Privacy Policy

1. NAME OF DATA MANAGER, PERIOD OF DATA MANAGEMENT

Data manager:
SITEL Kft. (Budapest 1119, Fehérvári út 98-95, Cg.: 01-09-691343, Tel: +36 1 371 2270, E-mail: sitel@sitel.hu)

The Data Manager processes the data voluntarily provided by the User for a maximum of 5 (i.e. five) years from the date of data submission, or until the time when the person concerned does not withdraw his consent in writing at the Data Manager's contact details set out in this Information.

2. WEBSITE USE AND REGISTRATION

With the registration, the user can register on the website voluntarily, once, in one way. After registration, the person concerned can use the services provided on the website according to the terms of use, if such an option is available, based on the data he/she has provided.

During registration, with the voluntary consent of the user, he provides his personal data, makes the necessary declarations and accepts the provisions of this Data Management Information Sheet as well as the terms of use as binding on him.

The services of the website are also used by all persons who have not registered, but accept the provisions of this Data Management Notice as mandatory by entering and/or visiting the website for the purpose of obtaining information, thereby using the website for their activities.

By expressly accepting this Data Management Notice and/or using the website, the User expressly consents to the Data Controller's data processing in accordance with the itemized rules of this Data Management Notice.

When registering on the website, neither the username nor the e-mail address need to clearly and unequivocally identify a person. So, for example, it is not necessary that the username or e-mail address contains your name. You are completely free to decide if you enter a username or e-mail address that contains information that indicates your identity.

Sitel Kft. is not obliged to verify that the data provided by the registrant is real or correct, and Sitel Kft. excludes all liability for direct or indirect total damage and other legal consequences that may result from all of this.

If you can access your data with a password, you can change them at any time. Protecting the confidentiality of the password is the responsibility of the registrant. It is also the registrant's responsibility to treat his data with appropriate confidentiality. Sitel Kft. is not responsible for the unauthorized use of the password and for any indirect or direct total damage and other legal consequences resulting from it.

By registering, the registrant unconditionally and irrevocably undertakes that the provided registration data will be handled by himself or by a third party based on his authorization, and Sitel Kft. imposes the legal consequences of any misuse of the registered data - which is outside of its scope of interest - on the registered person.

3. ADVERTISING - PROMOTIONAL OFFERS - DIRECT MARKETING

After the users prior written consent, the Data Controller may occasionally send individual information regarding the data controller's products and services.

Scope of processed data:

  • e-mail address
  • name

Duration of data management:

The processing of the data by the Data Manager lasts until the user withdraws his consent to the sending of offers. After accepting the offers, the affected person can decide at any time that he no longer wants to receive offers.

You can cancel the use of the service via the link indicated in the offer or in other ways prescribed on the website, as well as by e-mail or postal mail sent to the contact details of the data controller indicated in this Data Management Notice, through which your processed data will also be deleted.

The duration of data management lasts until the consent of the concerned user is revoked.

4. CONTACT, CALL-BACK REQUEST FORMS

On the pages recording the mentioned contents, the Data Controller considers it necessary to provide the following personal data after the prior consent of the person concerned to make contact:

  • name
  • e-mail
  • phone
  • message
     

In order to use any paid service, you may also be asked to provide your credit card number as an additional personal data. The Data Controller informs the data subject that all these data are required for the purpose of completing the payment process and for the contractual fulfilment of any notification obligations.

Duration of data processing: Data processing by the Data Controller lasts until the user withdraws the consent given by filling out the form. The data subject may decide at any time after completing the form to no longer wish to be contacted.

You may cancel the contact in other ways as prescribed on the website, as well as by e-mail or postal mail sent to the contact details of the data controller indicated in this Privacy Notice, through which your processed data will also be deleted.

The duration of data management lasts until the consent of the data subject is withdrawn.

5. THE DATA PROCESSOR USED

The activities of Perfect Nova Hungary Zrt.:

Name of the data processor: Perfect Nova Hungary Zrt.

Activity performed by the data processor: storage service

Contact information of the data processor:info@perfectnova.hu

What data does the data processor receive:

  • visitor data based on Google Analytics

How long you use the data processor: indefinite
 

6. THE USER RIGHTS

The Data Controller shall reply to requests received by it without delay, but within a maximum of 30 days, and shall take the necessary measures, through the same channel as the one used to send the request (paper, electronic, etc.)

Based on Act CXII of 2011, the rights of the user are ensured by the Data Controller in the cases and in the manner provided for therein, as follows:

The data subject shall have the right to obtain, in respect of his or her personal data processed by the controller and by a processor acting on his or her behalf or under his or her instructions, under the conditions laid down in this Act *

a) to be informed of the facts relating to the processing prior before the start of the processing (hereinafter: the right to prior information),

b) On request to have access to his or her personal data and information relating to the processing, provided by the contoller (hereinafter referred to as the 'right of access'),

c) at his or her request, and in the further cases set out in this Chapter, to have his or her personal data rectified or completed by the controller (hereinafter referred to as the 'right of rectification'),

d) at his or her request, and in the further cases set out in this Chapter, the controller restricts the processing of his or her personal data (hereinafter referred to as the right to restriction of processing),

e) at his or her request, and in the further cases set out in this Chapter, to erasure of his or her personal data by the controller (hereinafter referred to as the 'right to erasure').

Article 21 * (1) If the data subject's request for rectification, erasure or restriction of the processing of personal data processed by the controller or by a processor acting on his or her behalf or at his or her instructions is refused by the controller, the data subject shall be informed in writing without delay.

a) the fact of the refusal, the legal and factual grounds for the refusal, and

(b) the rights of the data subject under this Act and the means of exercising them, in particular the right to rectification, erasure or restriction of the processing of personal data processed by the controller or by a processor acting on his or her behalf or under his or her instructions, with the assistance of the Authority.

(2) The controller may delay the provision of the information referred to in point (a) of paragraph (1) in proportion to the objective pursued, limit the content of the information or refrain from providing the information, if such action is indispensable to safeguard an interest as defined in points (a) to (f) of paragraph (3) of Article 16.

(3) Where a controller rectifies, erases or restricts the processing of personal data processed by it or by a processor acting on its behalf or at its instructions, the controller shall notify the fact and the content of that measure to the controllers and processors to which the data were transmitted before that measure was taken, in order to enable them to implement the rectification, erasure or restriction of processing in respect of their own processing.

Article 16 * (1) In order to ensure the exercise of the right to prior information, the controller shall, prior to the start of the processing operations carried out by the controller or by a processor acting on its behalf or at its instructions, at the latest immediately after the start of the first processing operation, provide the data subject with.

a) the name and contact details of the controller and - where a processing operation is carried out by a processor, the processor-,

b) the name and contact details of the Data Protection Officer,

c) the purposes of the proposed processing; and

d) a description of the rights to which the data subject is entitled under this Act and how to exercise them.

(2) At the same time as paragraph (1), in the same way or addressed to the data subject, the controller shall provide the data subject with information on.

a) the legal basis for processing,

b) the period of retention of the personal data processed and the criteria for determining that period,

c) in the event of a transfer or intended transfer of personal data processed, the recipients of the transfer, including recipients in third countries and international organisations,

d) the source of the personal data processed; and

e) any other relevant facts relating to the circumstances of the processing.

(3) The data controller may delay the provision of information in accordance with paragraph (2) in proportion to the desired goal, limit the content of the information or omit the information if this action is absolutely necessary

a) the efficient and effective conduct of investigations or proceedings - in particular criminal proceedings - conducted by it or with its participation,

b) the effective and efficient prevention and detection of criminal offences,

c) the enforcement of penalties and measures against offenders,

d) the effective and efficient protection of public security

e) the effective and efficient defence of the external and internal security of the State, in particular national defence and national security, or

f) to ensure the protection of the fundamental rights of third parties.

Article 17 * (1) In order to ensure the exercise of the right of access, the data subject shall be informed by the controller, upon request, whether his or her personal data are processed by the controller or by a processor acting on his or her behalf or at his or her instructions.

(2) Where the personal data of the data subject are processed by the controller or by a processor acting on his or her behalf or under his or her instructions, the controller shall, in addition to the requirements set out in paragraph 1, make available to the data subject the personal data of the data subject processed by the controller and by the processor acting on his or her behalf or under his or her instructions and shall communicate to the data subject

a) the source of the personal data processed,

b) the purpose and legal basis of the processing,

c) the scope of the personal data processed,

d) in the case of transfers of personal data processed, the recipients of the transfers - including recipients in third countries and international organisations,

e) the period of retention of the personal data processed and the criteria for determining that period,

f) a description of the rights to which the data subject is entitled under this Act and how to exercise them,

g) where profiling is used, the fact and

h) the circumstances in which a personal data breach has occurred in relation to the processing of the personal data of the data subject, the effects of the personal data breach and the measures taken to solve them.

(3) The controller may restrict or refuse the exercise of the right of access of the data subject in a manner proportionate to the aim pursued, if such a measure is indispensable for the purpose of securing an interest as defined in points (a) to (f) of paragraph (3) of Article 16.

(4) Where a measure pursuant to paragraph (3) is applied, the controller shall immediately inform the data subject in writing of.

a) the fact of the restriction or refusal of access and the legal and factual reason for such restriction or refusal, provided that the provision of such information to the data subject does not endanger the enforcement of an interest as defined in points (a) to (f) of paragraph (3) of Article 16, and

b) the rights to which the data subject is entitled under this Act and the means of exercising them, in particular the fact that the data subject may exercise his or her right of access with the assistance of the Authority.

Article 18 * (1) In order to exercise the right to rectification, the controller shall, if the personal data processed by the controller or by a processor acting on its behalf or on its behalf are inaccurate, incorrect or incomplete, without undue delay - in particular at the request of the data subject - rectify or correct them or, if compatible with the purposes of the processing, supplement them with additional personal data provided by the data subject or with a declaration by the data subject on the personal data processed (hereinafter jointly referred to as rectification).

(2) The controller shall be exempted from the obligation specified in paragraph (1) if.

a) accurate, correct or complete personal data are not available to you and the data subject does not make them available to you, or

b) the authenticity of the personal data provided by the data subject cannot be established beyond reasonable doubt.

(3)Where the controller rectifies personal data processed by him or by a processor acting on his behalf or under his instructions, as provided for in paragraph (1), he shall inform the data processor to which he has transmitted the personal data concerned by the rectification of the fact and of the rectified personal data.

Article 19 * (1) In order to enforce the right to restriction of processing, the controller shall restrict processing to the processing operations specified in paragraph (2),

a) where the data subject contests the accuracy, correctness or completeness of personal data processed by the controller or by a processor acting on his or her behalf or at his or her instructions, and the accuracy, correctness or completeness of the personal data processed cannot be established beyond reasonable doubt, for the period necessary to resolve the doubt,

b) where the data should be erased pursuant to point (a) of Article 20, but there are reasonable grounds to consider, on the basis of a written declaration by the data subject or on the basis of information available to the controller, that the erasure of the data would undermine the legitimate interests of the data subject, for the duration of the legitimate interest justifying the non-deletion,

c) if the data would have to be erased pursuant to point (a) of Article 20, but the data need to be kept as evidence in the course of investigations or proceedings - in particular criminal proceedings - carried out by or with the participation of the controller or another body with public-service mission, as provided for by law, until the final or legally binding conclusion of such investigations or proceedings,

d) if the data would have to be erased pursuant to point a) of Article 20, but the data need to be kept for the purpose of fulfilling the documentation obligation under paragraph (2) of Article 12, until the date specified in paragraph (4) of Article 25/F.

(2) During the period of restriction of processing, the controller or a processor acting on his behalf or under his instructions may carry out processing operations other than storage of the personal data subject to the restriction solely for the purposes of pursuing the legitimate interests of the data subject or as provided for by law, international treaties or binding European Union acts.

(3) In the event of the lifting of the restriction on processing provided for in point (a) of paragraph 1, the controller shall inform the data subject in advance of the lifting of the restriction on processing.

Article 19 *  In order to enforce the right to erasure, the controller shall promptly erase the personal data of the data subject, if

a) the processing is unlawful, in particular where the processing is

aa) is contrary to the principles laid down in § 4,

ab) the purposes for which the data are processed have ceased to exist or the further processing of the data is no longer necessary for the purposes for which the data are processed,

ac) the period laid down by law, an international treaty or a legally binding act of the European Union has expired; or

ad) its legal basis has ceased to exist and there is no other legal basis for the processing of the data,

b) the data subject withdraws his or her consent to the processing or requests the erasure of his or her personal data, unless the processing is based on point (a) or (c) of paragraph 1 of Article 5 or point (b) of paragraph 2 of Article 5,

c) the deletion of the data has been ordered by law, an EU act, the Authority or a court; or

d) the period specified in points (b) to (d) of paragraph (1) of Article 19 has elapsed.

7. ENFORCEMENT POSSIBILITIES

In order to assert his or her rights, the data subject shall comply with the provisions of the law

a) the National Authority for Data Protection and Freedom of Information (NAIH) may initiate an investigation by the Authority to examine the lawfulness of the controller's action where the controller restricts the exercise of specific rights or refuses a request to exercise those rights; and

b) may request the conduct of the official data protection procedure of the Authority if, in your opinion, the data manager or the data processor acting on the basis of his/her mandate violates the regulations regarding the handling of personal data, as defined in legislation or in a binding legal act of the European Union, during the processing of your personal data.

NAIH contact details: https://naih.hu/ugyfelszolgalat-kapcsolat

The data subject may bring an action before a competent court or tribunal against the controller or, in the context of processing operations within the scope of the controller's activities, against the processor, if he or she considers that the controller or the processor, acting on his or her behalf or at his or her instructions, is processing his or her personal data in breach of the provisions on the processing of personal data laid down by law or by a legally binding act of the European Union.

8. AMENDMENT OF THE NOTICE

The Data Controller reserves the right to unilaterally amend any provision of this Privacy Notice at any time, without giving any reason, without prior notice to the User and without any obligation to inform the User concerned. The Data Controller undertakes to publish the amended Privacy Policy on its website no later than 8 (i.e. eight) days before the amended Privacy Policy comes into force. The Data Controller may, at its option, send the amended Privacy Notice directly to its Users registered on its website, through the User Account available on the website, or to both registered and non-registered Users by the procedures provided upon registration or by the facilities provided by the use of the website, no later than 8 (i.e. eight) days before the amended Privacy Notice enters into force.

Budapest, 2021.

Language choice