NOTICE

In relation to the processing of data through the use of cookies on the https://www.ganz-mavag.com website

1. Name of the Joint Data Controllers

Name: Ganz-MaVag International Korlátolt Felelősségű Társaság
Seat: 1139 Budapest, Lomb utca 37-39.
Company registration number: Cg. 01-09-286246
Tax number: 25733350-2-41
E-mail: commercial@mavag.com
hereinafter referred to collectively as: Data Controller or Data Controllers

Contact details of the employee responsible for data protection:
E-mail: commercial @mavag.hu
Postal address: 1139 Budapest, Lomb utca 37-39.

2. Name of data processor

Name:
Adress:
Company registration number:
Tax number:
E-mail:
hereinafter referred to as: Data Processor

Contact details of the Data Protection Officer:

E-mail: commercial@mavag.com

On the basis of the service contract between the Data Controllers and the Processor, the Processor provides the Data Controllers with a full range of IT services, including the operation of the website.

3. The person concerned:

Any natural person who, by means of any information technology device (hereinafter referred to as "device"), visits the website https://www.ganz-mavag.com (hereinafter referred to as "website") and thereby the website places cookies on the devices used by the data subject and on the browser used by the data subject.

What are cookies and what they do: when the data subject visits the website, the Data Controller places a small data file, called a cookie (hereinafter referred to as a cookie) on his or her device. Cookies available on the website generally fall into two categories. One category includes cookies that are strictly necessary for the functioning of the website, while the other category includes all other cookies whose purpose or function goes beyond the functioning of the website and serves other data processing purposes.

We use cookies on the website to ensure the full functionality of the website and to make the site more user-friendly. Functional cookies are used to ensure that all features of the site function properly and securely. We also use cookies for statistical purposes, with the consent of the data subject, to monitor the number of visitors and the most frequently viewed content, and to obtain information about possible malfunctions. You can delete cookies in the appropriate menu of your browser. For further help, please refer to the help section of your browser. If required, cookies must be deleted on all browsers used by the data subject. In case of a reset, the browser will offer the possibility to reset cookies every time you visit our website. For detailed information on deleting or blocking cookies, depending on the browser used by the data subject, please visit the following links (click on the text from the browser that visited our website): 

Please note that after deleting functional cookies, certain functions of the website will not work or will only work to a limited extent. When using ad-blockers, the information may not always be displayed. If the data subject wishes to view it, it is necessary to deactivate the ad-blocker application.

4. Information on data management

   Purpose of processing: cookies are used on the website to provide visitors with the functionality of the website, to simplify browsing and to enhance the user experience by recording individual user preferences and visit history. With the consent of the data subject, we use cookies for statistical purposes in order to monitor the number of visitors and the most frequently viewed content, as well as to obtain information about possible malfunctions.

   For the purposes of processing, the Data Controller uses the following two types of cookies: 

   so-called functional cookies, which are essential for the functioning of the website and their use is therefore necessary and independent of the will of the data subject;

   so-called cookies for statistical purposes, which are only placed by the website on the data subject's device if the data subject has given his or her explicit consent. The data subject can give his or her consent by ticking the box for statistical cookies in the window that pops up when visiting the website and clicking on the "Allow selection" button. The use of the site is not affected by these cookies. 

   Legal basis for processing: in the case of  functional cookies, processing is based on Article 6(1)(f) GDPR (legitimate interest of the controller). In the case of cookies for statistical purposes, processing is based on Article 6(1)(a) GDPR (consent of the data subject).  

   Scope of the data processed

   for functional cookies: the cookie places an anonymous identifier on the data subject's device;

   for statistical purposes: the cookie assigns an anonymous identifier to collect the following data for the Data Controller: number of visits, duration of visits, pages visited, information about the device used for the visit (type of device, display size, type and version of operating system), geographical location of the visit (up to city level), frequency of visits (proportion of return visits or new visits), demographic data (source: Google account, Android and iOS devices).

   Source of personal data: the data subject

   Duration of processing for functional cookies:
   until the end of your browsing session;
   for cookies for statistical purposes: ...

   Method of processing: only by electronic means. 
   Persons entitled to access the data: only employees performing tasks related to the development and operation of the website are entitled to access the data.
   
   

   
   

5. Information on data security measures

• The Data Controller shall, with the assistance of the Processor, take the technical and organisational measures necessary to:

1. to ensure that IT systems operate in accordance with the Information Security Policy (ISP);

2. ensure that authorised users have access to IT systems, their functions and the data they manage, according to their level of authorisation;

3. ensure that data is backed up and archived.

• The Data Controller shall comply with the procedural rules necessary to enforce the legal requirements for data processing set out in point 7. The Data Controller also expects the Processor to comply with this legislation on the basis of the processing contract concluded between them pursuant to Article 28(3) of the GDPR. 

• The Data Controller shall, through the Data Processor, subject the electronically processed data files to virus scanning and other security filtering.

• The Data Controller shall ensure the security of data processing by technical, organisational and organisational measures to provide a level of protection appropriate to the risks associated with the processing, by selecting the IT tools used and by operating them in such a way that the data processed:

1. be accessible to authorised persons (availability);

2. be authentic and verified (authenticity of processing);

3. be verifiable (data integrity);

4. be accessible only to the authorised person and protected against unauthorised access (confidentiality of data).

6. Data subjects' rights and means of redress

   • Right to request information

The data subject may request information from the Controller, request the rectification of his or her personal data and request the restriction of processing. At the request of the data subject, the Controller shall provide information on the data processed, the purposes, legal basis and duration of the processing, the name and address (registered office) of the controller, the name and address (registered office) of the processors and their activities in relation to the processing, the contact details of the employee responsible for data protection, the persons who have received or are receiving the data subject's personal data and the data subject's rights in relation to the processing. The controller shall provide the information in writing in an intelligible form within the shortest possible time from the date of the request, but not later than 1 month. If necessary, taking into account the complexity of the request and the number of requests, this time limit may be extended by a further two months. Where the request for information is unfounded or excessive, in particular because of its repetitive nature, the Controller may refuse to act on the request. The controller may refuse to comply with a request to exercise the rights of the data subject until the data subject can be identified beyond reasonable doubt.

• Right of access

The data subject has the right to receive feedback from the Data Controller on whether his or her personal data are being processed. 

The right of access entitles the data subject to have access to personal data relating to ongoing processing and to the following information: 

• the purpose of the processing, 

• the categories of personal data concerned, 

• the duration of the processing, 

• who receives or has received the personal data of the data subject and for what purposes, 

• the data subject's rights in relation to data processing, 

• the right to lodge a complaint with a supervisory authority. 

At the request of the data subject, the Data Controller shall provide a copy of the personal data subject to processing, provided that it does not adversely affect the rights and freedoms of others. The Controller may charge a fee for additional copies requested by the data subject. 

• Right to withdraw consent

The data subject may withdraw his or her consent to the use of statistical cookies at any time without restriction by deleting the cookie from his or her browser as described in section 3. The relevant information for each browser is available in section 3. 

• Right to modify, rectify and supplement data 

The data subject may request the amendment (rectification) of inaccurate personal data concerning him or her or the completion of incomplete personal data through the contact details provided in point 1. The controller shall notify the data subject of the rectification. It shall refrain from doing so if, having regard to the purposes of the processing, this does not harm the legitimate interests of the data subject.

• Right to erasure ("right to be forgotten")

The data subject may request the erasure of his or her personal data if the purpose of the processing has ceased, if the data subject withdraws his or her consent, if the processing of the data is unlawful, if the specified period for storing the data has expired or if a court or public authority has ordered it. The controller shall notify the data subject of the erasure of personal data. It shall not do so if, having regard to the purposes of the processing, this does not harm the legitimate interests of the data subject. The Controller shall not erase personal data where it is necessary for compliance with a legal obligation to which the Controller is subject or for the establishment, exercise or defence of legal claims.

• Right to restriction of processing

You may request the restriction of the processing of your personal data by the Controller at any of the Controller's contact details, provided that: 

• the data subject contests the accuracy of the personal data (in which case the restriction applies for as long as the Data Controller verifies the accuracy of the data); 

• the processing is unlawful, but the data subject opposes the erasure of the data and requests the restriction of their use; 

• the purpose of the processing has ceased, but the data subject needs them for the establishment, exercise or defence of legal claims.

The restriction lasts as long as necessary for the reason indicated by the data subject. In this case, the personal data, except for storage, will only be processed with the consent of the data subject; or for the establishment, exercise or defence of legal claims; or for the protection of the rights of another natural or legal person; or for important public interests. The Controller shall inform the data subject in advance of the lifting of any restriction at the request of the data subject. 

• Right to object

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of his or her personal data on the basis of Article 6(1)(f) of the GDPR. In this case, the Controller shall no longer process the personal data and shall delete them. The Controller may further process the personal data of the data subject where the processing is justified by compelling legitimate grounds and where it is necessary for the establishment, exercise or defence of legal claims. Where the data subject objects to processing under this privacy notice, the Data Controller shall assess the feasibility of the request on a case-by-case basis.

• Right to data portability

In the case of processing pursuant to Article 6(1)(a) of the GDPR, the data subject shall have the right to obtain the personal data relating to him or her which he or she has provided to the controller in a structured, commonly used, machine-readable format, where the controller carries out the processing by automated means. The data subject also has the right to transmit these data to another controller. The Controller shall only transfer the personal data of the data subject to the controller identified by the data subject in an identifiable manner. The Controller shall not be liable for the processing carried out by the recipient controller after the transfer.

• Right to legal redress 

In case of violation of your rights or if you disagree with the decision of the Data Controller, you may lodge a complaint with the National Authority for Data Protection and Freedom of Information: 

Name: Nemzeti Adatvédelmi és Információszabadság Hatóság
Seat: 1055 Budapest, Falk Miksa u. 9-11.
Postal address: 1363 Budapest, Pf. 9. 
Telephone: +36 (1) 391-1400 / +36 (30) 683-5969 / +36 (30) 549-6838
Fax: +36 (1) 391-1410
E-mail: ugyfelszolgalat@naih.hu

In case of infringement of his/her rights or if he/she disagrees with the decision of the Data Controller, he/she may also directly apply to the court of the place of his/her residence or domicile for a remedy against the Data Controller. The court shall decide the case out of turn.

If you require further information on data processing in addition to that provided in the Privacy Notice, you can request information via the contact details of the Data Controller provided in point 1.

If the data subject has a comment or objection about the processing of his or her personal data or would like to request information about the processing of his or her data, he or she can do so by contacting the person responsible for data protection at or commercial@mavag.hu .

7. Relevant legislation

• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or GDPR),

• Act CXII of 2011 on the Right to Informational Self-Determination and Freedom of Information (Infotv.),

• Act C of 2003 on electronic communications.

Effective: from the day of month 202

(Ganz-MaVag International)

Common Data Controllers