PRIVACY POLICY

By publishing this privacy notice, KRK4U do.o. – hereinafter referred to as the Company – complies with its obligation to provide prior information to data subjects on the processing of personal data, as required by REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 December 2016, according to which all information pursuant to the relevant articles of the Regulation must be provided to data subjects in a concise, transparent, intelligible and easily accessible form, in a clear and plain language.
I.NAME OF THE CONTROLLER
The Company informs the data subject that it is a data controller for the purposes of processing his or her personal data.
COMPANY: KRK4U d.o.o.
SZÉKHELY: 51515 Šilo , Stara cesta 49
COMPANY REGISTRATION NUMBER:05360064
ADDRESS: 45666902519
TELEFON: +385 99 374 9656
NAME OF THE DATA PROTECTION OFFICER:
IMAGINER’S NEVE: Dobosi Milán
E-MAIL: sales@krk4u.com
WEB SITE: krk4u.com
The personal data may be accessed by employees of the Company with access rights related to the relevant data management purpose, and by persons and organisations performing data processing activities for the Company on the basis of service contracts, to the extent and to the extent necessary for the performance of their activities.
II. THE IDENTITY OF THE DATA PROCESSOR(S)
(1) The Company does not use an external data processor for the operation and maintenance of its website in the scope of the personal data processed by the Company on the basis of its voluntary consent.
ACTIVITY:
III. DEFINITIONS
“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2. “processing” means any operation or set of operations which is performed upon personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, structuring, storage, adaptation or alteration, retrieval, consultation, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. “restriction of processing”: the marking of stored personal data for the purpose of restricting their future processing;
4. “profiling”: any form of automated processing of personal data whereby personal data are used to evaluate or predict certain personal aspects relating to a natural person, in particular to analyse or predict characteristics associated with the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements of that natural person;
5. “pseudonymisation” means the processing of personal data in such a way that it is no longer possible to identify the natural person to whom the personal data relate without further information, provided that such further information is kept separately and technical and organisational measures are taken to ensure that no natural person who is identified or identifiable can be linked to that personal data;
6.”filing system” means a set of personal data, structured in any way, whether centralised, decentralised or structured according to functional or geographical criteria, which is accessible on the basis of specified criteria;
7. “controller” means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
8. “processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
9.”recipient” means a natural or legal person, public authority, agency or any other body to whom or with which personal data are disclosed, whether or not a third party. Public authorities that may have access to personal data in the context of an individual investigation in accordance with Union or Member State law are not recipients; the processing of those data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;
10. “third party” means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct authority of the controller or processor, are authorised to process personal data;
11. “the data subject’s consent” means a freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she signifies, by a statement or by an act expressing his or her unambiguous consent, that he or she signifies his or her agreement to the processing of personal data concerning him or her;
12. “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss,alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
13. “undertaking” means any natural or legal person, regardless of its legal form, engaged in an economic activity, including partnerships or associations carrying on a regular economic activity.
IV. LEGAL BASIS FOR PROCESSING
1. Consent of the data subject
(1) The lawfulness of the processing of personal data must be based on the data subject’s consent or on some other lawful basis established by law.
(2) Where processing is based on the data subject’s consent, the data subject may give his or her consent to the processing of his or her personal data in the following form:
a) in writing, in the form of a statement giving consent to the processing of personal data, b) electronically, by means of explicit conduct on the Company’s website, by ticking a box or by making technical settings when using information society services, and any other statement or action which, in the relevant context, clearly indicates the data subject’s consent to the intended processing of his or her personal data.
(3) Silence, ticking a box or inaction therefore does not constitute consent.
(4) Consent shall cover all processing activities for the same purpose or purposes.
(5) Where processing is carried out for several purposes at the same time, consent shall be given for all the purposes of processing. Where the data subject gives his or her consent following an electronic request, the request must be clear and concise and must not unnecessarily impede the use of the service for which consent is sought.
(6) The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal. The data subject shall be informed before consent is given. The withdrawal of consent shall be made possible in the same simple manner as the giving of consent.
2. Performance of the contract
(1) Processing shall be regarded as lawful where it is necessary for the performance of a contract to which the data subject is a party or where it is necessary for the purposes of taking steps at the request of the data subject prior to entering into the contract.
(2) The consent of the data subject to the processing of personal data not necessary for the performance of the contract shall not be a condition for entering into the contract.
3. Compliance with a legal obligation to which the controller is subject or the protection of the vital interests of the data subject or of another natural person
(1) The legal basis for processing in the case of compliance with a legal obligation is determined by law, so the consent of the data subject to the processing of his or her personal data is not required.
(2) The controller shall inform the data subject of the purposes, legal basis and duration of the processing, the identity of the controller, the data subject’s rights and the legal remedies available to the data subject.
(3) The controller shall be entitled to process the data necessary for compliance with a legal obligation to which the data subject is subject, after the withdrawal of the data subject’s consent.
4.Execution of a task carried out in the public interest or in the exercise of official authority vested in the controller, or in the legitimate interests of the controller or of a third party.(1) The legitimate interests of the controller, including the controller with whom the personal data may be shared, or of a third party may constitute a legal basis for processing, provided that the interests, fundamental rights and freedoms of the data subject do not override the legitimate interests of the controller, taking into account the reasonable expectations of the data subject in his or her relationship with the controller. Such a legitimate interest may, for example, exist where there is a relevant and appropriate relationship between the data subject and the controller, such as in cases where the data subject is a client or employee of the controller. (2) In order to establish the existence of a legitimate interest, it is necessary in any event to carefully assess, inter alia, whether the data subject could reasonably have expected, at the time and in the context of the collection of the personal data, that processing for the purposes in question would take place. (3) The interests and fundamental rights of the data subject may override the interests of the controller where personal data are processed in circumstances in which the data subject does not reasonably expect that further processing will take place.V. The Company provides the following brief information about the rights of the data subject:The data subject has the right:a) to be informed before the processing starts,b) to receive feedback from the controller on whether his/her personal data are being processed and, if such processing is ongoing, to have access to the personal data and the following information,c) to rectify his/her data, d) to request the restriction of processing and to be informed by the controller of the restriction of processing,e) to data portability,f) to object if your personal data are processed for a public interest purpose or on the basis of a legitimate interest of the controller.g) to be exempted from automated decision-making, including profiling,h) to lodge a complaint with a supervisory authority. The data subject may exercise his or her right to lodge a complaint by contacting: National Authority for Data Protection and Freedom of Information, address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c., Tel: +36 (1) 391-1400;Fax:+36(1)391-1410.,www:http://www.naih.hu e-mail: ugyfelszolgalat@naih.hui) For an effective judicial remedy against a supervisory authority,j) For an effective judicial remedy against a controller or a processor k) For information about a personal data breach.2. Detailed information on data subjects’ rightsRight to information(1) The data subject shall have the right to be informed of the information relating to the processing of his or her data before the processing of the data starts. (2) Information to be provided where personal data are collected from the data subject:a. the identity and contact details of the controller and, if any, of the controller’s representative;b. the contact details of the Data Protection Officer, if any;c. the purposes for which the processing of personal data is envisaged and the legal basis for the processing;d. in the case of processing based on Article 6(1)(f) of the Regulation, the legitimate interests of the controller or of a third party;e. where applicable, the recipients of the personal data or categories of recipients, if any;f.g. where applicable, the fact that the controller intends to transfer the personal data to a third country or an international organisation and the existence or absence of an adequacy decision by the Commission or, in the case of a transfer referred to in Article 46, Article 47 or the second subparagraph of Article 49(1) of the Regulation, an indication of the appropriate and suitable safeguards and a reference to the means of obtaining a copy or the availability of copies of the data.(3) In addition to the information referred to in paragraph 1, the data controller shall provide the information referred to in Article 46, Article 47 or the second subparagraph of Article 49(1) of the Regulation.
Szombathely, 2018.05.25.