Privacy Policy

This Privacy Policy is given to inform clients of Márton-Géptech Ltd. affected by data processing, also visitors of the website https://martongeptech.hu/, as well as other partners about the handling and protection of their personal data.

Publisher and Data Controller:
MÁRTON-GÉPTECH Ltd.
Headquarters: H-2421 Nagyvenyim, Nefelejcs utca 22.
Phone: +36 70 672 3372
Contact email address: E-MAIL
Website address: https://martongeptech.hu/
(hereinafter: Data Controller)

1. 1. Definitions

• ‘personal data’ means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
• ‘data subject’ means a natural person either directly or indirectly identified or identifiable by reference to an identifier data;
• ‘consent of the data subject’ means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
• ‘data controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
• ‘data control’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, alteration, adaptation, retrieval, dissemination or otherwise making available, coordination or interconnection, blocking, erasure and destruction or denial of further use of data, facial image, audio or video recordings, and recording physical characteristics of a natural person, which allow the unique identification of that person, such as dactyloscopic data, DNA sample, iris image;
• ‘data erasure’ means overwriting data in a permanently unrecoverable way;
• ‘data processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
• ‘data processing’ means the performance of technical tasks related to data management operations, regardless of the method and means used to perform the operations, just as the place of application, provided that the technical task is performed on the data;
• ‘set of personal data’ means all data managed in a single register;
• ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
• ‘precipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
• ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
• ‘information society service’ means any service normally provided for remuneration, at a distance, by means of electronic equipment, and at the individual request of a recipient of a service;
• ‘electronic commerce service’ means a services related to information society service aimed at commercial sale, acquisition, exchange or other use of marketable movable property that can be possessed, including money, securities and natural resources, which may be used as such, also service, real estate and property rights (hereinafter together referred to as product);
• ‘GDPR (General Data Protection Regulation)’ means Regulation of the European Union on Data Protection.

2. Purpose, legal basis, scope and duration of data processing, access to data, transfers of data

Data management related to performance of a contract or a commission agreement.

If a contract or a commission agreement is concluded between the Data Controller and Your for the performance of an activity, it will process your personal data - processed in connection with the fulfilment of the given commission - in order to fulfil the agreement. In such a case, the legal basis for the processing is Article 6 (1) (b) GDPR (‘performance of a contract’). Scope of data processing: name, phone number, email address. Persons with access to the personal data are the Data Controller, its employees and contractual partners. The data may be accessed by data processors providing IT services to the Data Controller as occasion requires. Data transfer takes place in the case of cooperation with a subcontractor. The Data Controller does not sell, rent or otherwise disclose personal data or information about the User in any form to third parties. The Data Controller ensures in a manner expected appropriate data security, and implements appropriate technical and organisational measures which are designed to guarantee the enforcement of the data protection rules and principles, also to ensure security of personal data. If personal data was recorded with the consent of the data subject, the Data Controller may, unless otherwise regulated by law, also control the data recorded

• to fulfill their relevant legal obligations, or;
• to enforce the rightful interest of the Data Controller or third party if the enforcement of these interests is proportionate to the restriction of the protection of personal data without further specific consent, even after the data subject withdrew his or her consent (Section 6 (5) of Act CXII of 2011). In order to fulfil accounting obligations, the Data Controller preserves and controls personal data provided by the User for 8 years pursuant to Section 169 of Act C of 2000, or rather within the statutory limitation period pursuant to Act XCII of 2003 on the Taxation Procedure.

3. Technical and organizational measures taken to ensure data storage and data security

Personal data is stored by the Data Controller at its headquarters. The Data Controller takes in a reasonably expected manner all technology safety precautions in order to ensure security of the stored data with no third party access. IT security description of the personal data storage, main technical and organizational measures taken to ensure data security: The IT system of the Data Controller is protected by a proper firewall, anti-virus and spam filter. All computers used by the Data Controller can only be accessed with an individual password. The Data Controller takes appropriate security measures, however, please note that it is not possible to prevent or protect against all cyberattacks, also that the Data Controller does not take responsibility for the security of documents containing personal data sent via e-mail.

4. Principles relating to processing of personal data

The Data Controller declares that he or she handles personal data processing in accordance with the Privacy Policy and complies with the legislative requirements of relevant laws and regulations, paying particular attention to the following:

• Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
• Personal data shall only be collected for specified, explicit and legitimate purposes.
• Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
• Personal data shall be accurate and kept up to date. Every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
• Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
• Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
• Principles of data processing shall be applied to any information relating to an identified or identifiable natural person.

5. Your rights in regard to data processing (the rights of data subjects)

You have the following rights in regard to processing of your personal data:

• Right of access by the data subject (GDPR Article 15): You have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning You are being processed, and, where that is the case, access to the personal data and the information included in this Privacy Policy. The Data Controller shall provide a copy of the personal data undergoing processing. Where You make the request by electronic means, and unless otherwise requested by You, the information shall be provided in a commonly used electronic form.
• Right to rectification (GDPR Article 16): You have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning You. You also have the right to have incomplete personal data completed.
• Right to erasure (GDPR Article 17): You have the right to obtain from the Data Controller the erasure of personal data concerning You without undue delay and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You withdraw your consent on which the processing is based;
  • the personal data have been unlawfully processed;
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Data Controller is subject;
• Right to restriction of processing (GDPR Article 18): You have the right to obtain from the Data Controller restriction of processing where one of the following applies:
  • the accuracy of the personal data is contested by You, for a period enabling the Data Controller to verify the accuracy of the personal data;
  • the processing is unlawful and You oppose the erasure of the personal data and request the restriction of their use instead;
  • the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by You for the establishment, exercise or defence of legal claims;
• Right to information on the rights listed above (GDPR Article 12): The Data Controller shall provide information on conditions relating to data processing on a request under points (a) to (d) in a concise, transparent, comprehensible and clear form without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Data Controller shall inform You of any such extension within one month of receipt of the request, together with the reasons for the delay.
• Right to lodge a complaint with a supervisory authority (GDPR Article 77): You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of Your habitual residence, place of work or place of the alleged infringement if You consider that the processing of personal data relating to You infringes GDPR. The complaint can be submitted to the National Authority for Data Protection and Freedom of Information (address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C; phone: +36 1 391 1400; fax: +36 1 391 1410; www.naih.hu; ugyfelszolgalat@naih.hu).
• Right to an effective judicial remedy (GDPR Article 79): You have the right to an effective judicial remedy where You consider that Your rights under GDPR have been infringed as a result of the processing of Your personal data in non-compliance with GDPR. Proceedings against the Data Controller shall be brought before the courts of the Member State where the Data Controller has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where You have Your habitual residence.
• Right to data portability (GDPR Article 20): In the case, where the processing is based on Your consent or on a contract between You and the Data Controller You have the right to receive the personal data concerning You, which You have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller. You have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
• Right to withdraw consent (GDPR Article 7): You have the right to withdraw Your consent at any time through any of the contact information provided in this Privacy Policy, in which case we will no longer process your personal data for the purpose of newsletter service. The withdrawal of consent not affect the lawfulness of processing based on consent before its withdrawal.

6. How and from whom You may request information on the processing of Your personal data

You may request further information on the processing of Your personal data from the managing director Márton Zsömbör via email ( E-MAIL ). Oral statement may also be provided upon Your request, on which a written record shall be maintained. If You request an oral statement by telephone (+36 70 672 3372), You should verify Your identity to the Data Controller.

The Data Controller reserves the right to change this present Privacy Policy or to amend it accordingly in the event of changes in the relevant law.

Date: Dunaújváros, April 13, 2022.
(Updated: April 29, 2022)

MÁRTON-GÉPTECH Ltd.
Representative: Zsömbör Márton managing director