT DATA PROCESSING BY THE COMPANY
Customer data: managing data of contracting partners, contacts - registering customers, suppliers
- The Company may process the name, name at birth, date of birth, mother's name and address of the natural person who has a contractual relationship with it for the purposes of preparing, concluding, performing, terminating or granting a contractual benefit, in summary, supporting economic processes in the common interest, for the purpose of the performance of a contract, tax identification number, tax number, entrepreneur's or self-employed person's identity card number, personal identity card number, address, address of registered office, address of premises, telephone number, e-mail address, website address, bank account number, customer number (customer number, order number), online identifier (list of customers, suppliers, frequent buyer lists), medical fitness documents, This processing is also lawful if it is necessary to take steps at the request of the data subject prior to the conclusion of the contract. Recipients of personal data: the Company's employees performing customer service tasks, employees performing accounting, tax, business, invoicing tasks and data processors. The period of storage of personal data is 8 years after the termination of the contract in view of the long-term business relationship of the Company.
- The legal basis for the processing of the data of the natural person contracting party provided in the contract for accounting and taxation purposes is the fulfilment of a legal obligation, in this context the storage period is 8
- The Company shall process the personal data of the natural person acting on behalf of the legal person contracting with it - the person signing the contract - provided in the contract, as well as his/her address, e-mail address and telephone number, online identification number for the purposes of contract preparation, contact, exercise of rights and obligations arising from the contract - in summary, support of economic processes arising in the common interest - for the legal title of contract The storage period of these data is 8 years after the termination of the contract. In the case of processing based on legitimate interest, the data subject has the specific right to object to the processing.
- The Company shall process the name, address, telephone number, e-mail address, online identifier of the natural person - not a signatory - designated as a contact person in a contract concluded with it for the purpose of maintaining contact and exercising rights and obligations arising from the contract - in summary, to support economic processes in the common interest - for the performance of the contract, taking into account that the contact person is in an employment relationship with the contracting party, so that this processing does not adversely affect the rights of the data The Contracting Party declares that it has informed the contact person concerned of the processing relating to his capacity as contact person. The storage period of this data shall be 8 years after the contact has been established.
- With regard to all data subjects, the recipients of personal data are: the Company's senior management, employees performing customer service tasks, contact persons, the Company's data processors, in particular employees performing accounting, tax and business processing tasks, and data
- Personal data may be transferred for data processing to the accounting office appointed by the Company for taxation and accounting purposes, to the Hungarian Postal Service or the appointed courier service for postal delivery, to the Company's security agent for asset protection purposes, to the Company's data
- The processing shall be considered lawful if it is necessary in the context of a contract or the intention to conclude a contract (Preamble 44) if it is necessary for the purposes of taking steps at the request of the data subject prior to the conclusion of the contract (Article 6 (1) ). Thus, personal data collected in the context of contractual offers may also be processed for the purposes of the performance of a contract as described in this point. When making or receiving an offer, the Company is obliged to inform the offeror or the offeree of the offer.
- The data processing clauses and information to be applied in the contracts to be concluded by the Company are set out in Annex 5 to these It is the duty and obligation of the Company's employees to ensure that these data processing clauses are included in the text of the contract.
Sending messages on the Company's website
- The natural person using the website (user) can give his/her consent to the processing of his/her personal data by ticking the relevant It is prohibited to tick the box in advance.
- The scope of personal data processed: the name of the natural person (surname, first name), e-mail address, phone
- Purpose of the processing of personal data:
- to enable the personalised and optimal functioning of the website (4)The legal basis for the processing is the consent of the data subject.
- Recipients of the personal data: the Company's IT data controllers; data processors
- Duration of storage of personal data: 5 years or until the data subject's consent is withdrawn (request for erasure).
- The data subject acknowledges that the provision of data is not a prerequisite for the conclusion of a contract and is not obliged to provide his/her personal
Data management in the Company's webshop
- Purchases made in the webshop operated by the Company shall be deemed to be a contract, subject to Article 13/A of Act CVIII of 2001 on certain issues of electronic commerce services and information society services, and to Government Decree 45/2014 (26.II.) on the detailed rules of contracts between consumers and In the case of purchases made in a webshop, the legal basis for data processing is the contract.
- The Company may process the natural personal identification data and the address of the customer registering in the webshop for the purpose of creating, defining the content of, amending and monitoring the performance of the contract for the provision of information society services, invoicing the fees arising therefrom, and enforcing the claims related thereto, in accordance with Article 13/A (1) of Act CVIII of 2001, and the telephone number, e-mail address, bank account number and online identifier of the customer registering in the webshop, and in accordance with the
- For billing purposes, the Company may process personal data relating to the use of information society services, address, delivery address, as well as data relating to the time, duration and place of use of the service, pursuant to Article 13/A (2) of Act CVIII of
- Recipients and categories of recipients of personal data: employees of the Company performing tasks related to customer service, money management, transport, marketing activities, as data processors, data processors of the Company, in particular employees of the company performing tax and accounting tasks of the Company, for the purpose of fulfilling tax and accounting obligations, employees of the Company's IT service provider for the purpose of fulfilling hosting services, employees of the courier service for the purpose of delivery data (name, address, telephone number).
- Duration of the processing of personal data: until the registration/service is completed or until the data subject's consent is withdrawn (request for deletion), in case of a purchase, until the end of the 5th year following the year of
- When shopping in the online shop, the Privacy Policy must be made available with a link and the customer must accept
Data management in relation to social media (Facebook, Instagram)
- Our Company has only limited influence on the data processing of social media platform In those places where we can influence and parameterize it, we will facilitate its data processing in a manner that is appropriate from a data protection point of view within the range of possibilities available to us. In most cases, however, we have no control over the operator's activities, so we have no information about exactly what data is processed. Facebook's privacy policy can be found at: https://www.facebook.com/privacy/explanation/ Instagram's privacy policy can be found at: https://help.instagram.com/519522125107875
- The Controller manages its own page on The data subject can subscribe to the news feeds published on the Facebook page's message board by clicking on the "like" or "like" link on the pages. To be able to contact the Data Controller via Facebook, you must be logged in. For this purpose, Facebook also requests, stores and processes personal data. The Controller has no control over the type, scope and processing of these data and does not receive personal data from the Facebook operator. On Facebook pages, the Data Controller processes the personal data of followers on the basis of the voluntary consent of the followers, which is deemed to have been given by the fact that the person concerned likes, follows or comments on the page or posts. The data subject declares that he/she is over 16 years of age when requesting services on the Facebook page of the Controller. A person under the age of 16 requires the consent of his or her legal representative in order for his or her declaration of consent to the processing to be valid pursuant to Article 8(1) of the GDPR. The controller is not in a position to verify the age and entitlement of the person giving consent, so the data subject warrants that the data he or she has provided is accurate.
- Purpose of processing: to provide information on current information, news concerning the Data Controller, advertising on social media, presentation and promotion of The Facebook page is used by the Data Controller for marketing purposes in order to inform interested parties about its services and to enable them to contact the Data Controller.
- Legal basis for processing: voluntary consent of the data subject (in accordance with Facebook, Instagram policies)
- Data subject: name of the data subject; data subjects: users of the social media platform
- Duration of data processing: the data subject can unsubscribe from the Facebook page of the Data Controller by clicking on the "dislike" or "do not like" button or delete unwanted content by using the settings on the message The active status of the service
- Recipients: the employees of the data controller performing tasks related to customer service and marketing, the Company's data processors as data processors, in particular the Company's IT service
(1)The data subject acknowledges that the provision of data is not a prerequisite for the conclusion of a contract and is not obliged to provide his/her personal data. The possible consequence of not providing the data is the failure to inform the Data Controller about current news and services concerning the Data Controller.
Management of recruitment data, applications, CVs
- The personal data that may be processed include: the name, date and place of birth, mother's name, address, qualifications, photograph, telephone number, e-mail address of the natural person, employer's record of the applicant (if any).
- Purpose of the processing of personal data: application, assessment of the application, conclusion of an employment contract with the selected The data subject must be informed if the employer has not chosen him/her for the job in question.
- Legal basis for the processing: the data subject's consent (deemed to have been given at the time of sending the application). The legal consequence of withdrawing consent is non-recruitment.
- Recipients or categories of recipients of personal data: managers and employees performing labour-related tasks who are entitled to exercise employer rights at the
- Duration of storage of personal Until the application or tender is assessed, for a maximum of 2 years. Personal data of unsuccessful applicants will be deleted. The data of candidates who withdraw their application or candidature must also be deleted.
Data processing for tax and accounting obligations
- The Company shall process the data of natural persons who have come into contact with it for the purposes of fulfilling a legal obligation, tax and accounting obligations (bookkeeping, taxation) as provided for by law. -of the Act of 2000 on Accounting: name, address, designation of the person or organisation ordering the transaction, signature of the person ordering the transaction and the person certifying the execution of the order, and, depending on the organisation, the signature of the controller; on stock movement vouchers and cash management vouchers: signature of the recipient and on counterfoils: signature of the payer, and under Act CXVII of 1995 on Personal Income Tax: tax identification number.
- Data processing related to the keeping of the driver's logbook and the driver's logbook (in relation to vehicles used by more than one holder): the Company processes the data specified by law (name of the driver, type of vehicle, registration number, date and purpose of the journey, route taken, name of the business partner visited) for the purposes of legal obligations, cost accounting, supporting documents, tax assessment and fuel saving. The relevant legislation is Act No. CXVII of 1995 (Tax Act), § 27/2/, Annex 3, item 6 and Annex 5, item
- The period of storage of personal data shall be 8 years after the termination of the legal relationship giving rise to the legal
- Recipients of personal data: employees and data processors of the Company performing tax, accounting, payroll and social security
Payer data processing
- The Company shall process the personal data of the data subjects - employees, their family members, workers, recipients of other benefits - with whom it has a relationship as a paying agent (Act 2017: on the Order of Taxation (Art.), § 7.31.) for the purposes of fulfilling its legal obligations, tax and contribution obligations (tax, advance tax, contributions, payroll, social security, pension administration). The scope of the data processed is defined in Art. Article 50 of the Act defines the data subject of the data subject, specifically highlighting: the natural person's natural person identification data (including previous name and title), gender, nationality, tax identification number, social security number (social security number). If the tax laws impose a legal consequence, the Company may process data relating to employees' membership of health (Section 40 of the Social Security Act) and trade unions (Section 47(2) b) of the Social Security Act) for the purposes of meeting tax and contribution obligations (payroll accounting, social security administration).
- The period of storage of personal data shall be 8 years after the termination of the legal relationship giving rise to the legal
- Recipients of personal data: employees and data processors of the Company performing tax, payroll, social security (payroll)
Processing of documents of lasting value under the Archives Act
- The Company shall, in the performance of its legal obligation, process documents of permanent value pursuant to Act LXVI of 1995 on public records, public archives and the protection of private archival material (Archives Act), in order to ensure that the permanent value of the Company's archival material is preserved intact and in a usable condition for future Duration of storage: until the transfer to the public archives.
- Recipients of the personal data: the head of the Company, employees of the Company who are responsible for the management and archiving of the records, employees of the public
SECTION V.
COOKIE POLICY ON THE WEBSITE OF THE COMPANY
- Cookies are text files with small pieces of data, that are stored in the user’s computer or phone (HDD, SSD) until their expiration date, and if a user returns to that site in the future, the web browser returns that data to the web Their purpose is to store data regarding visiting the website, and personal adjustments, but these are not personal data of the user. Cookies help to create a user friendly website and to improve the user’s experience. If the user does not agree to use cookies, the use of the website will be intermitted.
- Purpose of personal data processing: improvement in user’s internet experience, storage of personal adjustments
- Legal basis of data processing: the data subject’s freely given consent
- Categories of processed personal data: the Data Controller stores every analytical information without name or any other personal data
- Period for which the personal data are stored: The data subject can delete the cookies anytime on his or her computer or phone
SECTION VI.
INFORMATION ABOUT THE RIGHTS OF DATA SUBJECT
You can find further information about the rights of the data subject in General Data Protection Regulation (https://eur-lex.europa.eu/legal- content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN)
- Information and access to personal data (Article 13 and 14)
- Right of access by the data subject (Article 15)
- Right to rectification (Article 16)
- Right to erasure (‘right to be forgotten’ – Article 17)
- Right to restriction of processing (Article 18)
- Right to data portability (Article 20)
- Right to object (Article 21)
- Right to not be subject to automated individual decision-making, including profiling (Article 22),
- Right for remedies (Article 77-82).
Right to lodge a complaint with a supervisory authority:
- Every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes General Data Protection You can find further information about remedies under Article 77.
- Contact of the supervisory authority:
Office for Personal Data Protection of the Slovak Republic
(Úrad Na Ochranu Osobných Údajov) Hraničná 12 820 07 Bratislava 27
Tel. + 421 2 32 31 32 14
Fax + 421 2 32 31 32 34
Email: statny.dozor@pdp.gov.sk
Website: http://www.dataprotection.gov.sk/
Place and date: Slovakia, 10th November 2022
APEBE s.r.o.