Data Controlling Information
In its data controlling, ANY Security Printing Company PLC (hereinafter: ANY Security Printing Company or Printing Company) pays high attention to act in accordance with the Act XCII of 2011 on the right of informational self-determination and freedom of information, and other laws, as well as the data protection practice developed during the activity of National Authority for Data Protection and Freedom of Information (hereinafter: Authority), also considering the major international recommendations related to data protection.
The Printing Company hereby informs its clients and visitors to its website on the personal data controlled by the Printing Company in relation to the website, on its practice followed in the personal data controlling, on its organizational and technical measures taken to protect personal data, and on the way and possibilities of exercising the rights of the data subjects.
The personal data controller for the website is ANY Security Printing Company (H-1102, Budapest, Halom utca 5.).
Set of personal data controlled; objective, scope, legal basis and duration of data controlling
The Printing Company controls the technical data (log data) classified as personal data that automatically created in connection with
- the type of browser program used,
- the Internet Protocol address (IP-address, port number),
- the domain name (URL),
- the date of the visit and
- the list of the pages viewed,
when visiting the website of the Printing Company, with regard to establishing and maintaining the Internet connection.
The purpose of the data controlling is to gather statistical information necessary for website development and for carrying out analysis related to the attendance and use, as well as to prevent the possible abuses and to enable their detection (information security objectives).
Log data related to visiting the website are controlled by the Printing Company for two years for information security purposes, and for one year for statistical purposes.
The purpose of using cookies is to gather statistical information necessary for website development and for analysis related to the attendance and use. Cookies’ imprints cannot be linked to individual website browsing; only anonym data for statistical purposes can be obtained from them, based on which the trends for the further website development can be outlined.
Temporary cookie and cookie for classification purpose which facilitates the use of the website is deleted at the end of a particular work process (the browsing); functional cookie is stored on the computer of the data subject for a quarter of a year, while statistical cookie is stored for two years, if it is not removed before.
Both for log data and for cookies, the consent of the data subject provides legal basis for the data controlling [under the Info Act, Paragraph 5, Section (1), Point a) and also the Info Act, Paragraph 6, Section (5) for the duration of data controlling].
It is possible to subscribe to the Printing Company’s newsletter by giving the name and e-mail address, and in this case the legal basis for data controlling is provided by the consent given during the registration. Subscription is subject to understanding the data controlling information of the Printing Company and making a statement to justify it. The data controlling is performed until the date when the consent is withdrawn. The consent can be withdrawn with using the link on the newsletter and sending an e-mail to the address: firstname.lastname@example.org.
The aim of the data controlling is to inform data subjects on the actualities directly or indirectly affecting ANY Security Printing Company with sending newsletter to the user and also to ensure the possibility for such communication.
In its website, the Printing Company provides information on the news and events belonging to its activity scope for which the Printing Company controls some personal data of the data subjects which are publicly available, where appropriate (e.g.: name, professional biographical data, photos).
Circle of persons having access to data; data processors
Solely the authorized personnel of the Printing Company are entitled to control the data.
Data are disclosed by the Printing Company to a third person only if it is compulsorily required by law or with the user’s authentic consent thereto.
The website is operated by ANY Security Printing Company.
The Printing Company entrusted Reflex Kft. with the maintenance of the website (H-1122 Budapest, Magyar jakobinusok tere 2-3. I/6., Company register number: 05-09-000445).
Under the terms of Info Act, during the maintenance activity the Printing Company uses the services of Reflex Kft. that are classified as data processing.
The data processor performs the technical tasks requested by the Printing Company on the basis of the Printing Company’s instructions.
The Printing Company controls the data with the utmost care, in strictest confidence, only to the extent required to use the services, and in the case of consent in compliance with the possible provisions of the person who gave such consent.
The Printing Company with specific care makes every effort to ensure secure controlling of the personal data and therefore, took the technical and organizational measures and also developed the procedural regulations that are required to enforce the data controlling and data protection regulations. The Printing Company regularly reviews these measures and regulations and modifies them if necessary.
Users’ rights related to controlling of their personal data and ways of exercising these rights
Everyone is entitled to request information on his/her data controlled by the Printing Company and processed by the data processors entrusted by the Printing Company or in accordance with the provisions of the Printing Company, on the data resources, purpose and duration of and legal basis for the data controlling, on the name and address of the data processor and its activity associated with the data controlling, on the circumstances and impact of the possible data protection incident occurred and on the measures taken to prevent it, and in addition, in the case of data transfer, on the legal basis and addressee thereof.
The Printing Company provides written information in the shortest possible time but at latest within 25 days; providing information is denied by the Printing Company only in the cases that are compulsorily stipulated by law. In such case, the Printing Company informs the person requesting information under which legal provision the Printing Company denied providing information and what remedies are available against this decision.
If the personal data does not correspond to the facts, correction of the data controlled by the Printing Company can also be requested. If the personal data corresponding to the facts is available, it will be corrected by the Printing Company.
The personal data shall be deleted if
- controlling these data is unlawful;
- the data subject requests the deletion of his/her personal data;
- the data are incomplete or incorrect and this state cannot legally be remedied;
- the objective of data controlling ceased and the deadline for storing the data expired;
- the deletion was ordered by a court or the Authority.
The deletion can be initiated by the data subject with a written request submitted to the Printing Company.
The Printing Company blocks the personal data if it is requested by the person entitled thereto at least in a private document with full probative force, or in case the data deletion requested by the person entitled would hurt the rightful interests of the person concerned. The blocked personal data shall only be controlled until the objective of data controlling exists which precluded the deletion.
The Printing Company indicates the personal data the correctness and accuracy of which is disputed, if the incorrectness and inaccuracy of the data cannot be proved clearly.
Within 25 days from the submission of the request, the Printing Company will notify the person who submitted the request, in writing, in electronic way with the consent of the data subject, of the correction, blocking, indication and deletion, and the fulfilment of the relevant request or the obstacles thereto, including factual and legal grounds for the refusal together with an information of the remedies available in case the request is refused.
The person entitled thereto can make an objection to the personal data controlling, if the personal data controlling or transmission is only needed to fulfil legal obligations of the Printing Company, or to enforce legitimate interest of the Printing Company, data recipient or a third party (except for the case of mandatory data controlling); and if the personal data is used or transmitted for direct marketing, public opinion research or scientific research purposes.
Within 15 days after the receipt of the objection, the Printing Company will review the request and comply with the content therein, if the rightfulness thereof can clearly be established, and will send written information on its decision to the person who submitted the objection. Within 15 days, the Printing Company will send a written notification of the possible refusal of the request to the person who submitted the objection, in the same way as the objection was submitted (on paper or electronically), including its justified decision.
In case the objection is refused; if the submitter does not agree with the decision made on the basis of the request; or if the Printing Company misses the deadline available, the person concerned can go to law.
Everyone who thinks that his/her rights are infringed due to the data controlling of the Printing Company can turn to a court or the Authority. The court will proceed in such case out of turn. Budapest Law Court is the court of competent jurisdiction in these cases, but the legal proceedings can be started in a court with legal jurisdiction of the domicile or residence of the person who initiated the lawsuit, according to his/her choice.
Budapest, June 1, 2017