FGSZ KP Kft. considers the protection of your personal data of utmost importance, and therefore we will, to the best of our ability, ensure the careful and safe processing and storage of data provided us. All data are used exclusively for pre-defined purposes, and they are not disclosed to third parties without your consent. We would like to reassure you, that we spare no efforts to ensure the protection of your data, including creating internal processes, applying technical measures, as well as implementing physical data protection measures that serve this goal.
Thank you for your continued interest.
In connection with the services provided by FGSZ KP Kft., we may request that you provide us your personal data. Furthermore, during your interactions with FGSZ KP Kft., You may also provide to us or disclose certain data on a voluntary basis.
Pursuant to Paragraph (2) of Section 3 of Act CXII of 2011 on the right of informational self-determination and on freedom of information (“Info Act”), and the provisions of the General Data Protection Regulation (“GDPR”) adopted under no. 2016/679/EU, some of the information we collect is considered “personal data”.
FGSZ Kereskedési Platform Korlátolt Felelősségű Társaság (company registration number: 14-09-316018, registered office: 8600 Siófok, Tanácsház utca 5., hereinafter referred to as Data Controller), as Data Controller, provides this Notice, pursuant the General Data Protection Regulation of the European Union adopted under no. 2016/679/EU [hereinafter referred to as Regulation or GDPR], to its contracting parties in connection with the processing of personal data pertaining to the natural persons acting as contact persons on such parties behalf.
Information about the Data Controller
The name of the Data Controller: FGSZ Kereskedési Platform Korlátolt Felelősségű Társaság
The registered office of the Data Controller: 8600 Siófok, Tanácsház utca 5.
The e-mail address of the Data Controller: firstname.lastname@example.org
The purpose of processing personal data
The Data Controller processes your personal data for the purpose of concluding, executing and enforcing the requirements of the so-called "Membership Agreement" and for the purpose that legally binding statements can be made in connection therewith.
The legal grounds for processing personal data, assessing legitimate interest
Bearing in mind that only a legal entity (hereinafter referred to as Partner) may enter into the Membership Agreement with the Data Controller and that the contact information is primarily transmitted by the Partner to the Data Controller, the legal basis for data processing is, pursuant to Point (f) of Paragraph (1) of Article 6 of the Regulation, the legitimate interest of the Partner.
The Partner has a substantial and legitimate business and economic interest in concluding, performing and enforcing the contract and making legally binding statements in connection therewith, since the rights and obligations arising from the Membership Agreement and the legally binding statements related thereto are closely related to the Partner's economic activities. Being able to operate business organisations is of high value for the society and legally it is the purpose of such business organisations’ existence. Enforcing the Partner's vital interest in being able to operate takes precedence over the disposition right of the Partner's employees or proxies with regards to their personal data, since the Partner’s interest is in good faith (related to legitimate economic activity), specific (defines the scope and legal basis of the data processed), real and relevant (the Data Controller’s activity is aimed at effectively providing a service and the Partner is seeking to operate in the market). In all cases, data processing is necessary so the Partner's employees can perform their duties, the Partner’s proxies can perform their assignment and so the Partner can maintain contact and operate in the market. Otherwise, the establishment of a contractual relationship between the Data Controller and its Partners, the performance of the contract entered into, or the declaration of legally binding statements relating thereto would not be possible and the data subject’s obligation to the Partner could not be fulfilled.
Only data that is essential for the identification of a Partner or a contact person and is widely accepted in business practice (e.g. business card, email address, telephone number, name) will be processed.
There is a continued interest in data processing as long as these data are necessary for sustaining the exchange of information between the parties or identifying the parties' legal statements, i.e. as long as the contractual relationship may give rise to rights and obligations (even after termination of the contract) or any legal obligation in connection with the contract is in effect (e.g. the obligation of data retention).
The data subject's interest with regards to data processing is that he/she shall be able to exercise his/her right to informational self-determination, which right may nonetheless be limited proportionately. The data subject, however, acknowledged the restriction of his/her right to self-determination when he/she established his/her (assignment/employment) legal relationship with the Partner, i.e. the provision of contact details when performing the duties normally associated with a job or assignment is a common, widely used business practice. The data subject’s right to informational self-determination shall be compared to the vital, legally recognised, fundamental business and economic interest of the Partner, as an employer or client, in concluding and performing contracts, and such interests of the Partner shall have the ability to proportionately limit the data subject’s right to informational self-determination.
Data processing does not involve any data falling into the special categories as defined in Article 9 of the GDPR.
The data subject is unlikely to be adversely affected by the data processing because the data processing is necessary for the performance of the employment or commissioning contract in place with the Partner. Furthermore, in view of the obligations arising from the employment or assignment relationship and considering the fact that breach of contract can also have adverse legal consequences for the data subject, the fulfilment of the contract is also in the interest of the data subject.
Based on the above, it can be concluded that the right of the data subject does not take precedence over the fundamental legitimate interests of the Partner or the Data Controller, and data processing imposes a necessary and proportionate restriction of rights pertaining to the data subject.
Categories of personal data processed and duration of storage
The Data Controller will receive from the Partner the contact person’s name, position, telephone/fax number, mobile number and electronic mail address, in the Membership Agreement. In order to identify the Partner or the contact person, the Data Controller or the Data Processor may verify the data provided in the Membership Agreement.
The Data Controller will process the personal data necessary for maintaining contact for as long as the Membership Agreement is in force or the data retention obligation with regards to the contract is in effect, or for as long as the Data Controller has any legitimate interest in retaining the contract, including, in particular, if it is necessary in order to demonstrate compliance with prevailing obligations pertaining to the Data Controller during an ongoing official, judicial or other process, or to submit, enforce, or defend a legal claim.
Recipients of personal data, data processors, data transmission
Only the Data Controller’s employees or the Data Processor listed in this section (and solely to the extent necessary for the performance of their activities) may get to know your personal data.
The Data Controller uses FGSZ Zrt. (registered office: 8600 Siófok, Tanácsház utca 5.; company registration number: 14-10-300230; tax number: 12543331-2-14) as Data Processor to provide IT support, system maintenance and customer service as part of executing the Membership Agreement. To this end the Data Controller as Partner may transmit the data of the contact persons to the Data Processor.
The Data Controller does not intend to transmit any personal data to recipients in third countries or to international organisations.
Paper-based Membership Agreements are kept confidential by the Data Controller, and third party access, within the law, is completely restricted.
The servers storing your electronically transmitted personal data are protected by appropriate security systems and located in a server room inaccessible to any unauthorized person. Full remote access to servers hosting the website is restricted to a highly encrypted channel and limited to persons who need such an access in order to operate the server.
The rights of the data subjects
The data subject may ask the data controller for (a) information on the processing of the data subject’s personal data, (b) the rectification of personal data, and (c) the erasure of his/her personal data or the restriction of data processing unless data processing is performed based on statutory requirements. Upon the data subject’s request, the data controller shall provide information after the submission of the request as soon as possible and no later than within 25 days in writing, in a clearly understandable form. If the Data Controller fails to fulfil the data subject’s request for rectification, erasure or restriction of processing, it shall notify the data subject regarding the factual and legal reasons of rejecting the request for rectification, erasure or restriction of processing within 25 days after receipt of the request in writing or by electronic means – if the data subject consents thereto.
Right of access
You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and, if such processing is in progress, to have access to the personal data and to information related to data processing as defined in Article 15 of the Regulation.
Right to rectification
You have the right to have the Data Controller correct your inaccurate personal data without delay upon your request. Taking into account the purposes of processing your data, you may request that your personal data be completed by the Data Controller.
Right to erasure
You are entitled to have us delete your personal data without undue delay upon your request if the conditions set out in Article 17 of the Regulation are met, in particular if the personal data are no longer required for the purpose for which they were received or otherwise processed by the Data Controller. You cannot exercise your right to erasure if the data processing is necessary for filing, enforcing or defending legal claims.
Right to restriction of processing
You have the right to obtain from us the restriction of processing of your data upon your request, if the conditions set out in Article 18 of the Regulation are met, in particular if you dispute the accuracy of your personal data; or the processing is unlawful and you oppose the erasure of the data; or you have objected to data processing.
Complaints, judicial remedy
The data protection authority of Hungary: Nemzeti Adatvédelmi és Információszabadság Hatóság [National Authority for Data Protection and Freedom of Information] (1125 Budapest, Szilágyi Erzsébet fasor 22/C., email@example.com).
You have the right to lodge a complaint with the supervisory authority if you feel that the processing of your personal data is in breach of the Regulation. You have the right to a judicial remedy against the decision of the supervisory authority.
If you believe that your personal data has not been processed in accordance with the provisions of the Regulation and the Data Controller has thereby infringed on your rights under the Regulation, you may turn to the courts.
Data protection lawsuits fall within the jurisdiction of the Regional Courts, and as a rule, the Budapest-Capital Regional Court has jurisdiction over a lawsuit brought against our Company, but the lawsuit may be instituted before the regional court with jurisdiction over the data subject's domicile or residence. The court shall act in extraordinary expeditious proceedings in these cases.
Source of personal data
Your Personal Data have been provided by the Partner to the Data Controller prior to the conclusion of the Membership Agreement, during the conclusion of the contract, or in connection with the performance, termination, existence, or claims arising therefrom.
Date: Siófok, 17 January 2020