Privacy Policy
Data protection information
For visitors and users of the www.goodwillengineering.hu/en website
1. Purpose, scope and applicable law of the Privacy Notice
The purpose of this Privacy Policy is to set out the data protection and data management principles applied by GOODWILL-TRADE Ltd., the organisation’s data protection and data management policy, which the organisation as data controller acknowledges as binding.
In drafting the provisions of this Notice, the organisation has taken particular account of the provisions of Regulation 2016/679 of the European Parliament and of the Council („General Data Protection Regulation” or „GDPR”), the 2011 GDPR, the 2011 GDPR on the right to information self-determination and freedom of information, and the 2011 GDPR on the right to information. CXII of 2013 („Information Act”), Act V of 2013 on the Civil Code („Civil Code”) and Act XLVIII of 2008 on the Basic Conditions and Certain Restrictions of Commercial Advertising Activities („Act XLVIII of 2008”).
This Privacy Notice covers the processing of data related to the website available at http://www.goodwillengineering.hu (hereinafter referred to as the „Website”). This Privacy Notice is valid until revoked.
The purpose of the Privacy Notice is to harmonise the requirements of the other internal policies of the organisation with regard to data processing activities in order to protect the fundamental rights and freedoms of natural persons and to ensure the adequate treatment of personal data.
Furthermore, an important purpose of issuing the Privacy Notice is to ensure that by knowing and complying with it, the organisation is able to lawfully process the data of natural persons.
2. Identity of the controller
Name / Data Protection Officer: GOODWILL-TRADE Kft.
Headquarters: 4220 Hajdúböszörmény, Külső-Hadházi utca 24.
Postal address: 4220 Hajdúböszörmény, Külső-Hadházi utca 24.
Tax number: 11147918-2-09
Website address: http://www.goodwillengineering.hu/en
Contact address of the privacy notice: https://en.goodwillengineering.hu/privacy-policy/
Phone: +36 70 252 7293
E-mail: info@goodwilltrade.hu
3. Key concepts and definitions
The GDPR (General Data Protection Regulation) is the European Union’s new Data Protection Regulation.
- controller: a natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law.
- Processing: any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- processor: a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
- personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- third party: a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- data subject’s consent: a voluntary, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies his or her agreement to the processing of personal data concerning him or her by means of a statement or an unambiguous act of affirmation.
- restriction of processing: the marking of stored personal data for the purpose of restricting their future processing.
- erasure: making data unrecognisable so that it is no longer possible to recover it.
- data breach: a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
4. Principles of data management
The processing of personal data must be lawful, fair and transparent for the data subject.
Personal data shall be collected only for specified, explicit and legitimate purposes.
The purposes for which personal data are processed must be adequate, relevant and limited to what is necessary.
Personal data must be accurate and kept up to date. Inaccurate personal data must be deleted without delay.
Personal data must be stored in a form which permits identification of data subjects for no longer than is necessary. Personal data may be stored for longer periods only if the storage is for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes.
5. Purpose of data processing
The Data Controller processes personal data only for specific purposes. The data is collected and processed fairly and lawfully. The Data Controller shall endeavour to process only personal data that is necessary for the purpose of the processing and is suitable for achieving that purpose. Personal data shall only be processed to the extent and for the duration necessary to achieve the purpose.
6. Scope of the data processed
CONTACT, CONTACT FORM
Purpose of processing: to contact, to keep in contact, to communicate information, to request information.
Legal basis for processing: voluntary consent of the data subject, Article 6(1)(a) GDPR.
Data processed: name (identification), e-mail address (contact), telephone number (contact)
Deadline for deletion of data: 2 years from the last contact.
The deletion or modification of personal data can be initiated by:
postal mail: 4220 Hajdúböszörmény, Külső-Hadházi utca 24, e-mail at info@goodwilltrade.hu. Anyone can visit the website of the controller without having to provide any personal data beyond the technically automatic processing of data.
7. Method of data processing
The Data Controller stores the data subject’s data on its own servers and temporarily on the Data Controller’s computers. Only the Data Controller has the possibility to process the personal data of the data subjects.
In any case, the provision of data is voluntary, i.e. the data subject is free to decide whether to provide the requested personal data. If the data subject consents, the Data Controller will process the data in accordance with the law in force and within the limits of the data subjects’ consent. In order to prevent unauthorised use and misuse of the personal data processed, the Data Controller applies extensive technical and operational security measures. Our security procedures are regularly reviewed and improved in line with technological developments.
8. Cookies
We use cookies on this website to provide our visitors with the best possible user experience and to make our website more efficient. Cookies are small data files that the website places on your browsing device. Cookies save your browsing data so that the next time you visit our website, our site recognises your browser and can make your experience on our site more convenient. It also helps to ensure the smooth operation of certain functions, to keep our services secure and to improve our website.
You have the option to disable cookies and change your cookie settings. You can do this by using the Change cookie settings menu.
Cookies are placed on the user’s computer by the websites visited and contain information such as page settings or login status.
Cookies are therefore small files created by the websites visited. They improve the user experience by saving browsing data. Cookies help the website to remember your site settings and offer you locally relevant content.
A small file (cookie) is sent by the provider’s website to the computer of the website visitor in order to establish the fact and time of the visit. The provider informs the website visitor of this.
Several types of cookies can be distinguished according to their expiry date and origin:
Temporary or session (sesssion) cookie
Session cookies are only valid for the duration of the user’s current session and are intended to prevent data loss (for example, when filling in a longer form). At the end of the session or when the browser is closed, this type of cookie is automatically deleted from the visitor’s computer.
Permanent or backup cookie
The validity period of persistent cookies is defined in days, weeks, months or years. During the validity period, saved cookies are stored on the hard disk of the user’s computer, but can be deleted by the user before the predefined time limit expires.
Internal and external cookies
If the web server of the visited website installs the cookie on the user’s computer, it is an internal cookie, while if the source of the cookie is code inserted into the website by an external service provider, it is an external cookie.
Cookie settings
You can disable or enable cookies on your computer in your own internet browser, but it is important to note that while rejecting all cookies may help protect your privacy, it may limit the usability of some websites. It should be noted, however, that simply browsing without cookies is not necessary. You can usually enable or disable cookies by going to the Tools/Preferences menu of your internet browser and selecting Privacy settings, cookie or cookie. You can delete cookies previously installed on the hard disk of your computer before they expire. Deletion is usually possible in the Tools/Settings menu of the Internet browser, under the Delete menu in the History area.
It is important to note that deleting all cookies placed on your computer’s hard drive may cause some websites to function incorrectly.
Web beacon (web bug)
Web beacons are also called web beacons, pixel tags, web bugs, clear GIFs due to their transparency, and electronic imprints, web beacons. A web beacon is an image, usually 1×1 pixel, placed on a web page, which is part of the web page but is virtually invisible due to its size and transparency. Web beacons are often used in conjunction with cookies to measure and track user actions on the website and visitor statistics. Web beacons are able to detect certain types of information on the user’s computer, such as the name of the page containing the web beacon, the cookies installed, the date and time of the visit to the page concerned. If web beacons linked to cookies are placed on the website, the user can prevent the web beacons from tracking his/her actions on the website by disabling the cookies in his/her browser.
Cookies and web beacons, privacy
The data protection importance of cookies and web beacons is that they help to track users’ online activity and create an accurate profile of them. It is no exaggeration to say that advertisers and service providers often know visitors better than they know themselves. It is the responsibility of the service provider to use cookies carefully and to provide appropriate information about them, but users can minimise the risk of unwanted data collection by taking basic precautions.
- The data subjects are the visitors of the website.
- The purpose of data processing is to provide additional services, identification and tracking of visitors.
- Legal basis for processing. The user’s consent is not required if the use of cookies is strictly necessary for the service provider.
- The scope of the data: unique ID number, time, configuration data. The user has the option to delete cookies from browsers at any time by going to the Change cookie settings menu or by going to the Settings menu of his/her browser. The data can be accessed by data controllers. By using cookies, no personal data is processed by the data controller.
- Data storage method: electronic.
9. Google Analytics
Our website uses Google Analytics.
If you use Google Analytics:
Google Analytics uses internal cookies to compile reports for its customers on the habits of website users.
Google uses this information on behalf of the website operator to evaluate how users use the website. As an additional service, Google will compile reports on website activity for the website operator so that it can provide additional services.
The data is stored by Google’s servers in encrypted form to make it more difficult and to prevent misuse.
You can disable Google Analytics by. Quote from the page:
Site users who do not want Google Analytics to generate JavaScript reports about their data can install the Google Analytics disable browser extension. The extension disables Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser extension can be used in most recent browsers. The Google Analytics browser add-on does not prevent data from being sent to the website itself and other web analytics services.
https://support.google.com/analytics/answer/6004245?hl=hu
For more information about Google’s privacy policy: https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/google_privacy_policy_hu.pdf
10. Data transmission
The Data Controller shall only transfer personal data to third parties if the data subject has given his or her unambiguous consent, knowing the scope of the data transferred and the recipient of the data transfer, or if the transfer is authorised by law. The Data Controller shall in all cases document the transfers and keep records of the transfers.
11. Data processing
The Data Controller is entitled to use a data processor for the performance of its activities. Processors do not take independent decisions and are only entitled to act in accordance with the contract concluded with the Data Controller and the instructions received. The Controller shall monitor the work of the processors. Processors shall be entitled to engage an additional processor only with the consent of the Controller.
The data processors used by the Data Controller:
DATA PROCESSING ACTIVITIES RELATED TO WEB HOSTING SERVICES
- Name of the data processor: Tárhely.Eu Szolgáltató Kft.
- The data processor is located at 4 Ormánság u., 1144 – Budapest.
- Phone number of the data processor: +36 1 789-3-789
- E-mail address of the data processor: ugyfelszolgalat@tarhely.eu
- Processing of all personal data provided by the data subject on the website, for the proper functioning of the website
- Duration of data processing, deadline for deletion of data: until the termination of the agreement between the Service Provider and the Hosting Provider or until the data subject’s request for deletion to the Hosting Provider.
- The legal basis for data processing: the User’s consent, the Infotv. Article 5(1), Article 6(1)(a) GDPR, and Article 13/A(3) of Act CVIII of 2001 on certain aspects of electronic commerce services and information society services.
12. Data security, access to data
The Data Controller shall ensure the security of the data, take the technical and organisational measures and establish the procedural rules necessary to enforce the applicable laws, data protection and confidentiality rules. The Data Controller shall take appropriate measures to protect the data against unauthorised access, alteration, disclosure, disclosure, erasure or destruction, accidental destruction or damage and against inaccessibility resulting from changes in the technology used. The Data Controller shall keep records of the data it processes in accordance with the applicable laws, ensuring that the data may only be accessed by employees and other persons acting in the interests of the Data Controller (data processors) who need to know the data in order to perform their job or task. The data may only be accessed within the employee’s organisation if they are logged. The employees of the data controller shall only carry out individual searches and operations on the data at the request of the User or if this is necessary for the provision of the service.
13. Duration of data processing
The Controller shall delete personal data if,
- processing is unlawful: If it is found that the data are being processed unlawfully, the Data Controller will carry out the erasure without delay.
at the data subject’s request (except for processing based on law). In such a case, the Data Controller shall erase the data. - the data is incomplete or inaccurate – and this situation cannot be lawfully remedied – provided that erasure is not excluded by law.
- the purpose of the processing has ceased or the statutory time limit for storing the data has expired. As the Data Controller provides a continuous service to the data subject, the relationship between the parties is not time-limited. Therefore, unless the data subject requests otherwise, the Controller shall process the data for as long as the relationship between the Controller and the data subject exists and for as long as the Controller is able to provide the data subject with the service. All other data shall be deleted by the Controller if it is evident that the data will no longer be used, i.e. the purpose of the processing has ceased to exist.
- it has been ordered by a court or the National Authority for Data Protection and Freedom of Information: where a court or the National Authority for Data Protection and Freedom of Information has issued a final order for the deletion of the data, the Data Controller shall carry out the deletion. Instead of erasure, the Data Controller shall, after informing the data subject, block the personal data if the data subject so requests or if, on the basis of the information available to him or her, it is likely that erasure would harm the data subject’s legitimate interests. Personal data blocked in this way may be processed only for as long as the processing purpose which precluded the deletion of the personal data persists. The Controller shall mark the personal data which it processes where the data subject contests the accuracy or correctness of the personal data, but the inaccuracy or incorrectness of the contested personal data cannot be clearly established. In the case of processing required by law, the deletion of data shall be governed by the law. In case of erasure, the Controller shall render the data unidentifiable. Where required by law, the Controller shall destroy the storage medium containing the personal data.
14. Customer relations
If the data subject has any questions or problems when using our services, he or she can contact the data controller by the means indicated on the website (telephone, e-mail, social networking sites, etc.).
The data controller will delete the received e-mails, messages, data provided by telephone, Facebook, etc., together with the name and e-mail address of the interested party and other personal data voluntarily provided by the interested party, after a maximum of 2 years from the date of the communication.
Any processing not listed in this notice will be notified at the time the data is collected.
In the event of an exceptional request by a public authority or, on the basis of a statutory mandate, by other bodies, the Service Provider is obliged to provide information, to communicate or transmit data or to make documents available.
In such cases, the Service Provider shall disclose to the requesting party – provided that the latter has indicated the precise purpose and scope of the data – personal data only to the extent and to the extent that is strictly necessary for the purpose of the request.
15. Rights in relation to data processing
The right to request information: any person may request, through the contact details provided, information on what data the organisation processes, on what legal basis, for what purpose, from what source and for how long. The request will be answered promptly, but within 30 days at the latest, by sending information to the contact details provided.
Right to rectification: any person may request the rectification of any of their data through the contact details provided. Any person who wishes to make a request may have his or her personal data corrected.
Right to erasure: Any person may request the erasure of their data by using the contact details provided. Anyone who wishes to have his or her data deleted may request this without undue delay, but within 30 days at the latest, and will be informed by means of a message sent to the contact details provided.
Data that we are required to retain for legal, statutory or contractual obligations to maintain commercial records will be blocked instead of erased to prevent their use for other purposes.
Right to blocking, restriction: any person may request the blocking of their data by using the contact details provided. The blocking lasts as long as the reason stated makes it necessary to store the data. Upon request, this must be done promptly and within a maximum of 30 days and information must be sent to the contact details provided.
The right to object: any person may object to the processing of their personal data using the contact details provided. The objection shall be examined and a decision shall be taken on the merits within the shortest possible time from the date of the request, but not later than 15 days, and the decision shall be communicated to the contact details provided.
17. Enforcement possibilities in relation to data processing
National Authority for Data Protection and Freedom of Information
Postal address: 1530 Budapest, Pf.: 5.
Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c
Phone: +36 (1) 391-1400
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu
Web: https://naih.hu
18. Laws on which the processing is based
REGULATION (EU) No 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Regulation (EC) No 95/46/EC (General Data Protection Regulation)
Act CXII of 2011 on the right to information self-determination and freedom of information. Act LXVI of 1995 on public records, public archives and the protection of private archival material.
Government Decree No 335/2005 (XII. 29.) on the general requirements for the management of records by public bodies.
Act CVIII of 2001 on certain issues of electronic commerce services and information society services.