{"id":3,"date":"2024-08-13T14:48:11","date_gmt":"2024-08-13T12:48:11","guid":{"rendered":"https:\/\/mahart.temarketinged.hu\/?page_id=3"},"modified":"2024-10-02T14:31:39","modified_gmt":"2024-10-02T12:31:39","slug":"adatkezelesi-tajekoztato","status":"publish","type":"page","link":"https:\/\/mahartlog.hu\/en\/adatkezelesi-tajekoztato\/","title":{"rendered":"Privacy Notice"},"content":{"rendered":"<div data-elementor-type=\"wp-page\" data-elementor-id=\"3\" class=\"elementor elementor-3\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-74a63e7f e-con-full e-flex e-con e-parent\" data-id=\"74a63e7f\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t<div class=\"elementor-element elementor-element-14d09a77 e-con-full ferde-box e-flex e-con e-child\" data-id=\"14d09a77\" data-element_type=\"container\" data-e-type=\"container\" id=\"ferde-box\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t<div class=\"elementor-element elementor-element-53262c4f elementor-widget elementor-widget-heading\" data-id=\"53262c4f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Privacy Notice<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-77894672 e-flex e-con-boxed e-con e-parent\" data-id=\"77894672\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e4b80bc elementor-widget elementor-widget-text-editor\" data-id=\"e4b80bc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Privacy statement for the MAHARTLOG GROUP<\/p>\n<h3><b>Data Controller:\u00a0<br \/><\/b><b>MAHARTLOG GROUP\u00a0<\/b><\/h3>\n<ul>\n<li aria-level=\"1\">\n<h4><b>MAFRACHT Kft.<\/b><\/h4>\n<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Registered office: 1121 Budapest, M\u00e1rtonv\u00f6lgy utca 26.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tax number: 10456684-2-43<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Company registration number: 01-09-072706<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Represented by: G\u00e1bor Sp\u00e1nyik<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Phone number: +36 1 429-5010<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Email: mahartlog@mahartlog.hu<\/span><\/p>\n<p class=\"translation-block\">Website: <a href=\"https:\/\/mahartlog.hu\/en\/\" target=\"_self\"><b>www.mahartlog.hu<\/b><\/a><\/p>\n<ul>\n<li aria-level=\"1\">\n<h4><b>Mahartlog Port Ltd.<\/b><\/h4>\n<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Registered office: 2536 Nyerges\u00fajfalu, B\u00e9csi \u00fat 5.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tax number: 25717215-2-11<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Company registration number: 11-09-026487<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Represented by Klaudia Kov\u00e1cs-Dom\u00e1n Be\u00e1ta\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Phone number: +36 1 429-5010<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Email: mahartlog@mahartlog.hu<\/span><\/p>\n<p class=\"translation-block\">Website: <a href=\"https:\/\/mahartlog.hu\/en\/\" target=\"_self\"><b>www.mahartlog.hu<\/b><\/a><\/p>\n<ul>\n<li aria-level=\"1\">\n<h4><b>Mahartlog Invest PLC.<\/b><\/h4>\n<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Registered office: 1121 Budapest, M\u00e1rtonv\u00f6lgy utca 26.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tax number: 25896794-2-43<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Company registration number: 01-10-049250<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Represented by: Katalin M\u00e1ria Bubics<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Phone number: +36 1 429-5010<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Email: mahartlog@mahartlog.hu<\/span><\/p>\n<p class=\"translation-block\">Website: <a href=\"https:\/\/mahartlog.hu\/en\/\" target=\"_self\"><b>www.mahartlog.hu<\/b><\/a><\/p>\n<p><span style=\"font-weight: 400;\">Last modified: 30 September 2024.<\/span><br \/><br \/><\/p>\n<h2><b>General information<\/b><\/h2>\n<h3><b>Purpose of the Privacy Notice:<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The purpose of this Privacy Notice is to inform the Data Controller about the data protection and data management principles and rules applicable to the processing of personal data of persons who come into contact with the Data Controller.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In drafting the provisions of this Privacy Notice, the Data Controller has taken particular account of the provisions of Regulation 2016\/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95\/46\/EC (General Data Protection Regulation, hereinafter referred to as \"GDPR\"), Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (hereinafter referred to as \"Infotv.\") and other relevant legislation.<\/span><\/p>\n<h3><b>Concepts related to data management<\/b><\/h3>\n<p><span style=\"font-size: inherit;\">The definitions of personal data processing are set out in the GDPR. For the sake of transparency and clarity, the Data Controller sets out the most important terms in this section, taken from the GDPR.\u00a0\u00a0<\/span><br \/><b><\/b><\/p>\n<ul>\n<li aria-level=\"1\" class=\"translation-block\"><b>\"personal data\"<\/b> means any information relating to an identified or identifiable natural person (\"data subject\"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;<\/li>\n<\/ul>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\" class=\"translation-block\"><b>\"sensitive data\"<\/b> means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, genetic data and biometric data revealing the identity of natural persons, health data and personal data concerning the sex life or sexual orientation of natural persons. The processing of these data is prohibited as a general rule.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\" class=\"translation-block\"><b>\"processing\"<\/b> means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\" class=\"translation-block\"><b>\"restriction of processing\"<\/b> means the marking of stored personal data for the purpose of restricting their future processing;<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\" class=\"translation-block\"><b>'controller'<\/b> means a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or specific criteria for the designation of the controller may also be determined by Union or Member State law;<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\" class=\"translation-block\"><b>\"processor\"<\/b> means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\" class=\"translation-block\"><b>\"recipient\"<\/b> means a natural or legal person, public authority, agency or any other body to whom or with which personal data is disclosed, whether or not a third party. Public authorities which may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\" class=\"translation-block\"><b>\"third party\"<\/b> means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\" class=\"translation-block\"><b>\"the data subject's consent\"<\/b> means a freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\" class=\"translation-block\"><b>\"enterprise\"<\/b> means any natural or legal person carrying on an economic activity, regardless of its legal form, including partnerships or associations carrying on a regular economic activity.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\" class=\"translation-block\"><b>\"data breach\"<\/b> means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\" class=\"translation-block\"><b>\"supervisory authority\"<\/b> means an independent public authority established by a Member State in accordance with Article 51 of the GDPR;<\/li>\n<\/ol>\n<h3><b>Principles of data management<\/b><\/h3>\n<ul>\n<li><span style=\"font-size: 17px;\">The processing of personal data must be lawful, fair and transparent for the data subject.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Personal data may only be processed for specific purposes and on a legal basis, for the exercise of a right or the performance of an obligation.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">At all stages of processing, the purpose of the processing must be fulfilled and the collection and processing of data must be fair and lawful. Only personal data that is necessary for the purpose of the processing and is adequate for the purpose shall be processed.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Personal data may be processed only to the extent and for the duration necessary for the purposes for which they are collected.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The Data Controller's data management is accurate and up to date. The Controller shall take all reasonable steps to ensure that personal data inaccurate for the purposes of processing are erased or rectified without undue delay.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The Data Controller shall store personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed, subject to the storage obligations laid down in the applicable legislation.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Personal data must be processed in such a way as to ensure adequate security of personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The Data Controller is responsible for compliance with the principles described above and must be able to demonstrate such compliance.<\/span><b><\/b><\/p>\n<h2><b>Purpose, legal basis and method of processing<\/b><b><\/b><\/h2>\n<h3><b>3.1. Data processing related to contacting<\/b><\/h3>\n<p><b>3.1.1. Contact via email and online contact form<\/b><\/p>\n<p><b>Purpose of processing:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Contacting and maintaining contact with the data subject on the basis of the data subject's request. The Data Controller will use the data provided by the Data Subject for a specific purpose and only in connection with the Data Subject's request. The disclosure of personal data to third parties, unless otherwise required by law, shall only be possible with the express prior consent of the Data Subject.<\/span><\/p>\n<p><b>Legal basis for processing<\/b><span style=\"font-weight: 400;\">:\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Voluntary consent of the data subject pursuant to Article 6(1)(a) GDPR<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The processing is based on the data subject's voluntary and informed consent, which the data subject gives by sending the request and the data contained therein to the Data Controller to the extent necessary to reply to the request and to carry out the activities contained therein (e.g. providing information).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Consent is given by the Data Subject by voluntarily providing the data in question and, in the case of a form, by completing it\/checking the box.<\/span><\/p>\n<p><b>Scope of personal data processed:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">name (first and last name)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">email address<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">optionally a telephone number<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">message<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The Controller does not verify the personal data provided to it. The person providing the data shall be solely responsible for its accuracy.\u00a0<\/span><\/p>\n<p><b>Duration and method of data processing:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The processing of the personal data provided in the context of contacting or maintaining contact lasts until:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">until the data subject withdraws his or her consent,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">but for a maximum of six months from the date of the data.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Data storage method: electronic.<\/span><\/p>\n<p><b>\u00a03.1.2. Contact by phone<\/b><\/p>\n<p><b>Purpose of processing:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The data subject may also contact the Data Controller by telephone. In this case, the Data Controller will also know the first and last name of the caller and the telephone number. The purpose of the processing is to contact the data subject on the basis of the data subject's request.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">By contacting the Data Controller by telephone, the Data Controller will inform the Data Subject orally of the availability of this notice and will draw the caller's attention to the fact that the Data Controller will only process personal data if the caller confirms in writing that he or she has read and accepted the contents of this notice.<\/span><\/p>\n<p><b>Legal basis for processing<\/b><span style=\"font-weight: 400;\">:\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Voluntary consent of the data subject pursuant to Article 6(1)(a) GDPR<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The processing is based on the data subject's freely given informed consent, which he or she gives by sending the Data Controller the request and the data contained therein, to the extent necessary to reply to the request and to carry out the activities contained therein.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Consent is given by the data subject voluntarily providing the data in question.<\/span><\/p>\n<p><b>Scope of personal data processed:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Name<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">phone number<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The Controller does not verify the personal data provided to it. The person providing the data shall be solely responsible for its accuracy.\u00a0<\/span><\/p>\n<p><b>Duration and method of data processing:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The processing of the personal data provided in the context of contacting or maintaining contact lasts until:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">until the data subject withdraws his or her consent,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">but for a maximum of six months from the date of the data.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Data storage method: electronic.<\/span><\/p>\n<p><b>3.1.3. Contact via social media platform<\/b><\/p>\n<p><b>Purpose of processing:\u00a0<\/b><\/p>\n<p class=\"translation-block\">The data controller operates a Facebook page (https:\/\/www.facebook.com\/MAHARTLOG), an Instagram page (https:\/\/www.instagram.com\/mahartlog), a TikTok page (https:\/\/www.tiktok.com\/@mahartlog) and a LinkedIn profile (https:\/\/www.linkedin.com\/company\/mahartlog-ltd\/ ) for the purpose of providing online contact opportunities, publishing posts, promoting the business and reaching potential customers.<\/p>\n<p><span style=\"font-weight: 400;\">When posting comments to posts related to the business, the Data Controller gets to know the first and last name of the commenters and their comments, which are accessed on the basis of consent.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You can also send messages on Facebook, Instagram and TikTok. When sending a message, the Data Controller obtains the sender's first and last name, which is based on the sender's consent. In the case of contact by Facebook, Instagram and TikTok messages, the Data Controller shall inform the data subject in writing of the availability of this notice and shall draw the sender's attention to the fact that the Data Controller may process his\/her personal data only if the sender confirms in writing that he\/she has read and accepted the contents of this notice.\u00a0<\/span><\/p>\n<p><b>Legal basis for processing<\/b><span style=\"font-weight: 400;\">:\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Voluntary consent of the data subject pursuant to Article 6(1)(a) GDPR<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The data processing is carried out on the community site, so the duration of the data processing, the method of data processing and the possibility of deleting and modifying the data are governed by the rules of the community site.<\/span><\/p>\n<p class=\"translation-block\">The privacy policy for Facebook and Instagram (as Meta products) is available at the following link: https:\/\/www.facebook.com\/privacy\/explanation<\/p>\n<p class=\"translation-block\">The relevant TikTok privacy policy is available at the following link: https:\/\/www.tiktok.com\/legal\/page\/eea\/privacy-policy\/hu<\/p>\n<p class=\"translation-block\">LinkedIn is operated in Europe by LinkedIn Ireland Unlimited Company (Gardner House, 5 Wilton Park, Dublin 2, Ireland). The LinkedIn Site operates within the framework of the LinkedIn Privacy Policy. The LinkedIn Privacy Policy is available at https:\/\/www.linkedin.com\/legal\/privacy-policy.<\/p>\n<p><b>Scope of personal data processed:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Name registered on the social media platform;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">and the user's public profile picture;<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The Controller does not verify the personal data provided to it. The person providing the data shall be solely responsible for its accuracy.\u00a0<\/span><\/p>\n<p><b>Duration of data processing:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The processing of the personal data provided in the context of contacting or maintaining contact will continue until the Data Subject withdraws his or her consent.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If the Data Subject withdraws his or her consent, the Data Controller will delete all data related to the contact without delay, based on the data erasure options provided by Facebook, Instagram and TikTok.<\/span><b><\/b><\/p>\n<h3><b>3.2. Data processing in connection with the ordering of services<\/b><b><\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Among the companies belonging to the MAHARTLOG group:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"3\"><span style=\"font-weight: 400;\">Mafracht Ltd. is engaged in road transport and freight forwarding;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"3\"><span style=\"font-weight: 400;\">Mahartlog Port Ltd. with port operations,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"3\"><span style=\"font-weight: 400;\">while Mahartlog Invest Zrt. performs asset management and tax and business advisory activities.<\/span><\/li>\n<\/ul>\n<p>MAHARTLOG Group companies provide their services exclusively to legal entities.<b><\/b><\/p>\n<p><strong>3.2.1. Processing of data of a person authorised to act on behalf of or on behalf of a legal person<\/strong><\/p>\n<p><b style=\"font-size: inherit;\">Purpose of processing:\u00a0<\/b><br \/><b><\/b><\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller provides its services exclusively to legal entities (hereinafter referred to as Business Customers).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The purpose of data processing is the conclusion and performance of contracts with Business Customers.<\/span><\/p>\n<p><b>Legal basis for processing<\/b><span style=\"font-weight: 400;\">:\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">GDPR Article 6(1)(f) - legitimate interest<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The legal basis for the processing of personal data provided by representatives of Business Customers is the legitimate interest of the Data Controller and of the Business Customer on whose behalf or on whose behalf the data subject is acting.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For the processing of data on the basis of legitimate interests of a person entitled to act on behalf of or on behalf of a legal person, we have carried out the balancing of interests test, which has resulted in a finding that the legitimate interest of the Data Controller or its Business Customer to process the data is genuine and stronger than the interest of the data subjects not to have their data processed.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The knowledge and processing of the data is essential for the conclusion of the contract between the Data Controller and the Business Customer.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In compliance with our legal obligation, all data subjects will be given the opportunity to see the detailed balancing of interests test if they make such a request to the Data Controller.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Given that the data subjects' data are processed by the Data Controller or the Data Controller on the basis of the legitimate interests of the Data Controller or the Business Customer, the data subjects have the right to object to the processing; the detailed rules and conditions for exercising this right are set out in Section 5 of this notice.<\/span><\/p>\n<p><b>Scope of personal data processed:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"3\"><span style=\"font-weight: 400;\">Data required for identification<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"4\"><span style=\"font-weight: 400;\">Name<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"4\"><span style=\"font-weight: 400;\">mother's name<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"4\"><span style=\"font-weight: 400;\">place and date of birth<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"4\"><span style=\"font-weight: 400;\">signature<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><b>Duration and method of data processing:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">5 years from the date of the business relationship or the date on which the person concerned became a representative. If legislation (e.g. tax law, etc.) provides for a longer period for recording or storing contracts, the period shall be that laid down in that legislation.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Data storage method: electronic and paper-based<\/span><b><\/b><\/p>\n<p><b>3.2.2. Managing business customer contact details<\/b><\/p>\n<p><b style=\"font-size: inherit;\">Purpose of processing:\u00a0<\/b><br \/><b><\/b><\/p>\n<p><span style=\"font-weight: 400;\">Although the Data Controller provides its services exclusively to legal persons, it processes the data of persons who request an offer from the Data Controller as a contact person for Business Clients, or with whom the Data Controller maintains contact during the performance of the contract in case of acceptance of the offer and ordering of the service.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The purpose of processing the data of the contact persons is therefore to provide the interested Business Partner with an offer for the service and, in the event of a contractual relationship, to ensure direct contact and smooth communication with the Business Partner.<\/span><\/p>\n<p><b>Legal basis for processing<\/b><span style=\"font-weight: 400;\">:\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">GDPR Article 6(1)(f) - legitimate interest<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The legal basis for the processing of personal data provided by Business Customer Contacts is the legitimate interest of the Data Controller and of the Business Customer to whom the contact belongs. For the processing of contact details on the basis of legitimate interest, we have carried out an interest balancing test, which has resulted in a finding that the legitimate interest of the Data Controller and the Business Customer, respectively, to process the data is genuine and outweighs the interest of the data subjects not to have their data processed. The knowledge and processing of the data is indispensable to enable the Data Controller to send the Business Partner an offer for the provision of services based on the information provided by the Business Partner and, if the Business Partner accepts the offer of the Data Controller and a contract is concluded between them, to contact the Business Partner directly and consult with him\/her at short notice on issues arising in the course of the performance of the contract.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In compliance with our legal obligation, all data subjects will be given the opportunity to see the detailed balancing of interests test if they make such a request to the Data Controller.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Given that the data subjects' data are processed by the Data Controller or the Data Controller on the basis of the legitimate interests of the Data Controller or the Business Customer, the data subjects have the right to object to the processing; the detailed rules and conditions for exercising this right are set out in Section 5 of this notice.<\/span><\/p>\n<p><b>Scope of personal data processed:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"3\"><span style=\"font-weight: 400;\">Contact name;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"3\"><span style=\"font-weight: 400;\">Email<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"3\"><span style=\"font-weight: 400;\">Phone number<\/span><\/li>\n<\/ul>\n<p><b>Duration of data processing:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The data of the contact persons are processed until the contractual relationship between the Data Controller and the Business Partner appointing the contact person for the task(s) specified in the contract is terminated. In the event that the identity of the contact person of the Business Partner changes in the meantime, the processing of the data of the data subject shall continue until the Business Partner or the Data Subject notifies the Data Controller in writing of such change.<\/span><\/p>\n<h3><b>3.3. Data processing in connection with image and video recordings<\/b><\/h3>\n<p><b style=\"font-size: inherit;\">Purpose of processing:<\/b><span style=\"font-weight: 400;\">\u00a0\u00a0<\/span><br \/><b><\/b><\/p>\n<p><span style=\"font-weight: 400;\">To promote and disseminate the company's activities to a wide audience by publishing video and photo footage of an event or event organised by the Data Controller on the Data Controller's website and\/or social networking sites (Facebook, Instagram, TikTok) and\/or LinkedIn profile.<\/span><\/p>\n<p><b>Legal basis for processing<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In the case of recordings that are bulk recordings, the processing of data - in accordance with Article 6 (1) (e) of the GDPR and Article 6 (1) (e) of the Info tv. The statutory provision is Article 2:48 (2) of the Civil Code, according to which the consent of the data subject is not required for the making and use of a visual or audio recording in the case of public recordings and recordings of public appearances.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Crowd shots show a crowd of people, the people depicted are not seen as individuals but as part of the crowd. If the image does not show individuals individually, but as a crowd, it is a crowd shot.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If it is not a mass recording, the voluntary consent of the Data Subject is required for the creation and processing of the image and video.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The processing of data - in accordance with Article 6 (1) (a) of the GDPR and the Info tv. Article 5 (1) (a) of the GDPR.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">For the creation and use of a recording made specifically about a particular person(s), the consent of the data subject is required. The same applies to the extraction of the image from the crowd, using any recording device (e.g. telephoto lens, zoom), as this will reindividualise the image and in such a case the consent of the data subject is required for the creation and use of the image. If individualisation is carried out by post-editing from the mass photograph, consent is also required.<\/span><\/p>\n<p><b>Scope of personal data processed:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Image and video recording<\/span><\/li>\n<\/ul>\n<p><b>Duration and method of data processing:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller will process the recordings (on its own internal platform, website, social media platforms, etc.) only as long as they are of interest and up-to-date, after which they will be deleted or deleted even if the data subject withdraws his\/her consent.<\/span><\/p>\n<h3><b><\/b><b>3.4. Data subjects, data transfers, data processing<\/b><b><\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The data may be accessed by the internal staff of the Data Controller with whom the data subject has contacted or whose access and processing of the data is related to their job duties.<\/span><\/p>\n<p><strong>Data processors:<\/strong><\/p>\n<table>\n<tbody>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Profit\u00e1rhely<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Registered office: 6000 Kecskem\u00e9t, Szolnoki \u00fat 23.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tax number: 23173080-2-03<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Company registration number: 03 09 121889<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<\/td>\n<td><br \/>\n<p><span style=\"font-weight: 400;\">Hosting (for the proper operation of the website)<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Temarketinged Kft.<\/span><\/p>\n<\/td>\n<td><br \/>\n<p><span style=\"font-weight: 400;\">Head office: 4024 Debrecen, Wessel\u00e9nyi u. 1.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Tax number: 32037704-2-09<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Company registration number: 09 09 034197<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Provision of information technology services<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\u00a0<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Sz\u00e9khely:\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">C\u00e9gjegyz\u00e9ksz\u00e1m:\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ad\u00f3sz\u00e1m:\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">V\u00e1llalatir\u00e1ny\u00edt\u00e1si rendszer<\/span><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Sz\u00e9khely:\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">C\u00e9gjegyz\u00e9ksz\u00e1m:\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ad\u00f3sz\u00e1m:\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<\/td>\n<td>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<br \/>\n<p><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><br \/><b><\/b><\/p>\n<ul>\n<li aria-level=\"1\"><b>Rights of the Data Subject<\/b><\/li>\n<\/ul>\n<p class=\"translation-block\">Rights of the data subject.<\/p>\n<p><span style=\"font-weight: 400;\">(a) request information about the processing of personal data concerning him or her and access to such personal data,<\/span><\/p>\n<p><span style=\"font-weight: 400;\">(b) request their rectification,<\/span><\/p>\n<p><span style=\"font-weight: 400;\">c) request their deletion,<\/span><\/p>\n<p><span style=\"font-weight: 400;\">d) request the restriction of the processing of personal data,<\/span><\/p>\n<p><span style=\"font-weight: 400;\">e) object to the processing of personal data,<\/span><\/p>\n<p><span style=\"font-weight: 400;\">f) exercise his or her right to data portability.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">(g) exercise his or her right of appeal.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The data subject may lodge a complaint with the National Authority for Data Protection and Freedom of Information (hereinafter referred to as \"NAIH\") or apply to the competent court as set out at the end of this notice.<\/span><span style=\"font-weight: 400;\"><br \/><\/span><b><\/b><\/p>\n<h3>\u00a0<\/h3>\n<h3><b>Rights of data subjects in relation to data processing\u00a0<\/b><b><\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The Data Controller shall ensure that the rights of data subjects are respected as follows.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller shall provide the data subject with the opportunity to make a request to exercise his or her data subject rights by any of the following means and through the contact details set out in this notice: (i) by post, (ii) by e-mail, (iii) by telephone.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Phone number: +36 1 429-5010<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Email: mahartlog@mahartlog.hu<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Postal address: 1121 Budapest, M\u00e1rtonv\u00f6lgy utca 26.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The controller shall comply with the data subject's request without undue delay and in any event within 30 days of receipt of the request and shall inform the data subject thereof in a concise, transparent, intelligible and easily accessible form, in clear and plain language. The Data Controller shall also decide on the refusal of the request within that period and shall inform the data subject of the refusal, the reasons for the refusal and the data subject's remedies in this respect.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As a general rule, the controller shall comply with the data subject's request by e-mail, unless the data subject requests otherwise. At the request of the data subject, information may be provided by telephone only if the data subject has provided proof of his or her identity. The controller shall not use the postal address or telephone number of the data subject for any other purpose.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller shall not charge any fees or reimbursement of costs for the fulfilment of the data subjects' requests, as detailed below. However, in the event that a new, unfounded, excessive request for the same data subject is received from the data subject within one year of the previous, already fulfilled request, the Data Controller reserves the right to charge a reasonable fee for the fulfilment of the request, proportionate to the workload involved in fulfilling the request, or to refuse to act on the request, in its discretion, giving adequate reasons.<\/span><b><\/b><\/p>\n<h4><b>Right to information and access<\/b><b><\/b><\/h4>\n<p><span style=\"font-weight: 400;\">The controller shall provide the data subject, at his or her request, with the following information in a concise, transparent, intelligible and easily accessible form, in clear and plain language:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">whether the processing of your personal data by the Data Controller is ongoing;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the name and contact details of the Data Controller;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the personal data of the data subject processed by the Controller and their source;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the purposes for which the personal data are processed and the legal basis for the processing;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the duration of the processing;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the recipients or categories of recipients to whom or which personal data have been or will be disclosed;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">about the rights of the data subject;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the circumstances and effects of a possible data breach and the measures taken to deal with it.<\/span><\/li>\n<\/ul>\n<h4><b>Right to rectification<\/b><b><\/b><\/h4>\n<p><span style=\"font-weight: 400;\">The controller shall, at the request of the data subject, correct inaccurate personal data relating to the data subject.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The controller shall inform all recipients to whom or with whom the personal data have been disclosed of the rectification, unless this proves impossible or involves a disproportionate effort. At the request of the data subject, the Controller shall inform the data subject of those recipients.<\/span><b><\/b><\/p>\n<h4><b>Right to erasure (\"right to be forgotten\")<\/b><b><\/b><\/h4>\n<p><span style=\"font-weight: 400;\">At the request of the data subject, the Data Controller shall delete personal data concerning the data subject where one of the following grounds applies:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the data subject objects to the processing;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the personal data were unlawfully processed by the Data Controller;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the personal data must be erased in order to comply with a legal obligation under EU or Hungarian law applicable to the Data Controller.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The controller shall inform all recipients to whom or with whom the personal data have been disclosed of the erasure, unless this proves impossible or involves a disproportionate effort. At the request of the data subject, the Controller shall inform the data subject of those recipients.<\/span><b><\/b><\/p>\n<h4><b>Right to restriction of processing<\/b><b><\/b><\/h4>\n<p><span style=\"font-weight: 400;\">At the request of the data subject, the Data Controller shall restrict the processing if one of the following conditions is met:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the data subject contests the accuracy of the personal data - in this case, the restriction applies for the period of time that allows the Controller to verify the accuracy of the personal data;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the processing is unlawful, but the data subject opposes the erasure of the data and instead requests the restriction of their use;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The controller shall inform all recipients to whom or with whom the personal data have been disclosed of the restriction, unless this proves impossible or involves a disproportionate effort. At the data subject's request, the Controller shall inform the data subject of those recipients.<\/span><b><\/b><\/p>\n<h4><b>Right to data portability<\/b><b><\/b><\/h4>\n<p><span style=\"font-weight: 400;\">The Data Controller shall, at the request of the data subject, make available to the data subject the personal data concerning the data subject which the data subject has provided. The Controller further undertakes that the data subject may transfer such personal data to another controller without being prevented from doing so by the Controller.<\/span><b><\/b><\/p>\n<h4><b>Right to legal redress<\/b><b><\/b><\/h4>\n<p><span style=\"font-weight: 400;\">If the data subject believes that the Data Controller has infringed his or her right to the protection of personal data in the course of processing, he or she may, in accordance with the applicable legislation, seek redress from the competent authorities, i.e. lodge a complaint with the NAIH (address: H-1055 Budapest, Falk Miksa utca 9-11.; postal address: 1363 Budapest, Pf. 9..; website: www.naih.hu; e-mail: ugyfelszolgalat@naih.hu; telephone: +36-1\/391-1400) or apply to the competent court.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller undertakes to cooperate fully with the court or the NAIH concerned in these proceedings, and to disclose the data relating to the processing to the court or the NAIH concerned.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller also undertakes to compensate for any damage caused by unlawful processing of the personal data of the data subject or by a breach of data security requirements. In case of violation of the data subject's right to privacy, the data subject may claim damages. The controller shall be exempted from liability if the damage was caused by an unavoidable cause outside the scope of the processing and if the damage or harm caused by the infringement of the personality right results from the intentional or grossly negligent conduct of the data subject.<\/span><b><\/b><\/p>\n<p><b>Data security measures<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller shall ensure the security of the data. The Data Controller has taken technical and organisational measures and established procedural rules to ensure that the data recorded, stored and processed are protected and to prevent their destruction, unauthorised use and unauthorised alteration. It also requires third parties to whom the data subject's data have been disclosed to comply with the requirement of data security.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller shall ensure that the processed data cannot be accessed, disclosed, transmitted, modified or deleted by unauthorised persons.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller shall make every reasonable effort to ensure that the data are not damaged or destroyed. The Data Controller shall also impose the above commitment on its employees and partners involved in its data processing activities, including data processors acting on behalf of the Data Controller.<\/span><b><\/b><\/p>\n<p><strong>Handling data protection incidents<\/strong><b><\/b><\/p>\n<p><span style=\"font-weight: 400;\">If the Data Controller becomes aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure or transmission of, or unauthorized access to, personal data transmitted, stored or otherwise processed by it (hereinafter collectively referred to as \"data breach\"), it shall comply with Articles 33-34 of the GDPR. to notify the data protection incident to the competent and competent data protection authority (hereinafter referred to as \"DPA\") and to inform the data subject or data subjects of the data protection incident where it is likely to result in a high risk to the rights and freedoms of natural persons.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Any person who becomes aware of a personal data breach involving personal data transmitted, stored or otherwise processed by the Data Controller as described above may notify the Data Controller at the following contact details: mahartlog@mahartlog.hu.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The person making the notification must provide the following information in addition to the subject matter of the data breach:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">name of the applicant;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">contact details of the notifier: telephone number and\/or e-mail address,\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the incident affects the software, and if so, which part or which service.\u00a0\u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The Data Controller shall, within 1 working day at the latest, if it considers the incident to be serious, investigate the notification without delay and, if necessary, request further data from the notifier. Within 72 hours of the notification of the incident, the Data Controller shall provide the NAIH with the data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The data must include the following:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the nature of the personal data breach, including the categories and approximate number of data subjects and the categories and approximate number of data subjects affected by the breach;\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the name and contact details of the contact person who can provide further information;\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the likely consequences of the data breach;\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the measures taken or envisaged by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">If the personal data breach requires further investigation, the Data Controller will take the necessary steps to assess the actual and potential impact of the personal data breach during the investigation, with the involvement of appropriate experts. A report shall be prepared by the experts called upon. The report shall include a proposal for the security measures necessary to remedy the personal data breach.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller decides on the measures to be taken.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The controller shall, where it considers that the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, inform the data subject of the personal data breach without undue delay.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In the notification, the controller shall clearly and prominently describe the nature of the personal data breach, highlighting the following:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the name and contact details of the contact person who can provide further information;\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the likely consequences of a data breach;\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the measures taken or envisaged by the controller to remedy the personal data breach, including, where appropriate, measures to mitigate any adverse consequences of the personal data breach.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The controller shall not inform the data subject if:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">implemented appropriate technical and organisational protection measures and applied these measures to the data affected by the personal data breach, in particular measures such as the use of encryption to make the data unintelligible to persons not authorised to access the personal data;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">has taken additional measures following the data breach to ensure that the high risk to the rights and freedoms of the data subject is no longer likely to materialise;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the provision of information would require a disproportionate effort, i.e. the data subjects are so numerous that the Data Controller could only provide them with the information referred to above at disproportionate expense. In such a case, the Data Controller shall arrange for the appropriate information to be made public.\u00a0<\/span><\/li>\n<\/ul>\n<p><b>Records of data protection incidents<\/b><b><\/b><\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller shall keep a record of the personal data breach.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It must be recorded in the register:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the scope of the personal data concerned,\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the scope and number of data subjects affected by the data breach,\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the date of the data breach,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the circumstances and effects of the data breach,\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the measures taken to respond to the data breach,\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">other data specified in the legislation providing for the processing.<\/span><\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller is obliged to keep the data on data protection incidents in the register for 5 years in the case of an incident involving personal data and for 20 years in the case of an incident involving sensitive data.<\/span><br \/><b><\/b><\/p>\n<h4><b>Right to legal redress<\/b><b><\/b><\/h4>\n<p><span style=\"font-weight: 400;\">For any questions or comments regarding data management, please contact the Data Controller using one of the contact details provided in this notice.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You can also lodge a complaint with the National Authority for Data Protection and Freedom of Information:<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Name: National Authority for Data Protection and Freedom of Information<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Headquarters: H- 1055 Budapest, Falk Miksa utca 9-11.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Address for correspondence: 1363 Budapest, Pf. 9.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Address for correspondence: 1363 Budapest, Pf. 9.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Fax: +36-1-391-1410<\/span><\/p>\n<p class=\"translation-block\">Website: www.naih.hu<\/p>\n<p class=\"translation-block\">E-mail: ugyfelszolgalat@naih.hu<\/p>\n<p><span style=\"font-weight: 400;\">In the event of a breach of the data subject's rights, the Data Controller may take legal action against the data subject. The court shall rule on the case out of turn. The Data Controller shall prove that the processing complies with the law. The tribunal shall have jurisdiction to rule on the case. The action may also be brought before the courts for the place where the plaintiff, i.e. the data subject, is domiciled or resident.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller undertakes to cooperate fully with the court or the NAIH concerned in these proceedings, and to disclose the data relating to the processing to the court or the NAIH concerned.<\/span><\/p>\n<p>\u00a0<\/p>\n<p><span style=\"font-weight: 400;\">The Data Controller also undertakes to compensate for any damage caused by unlawful processing of the personal data of the data subject or by a breach of data security requirements. In case of violation of the data subject's right to privacy, the data subject may claim damages. The controller shall be exempted from liability if the damage was caused by an unavoidable cause outside the scope of the processing and if the damage or harm caused by the infringement of the personality right results from the intentional or grossly negligent conduct of the data subject.<\/span><\/p>\n<p><b>The Data Controller reserves the right to change this information at any time.<\/b><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Adatkezel\u00e9si t\u00e1j\u00e9koztat\u00f3 a MAHARTLOG GROUP\u00a0 v\u00e1llalatcsoport vonatkoz\u00e1s\u00e1ban Adatkezel\u0151:\u00a0MAHARTLOG GROUP\u00a0 MAFRACHT Kft. Sz\u00e9khely: 1121 Budapest, M\u00e1rtonv\u00f6lgy utca 26. Ad\u00f3sz\u00e1m: 10456684-2-43 C\u00e9gjegyz\u00e9ksz\u00e1m: \u00a001-09-072706 K\u00e9pviseli: Sp\u00e1nyik G\u00e1bor Telefonsz\u00e1ma: +36 1 429-5010 Email: mahartlog@mahartlog.hu Honlap: \u00a0www.mahartlog.hu Mahartlog Port Kft. Sz\u00e9khely: 2536 Nyerges\u00fajfalu, B\u00e9csi \u00fat 5. Ad\u00f3sz\u00e1m: 25717215-2-11 C\u00e9gjegyz\u00e9ksz\u00e1m: \u00a011-09-026487 K\u00e9pviseli: Kov\u00e1cs-Dom\u00e1n Be\u00e1ta Klaudia\u00a0 Telefonsz\u00e1ma: +36 1 429-5010 Email: mahartlog@mahartlog.hu &#8230; <a title=\"Privacy Notice\" class=\"read-more\" href=\"https:\/\/mahartlog.hu\/en\/adatkezelesi-tajekoztato\/\" aria-label=\"Read more about Adatkezel\u00e9si t\u00e1j\u00e9koztat\u00f3\">Read more<\/a><\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"elementor_header_footer","meta":{"footnotes":""},"class_list":["post-3","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/mahartlog.hu\/en\/wp-json\/wp\/v2\/pages\/3","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mahartlog.hu\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/mahartlog.hu\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/mahartlog.hu\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mahartlog.hu\/en\/wp-json\/wp\/v2\/comments?post=3"}],"version-history":[{"count":4,"href":"https:\/\/mahartlog.hu\/en\/wp-json\/wp\/v2\/pages\/3\/revisions"}],"predecessor-version":[{"id":937,"href":"https:\/\/mahartlog.hu\/en\/wp-json\/wp\/v2\/pages\/3\/revisions\/937"}],"wp:attachment":[{"href":"https:\/\/mahartlog.hu\/en\/wp-json\/wp\/v2\/media?parent=3"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}