VARINEX Zrt. - Data processing information

TABLE OF CONTENTS

Name and contact details of the data controller
Concepts
Scope of personal data, purpose, legal basis and duration of data processing
Method of storing personal data, security of data processing
Data processor used during data processing
Information on remarketing, conversion and tracking codes
Cookies
Google Analytics
Google Remarketing
Google AdWords conversion tracking
Facebook Remarketing
Data processing related to sending newsletters Data
processing related to sending and displaying personalized advertisements Data
processing related to contacting and requesting a quote
Direct marketing purpose
Additional data processing
Procedural rules
Contact details and legal remedies
Judicial enforcement
Compensation and compensation for injury
Registration in the data protection register
Legislation taken into account when preparing the information

Name and contact details of the data controller

varinex.hu; 3dnyomtatas.varinex.hu; dental.varinex.hu; eos-sls.hu domains:

VARINEX Zrt. (registered office: 1141 Budapest, Kőszeg u. 4, site: 1106 Budapest, Fehér út 10. 44-es building) www.varinex.hu, mail@varinex.hu, tel: +36 1 432-0248, tax number: 12765713-2-42; company registration number: 01-10-044707, person responsible for data management: Ferenc Lucz, position: service manager, telephone number: +36 1 273 3405, e-mail address: lucz@varinex.hu, hereinafter referred to as VARINEX Zrt. service provider, data controller), as data controller, recognizes the content of this legal notice as binding on itself.

The purpose of this information is to record the data protection and data management principles applied by VARINEX Zrt. and the Company's data protection and data management policy.

VARINEX Zrt. undertakes to ensure that all data processing related to its activities complies with the requirements set out in this information and in applicable laws.

VARINEX Zrt. is committed to protecting the personal data of its customers and partners and considers it of utmost importance to respect its customers' right to informational self-determination. VARINEX Zrt. treats personal data confidentially and takes all security, technical and organizational measures to guarantee the security of the data.

VARINEX Zrt. uses Google Analytics, Google Remarketing, AdWords Conversion Tracking, and Facebook Remarketing programs to measure the traffic to its websites and monitor the behavior of its visitors, to create statistics, and to monitor the effectiveness of its advertisements.

Concepts

"personal data": any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
"data processing": any operation or set of operations which is performed on personal data or data files, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"restriction of processing": marking stored personal data with the aim of restricting their future processing;
"controller"means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;
"data processor"means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
"third party"means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct control of the controller or processor, are authorised to process personal data;
"consent of the data subject": any freely given, specific, informed and unambiguous indication of the data subject's wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her;
"data breach"means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Scope of personal data, purpose, legal basis and duration of data processing

VARINEX Zrt.'s data processing is based on voluntary consent, contractual or legal obligation. When we collect personal data from the data subject, VARINEX Zrt. provides the data subject with all of the following information at the time the personal data is obtained:

the identity and contact details of the data controller and the data controller's representative;
the purpose of the intended processing of personal data and the legal basis for the processing;
if the personal data was not obtained from the data subject: the categories of personal data concerned;
where applicable, the recipients of the personal data and the categories of recipients, if any.

In addition to the aforementioned information, the data subject will also be informed of the following additional information:

the duration of storage of personal data or, if this is not possible, the criteria for determining this duration;
the right of the data subject to request from the controller access to, rectification, erasure or restriction of processing of personal data concerning him or her, and to object to the processing of such personal data, as well as the right of the data subject to data portability;
in the case of data processing based on voluntary consent, the data subject has the right to withdraw consent at any time, which does not affect the lawfulness of the data processing carried out on the basis of consent before the withdrawal;
the right to lodge a complaint with the supervisory authority;
whether the provision of personal data is based on a legal or contractual obligation or is a prerequisite for concluding a contract, and whether the data subject is obliged to provide the personal data, as well as the possible consequences of failure to provide the data.

The data subject has the right to receive feedback from the controller as to whether or not personal data concerning him or her are being processed, and if such processing is taking place, he or she has the right to access the personal data and the following information.

The data subject shall have the right to obtain from the controller, at his or her request, the rectification of inaccurate personal data concerning him or her without undue delay. Taking into account the purpose of the processing, the data subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

The data subject has the right to request that the data controller erase personal data concerning him or her without undue delay, and the data controller is obliged to erase personal data concerning the data subject without undue delay if other conditions are met.

The data subject has the right to request that the data controller restrict data processing if one of the following applies:

the data subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period of time enabling the controller to verify the accuracy of the personal data;
the processing is unlawful and the data subject opposes the erasure of the data and instead requests the restriction of their use;
the controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defence of legal claims; or
the data subject has objected to the processing; in this case, the restriction shall apply for the period until it is determined whether the legitimate grounds of the data controller override those of the data subject.

The controller shall inform any recipient to whom the personal data have been disclosed of any rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. Upon request, the controller shall inform the data subject of these recipients.

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on voluntary consent or a contract and is carried out by automated means.

If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such purposes, including profiling, where it is related to direct marketing.

If the data subject objects to the processing of personal data for direct marketing purposes, the personal data may no longer be processed for this purpose.

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

If a potential data protection incident within the VARINEX Zrt. system is likely to result in a high risk to the rights and freedoms of natural persons, the data controller will inform the data subject about the data protection incident without undue delay.

How personal data is stored, security of data processing

VARINEX Zrt.'s computer systems and other data storage locations are located at its headquarters and on its relevant servers.

VARINEX Zrt. selects and operates the IT tools used to process personal data during the provision of the service in such a way that the processed data:

accessible only to those authorized to do so;
its authenticity and authentication are ensured;
its immutability can be verified;
be protected against unauthorized access.

VARINEX Zrt. protects data with appropriate measures, in particular against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction, damage, and inaccessibility resulting from changes in the technology used.

In view of the current state of technology, VARINEX Zrt. ensures the protection of the security of data processing with technical, organizational and organisational measures that provide a level of protection appropriate to the risks associated with data processing.

We would like to inform you that electronic messages transmitted over the Internet, regardless of the protocol (e-mail, web, ftp, etc.), are vulnerable to network threats that could lead to unfair activity, contract disputes, or the disclosure or modification of information. VARINEX Zrt. takes all reasonable precautions to protect against such threats.

Data processor used during data processing

VARINEX Zrt. uses collaborators in the course of its business activities to whom it transfers personal data for the purpose of data processing. Such as the forwarder used to deliver the products or the registration of software licenses with the copyright owner of the software. VARINEX Zrt. ensures that data transfer only occurs to the extent (with such data, for such a period of time) that is absolutely necessary for the fulfillment of the obligations of the contract, agreement, or order concerned.

The legal basis for data processing is: the consent of the data subject, Section 5 (1) of the Information Act, and Section 13/A (3) of Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society.

VARINEX Zrt. reserves the right to use a data processor, the identity of which will be individually disclosed at the latest at the start of data processing.

The data managed by VARINEX Zrt. is primarily accessible to our competent internal staff, and we do not disclose it to third parties, solely out of legitimate interest (e.g. debt collection), legal obligation, or if the User has given their prior express consent.

Contact details of data processors

Google Inc.1600 Amphitheater Parkway, Mountain View, 3 California 94043, USA
Facebook Inc.1 Hacker Way, Menlo Park, California 94025, USA
LinkedIn Inc.1000 W Maude Ave, Sunnyvale, CA 94085, USA
Central customer database, customer data storage and management
- MiniCRM Zrt.1075 Budapest, Madách Imre út 13-14.+361 999 0402help@minicrm.hu https://www.minicrm.hu
- Webgalamb ENS Information Technology and System Integration Ltd.1106 Budapest, Fehér út 10.+3620 222 0011kapostol@webgalamb.huwww.webgalamb.hu
Server/hosting service:3G Team Kft.1152 Budapest, Illyés Gyula utca 2-4. A. building. floor 7.+36 70 276 2472

info@3gteam.com

Information about remarketing, conversion and tracking codes

Cookies

During visits to the websites of VARINEX Zrt., the Service Provider sends one or more cookies – i.e. small files containing a string of characters – to the visitor's computer, through which the visitor's browser can be uniquely identified. These cookies are only sent to the visitor's computer when visiting certain subpages, so they only store the fact and time of visiting the given subpage, and no other information.

The use of cookies sent in this way is as follows: external service providers, including Google, use these cookies to store if the User has previously visited the VARINEX Zrt. website. Depending on the browser toolbar, this option can be found in the cookies/tracking function placements menu item, but usually you can set which tracking functions to enable/disable on your computer under Tools > Settings > Privacy settings.

If the User does not want Google or other service providers to measure the above data in the manner and for the purposes described, they can install a blocking add-on in their browser. This add-on instructs the Google Analytics JavaScript scripts (ga.js, analytics.js, and dc.js) not to send visit information to Google. In addition, visitors who have installed the blocking browser add-on will not participate in content experiments.

To opt out of Analytics for your web activity, visit the Google Analytics opt-out page and install the add-on for your browser. For more information on installing and removing the add-on, see the help for your specific browser.

The Data Controller reserves the right to make changes to the content of the Website and these Regulations at any time. The User can continuously find out about the current Regulations under the “Data Protection and Data Management Regulations” section of the Website.

Legal background and legal basis of cookies: The background to data processing is the provisions of Act CXII of 2011 on the right to informational self-determination and freedom of information (Infotv.) and Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. The legal basis for data processing is your consent in accordance with Section 5 (1) a) of the Infotv.

The following codes can be inserted into all main pages and all subpages:

Google analytics code
Google adwords remarketing code
Google adwords conversion tracking code
Facebook remarketing code
Facebook conversion tracking code

The IP address of visitors to our website is recorded by Google and Facebook, and within 30 days of the visit, they offer advertisements on the Google display network and Facebook message boards.

The legal background and legal basis: The background to data processing is the provisions of Act CXII of 2011 on the right to informational self-determination and freedom of information (Infotv.) and Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. The legal basis for data processing is your consent in accordance with Section 5 (1) a) of the Infotv.

By using the website, you consent to the storage of the aforementioned codes on your computer and their access by the Data Controller. The codes are generally stored for 30 days, but you can configure and prevent the use of the codes in your browser. However, please note that in the latter case, without using the codes, you may not be able to use all the services of the website.

Google Analytics

The Data Controller uses Google Analytics primarily to generate statistics, including measuring the effectiveness of its campaigns. By using the program, the Data Controller mainly obtains information about how many visitors have visited its Website and how much time the visitors have spent on the Website. The program recognizes the visitor's IP address, so it can track whether the visitor is a returning or new visitor, and it can also track the path the visitor has taken on the Website and where they have entered.

Google Remarketing

The Data Controller uses the Google Remarketing program to collect data from the DoubleClick cookie in addition to the usual Google Analytics data. The DoubleClick cookie enables the use of the remarketing service, which primarily ensures that visitors to the Website will later encounter the Data Controller's advertisement on free Google advertising platforms. The Data Controller uses the Google Remarketing program for its online advertisements. The Data Controller's advertisements are also displayed on Internet websites by external service providers, such as Google. The Data Controller and external service providers, such as Google, use their own cookies (such as Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) together to learn about users' previous visits to the Website and to optimize and display advertisements.

Google AdWords conversion tracking

The purpose of Google AdWords conversion tracking is to enable the Data Controller to measure the effectiveness of AdWords advertisements. It does this by using cookies placed on the User's computer, which exist for 30 days and do not collect personal data.

Facebook Remarketing

The Data Controller uses Facebook's remarketing pixel to increase the effectiveness of Facebook ads, for the purpose of building a so-called remarketing list. Thus, after visiting the Website, an external service provider - such as Facebook - may display advertisements on Internet websites. Remarketing lists are not suitable for personal identification. They do not contain the personal data of the visitor, they only identify the browser software.

Data processing related to sending newsletters

Legal background and legal basis of data processing: The background of data processing is the Act CXII of 2011 on the right to informational self-determination and freedom of information (Infotv.) and the Act XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity (Grt.). The legal basis for data processing is your consent in accordance with Section 5 (1) a) of the Infotv. and Section 6 (1)-(2) of the Grt.

Purpose of data processing: The purpose of data processing is to inform you about the latest and best offers, promotions and events.

Scope of processed data: For data processing, it is necessary to provide your name, email, telephone number and field of expertise.

Duration of data processing: Until consent is withdrawn.

Data processing related to sending and displaying personalized advertising

Purpose of data processing: The purpose of data processing is to provide you with personalized offers that best suit your needs and preferences.

Scope of data processed: During data processing, the Data Controller uses cookies and codes to record which products you have previously visited.

Duration of data processing: Until consent is withdrawn.

Data processing associated with contacting and requesting a quote

Legal background and legal basis of data processing: The background of data processing is the provisions of Act CXII of 2011 on the right to informational self-determination and freedom of information (Infotv.). The legal basis for data processing is your consent in accordance with Section 5 (1) a) of the Infotv.

Purpose of data processing: The purpose of data processing is to be able to answer your question and to compile the best possible offer /quote/ for you.

Scope of processed data: When contacting us, you must provide your name, company name, address, e-mail address, and telephone number.

Duration of data processing: We store the personal data provided during contact until you withdraw it, but you can request its deletion at any time.

Direct marketing goal

Purpose of data processing: The Data Controller processes personal data solely for the purpose of:

exercise its rights and fulfill its obligations towards the customer using the service, based on contract or law. Ensure and monitor the appropriate, high-quality service for customers or readers (hereinafter referred to as: User or Data Subject);
Conduct market research and direct marketing with respect to data subjects;
The data of the data subjects already registered with the Data Controller is continuously updated upon subsequent contacts.

Scope of the processed data: Registration is required to access certain parts of the services of the websites of VARINEX Zrt. During registration, the websites ask you to provide the following personal data: name, email, telephone number and field of expertise. The Data Controller manages the data provided by the user: name, email, telephone number and field of expertise.

Duration of data processing: The data controller processes personal data for 5 years as long as the purpose of data processing exists. Upon the cessation of the purpose of data processing, the personal data will be deleted or modified at the request of the data subject.

Further data processing

If the Data Controller intends to carry out further data processing, it will provide prior information on the essential circumstances of the data processing (legal background and legal basis of data processing, purpose of data processing, scope of data processed, duration of data processing).

We inform you that the Data Controller must comply with written requests for data from authorities based on statutory authority. The Data Controller keeps a record of data transfers in accordance with Section 15 (2)-(3) of the Information Act (to which authority, what personal data, on what legal basis, when the Data Controller transferred it), the content of which the Data Controller provides information on upon request, unless the provision of information is prohibited by law.

Our company reserves the right to unilaterally modify this data management information without notifying the data subjects.

Our company does not verify the personal data provided to it. The person providing it is solely responsible for the adequacy of the data provided. When providing the e-mail address of any data subject, he/she also assumes responsibility for the fact that only he/she uses the service from the provided e-mail address.

We inform our clients that the investigating authority, the National Data Protection and Freedom of Information Authority, or other bodies authorized by law may contact VARINEX Zrt. to provide information, communicate or transfer data, or make documents available.

Rules of procedure

The data controller has 30 days to provide information, delete or correct personal data. If the data controller does not fulfill such a request of the data subject, it shall communicate the reasons for the refusal in writing within 30 days.

Contact details and legal remedies

Mailing address: VARINEX Zrt, 1141 Budapest, Kőszeg u. 4.

If you have any questions or comments, please contact us:

Phone: +36 1 273 3400
Monday – Friday: 09:00 – 17:00

Data protection officer:

name: Ferenc Lucz
e-mail: lucz@varinex.hu
phone: +36 1 273 3405

If you believe that the Data Controller has violated any legal provision relating to data processing or has not fulfilled any of your requests, you may initiate an investigation procedure with the National Data Protection and Freedom of Information Authority in order to terminate the allegedly unlawful data processing. Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C., Mailing address: 1363 Budapest, Pf. 9., Telephone: 06.1.391.1400, Fax: 06.1.391.1410, E-mail: ugyfelszolgalat@naih.hu, http://www.naih.hu .753951+VP7751

Judicial enforcement

The data controller is obliged to prove that the data processing complies with the provisions of the law. The data recipient is obliged to prove the lawfulness of the data transfer.

The trial falls within the jurisdiction of the court. The trial may also be initiated – at the choice of the person concerned – before the court of the place of residence or residence of the person concerned.

A party to the lawsuit may also be a person who otherwise does not have legal capacity to sue. The Authority may intervene in the lawsuit in order to ensure that the person concerned wins the lawsuit.

If the court grants the request, it obliges the data controller to provide information, correct, block, or delete the data, annul the decision made through automated data processing, take into account the data subject's right to object, and provide the data requested by the data recipient.

If the court rejects the data recipient's request, the data controller is obliged to delete the data subject's personal data within 3 days of the notification of the judgment. The data controller is obliged to delete the data even if the data recipient does not apply to court within the specified deadline.

The court may order the publication of its judgment, including the disclosure of the data controller's identification data, if this is required in the interests of data protection and the protected rights of a larger number of data subjects.

Compensation and damages

If the data controller violates the data subject's personal rights by unlawfully processing the data subject's data or by violating data security requirements, the data subject may claim damages from the data controller.

The data controller is liable to the data subject for any damage caused by the data processor and the data controller is also obliged to pay the data subject any compensation due in the event of a personal rights infringement caused by the data processor. The data controller is exempt from liability for the damage caused and from the obligation to pay compensation if it proves that the damage or the infringement of the data subject's personal rights was caused by an unavoidable cause outside the scope of data processing.

No compensation for damage shall be required and no compensation for injury may be claimed if the damage or the infringement of personal rights resulted from the intentional or grossly negligent conduct of the injured party.

Logging into the data protection register

According to the provisions of the Privacy Act, the Data Controller must report its data processing related to its marketing activities to the data protection register. The National Authority for Data Protection and Freedom of Information has accepted our related data processing under registration numbers NAIH-87715/2015.

Legislation taken into account when preparing this information

– Act CXII of 2011 – on the right to informational self-determination and freedom of information (hereinafter: Infotv.)
– Act CVIII of 2001 – on certain issues of electronic commerce services and services related to the information society (especially Section 13/A)
– Act XLVII of 2008 – on the prohibition of unfair commercial practices towards consumers;
– Act XLVIII of 2008 – on the basic conditions and certain limitations of economic advertising activities (especially Section 6)
– Act XC of 2005 on electronic freedom of information
– Act C of 2003 on electronic communications (specifically Section 155)
– Act No. 16/2011 opinion on the EASA/IAB Recommendation on Best Practices for Online Behavioural Advertising
– Recommendation of the National Data Protection and Freedom of Information Authority on the data protection requirements for prior information

This Data Protection Notice is governed by Hungarian law.

Budapest, November 16, 2020.