Leones QRS Holding Ltd. (Leones QRS Vagyonkezelő és

Tanácsadó Korlátolt Felelősségű Társaság)

 

DATA PROCESSING POLICY

 

 

Content

 

  1. General information and contact details
  2. Legal basis for data processing
  3. Purpose of data processing
  4. Categories of personal data processed
  5. Third parties that have access to your data and ways transmission
  6. Cookies used on https://www.leones.hu
  7. Data security and privacy measures
  8. Duration of data processing
  9. Right to change data
  10. Right to modify the data processing consent
  11. Right to information and legal remedies
  12. General information and contact details

 

Leones QSR Holding Ltd (Leones QSR Vagyonkezelő és Tanácsadó Kft. (Official Seat:1123 Budapest, Alkotás út 55-61., Tax ID number: 01-09-335561, web page: https://www.leones.hu; Phone number: ……, e-mail address: …….) , as maintainer of https://www.leones.hu  and manager of the web site https://www.leones.hu  (hereinafter referred to as: “Controller”) pays particular attention to the protection and correct management of your personal data. Your rightful interests regarding data protection belong to our main priorities, and we respect them during data collection as well as processing and managing. 

 

By using the web site https://www.leones.hu  you agree to share some of your personal data with the Controller.

 

“Personal data” is any information that relates to an indentifiable natural person directly (first and last name) or indirectly (e-mail address). Before you share this information with us, please read our data processing policy.

 

In compliance with the relevant data protection legislation, especially the Act CXII of 2011 on information self-determination and freedom of information (hereinafter: “Information Act”), the Collector manages the data in the context of our activities as follows:

LEONES QRS LTD.’s six directives protecting your data

We apply the following six directives at Leones QRS Ltd.:

  1. Legal basis: We only use your data for purposes detailed in this document.
  2. Relevancy and accuracy: We only collect the data that are necessary for the data processing. We do everything we can to make sure the data stored by us is up to date and accurate.
  3. Data storage: In compliance with the law we shall store your data only as long as it is necessary for the processing.
  4. Access, rectification: The Data Subject shall have the right to access, correct, modify or erase his or her data. Regarding these please read the parts “Rectification of personal data” and “Right to information and legal remedies”.
  5. Data security and privacy: Our Company protects your data against alteration, accidental destruction and damage, unauthorized usage, disclosure, as well as against unauthorized access with technical and organizational measures.
  6. Transmission and international transfer: The Controller shall transmit the Data Subject’s personal data to a third person (for example trading partners and /or providers, hereinafter: “Partners”) with the purposes detailed in this policy. We shall take all security measures to ensure the safety of the transmission and sharing of this data.

 

  1. Legal basis of data processing

 

The legal basis of the personal data processing is the voluntary consent of the data subject based on this policy. By accepting this policy the Data Subject gives his consent to Leones QSR Ltd. to process their data, transmit data and give access to their Partners in order to reach the purpose of data processing. Leones QRS Ltd has the right to do so until withdrawal of this consent.

 

  1. Purpose of data processing

 

The purpose of the data processing related to our service is to identify the visitors of our web site, to collect contacts and to use them for marketing purposes. We shall use them to send marketing materials via mail or e-mail or contact them via other means of communication for marketing purposes. We collect the data directly from the Data Subject, and, in compliance with the law, it is subject to their consent. 

 

This data shall be shared by the visitors of our web site by filling and sending in a form and will be stored in the central database of Leones QRS Ltd.

 

  1. Categories of personal data processed

 

The exact start and end of the visit will be automatically saved, and in some cases- depending on the settings of the PC- the browser, the data of the operating system and the visitor’s IP address and the name of the website visited beforehand as well. This data will be used to automatically generate statistical data. These will not be linked to other personal data; they shall solely be used to prepare statistics. The https://www.leones.hu  shall send a cookie to the visitor’s computer. The cookie is necessary amongst other purposes to send automatic messages. The Collector shall not use these cookies for commercial objectives.

 

Visitors can see our website without sharing more data than the automatically processed ones.

 

In case of subscriptions to newsletters, questions and other requirements the first and last name, phone number and email address of the user shall only be used for purposes detailed in point 3. The Collector will not give access to the personal data to other visitors of the website.

 

  1. Transmission of the data to third parties

 

We process your personal data and the information about you mainly within our inner circle. The Controller shall only transmit your personal data to third persons, our Partners, if you shared them with us in order to be transmitted.  In case of data transmissions prescribed by law, the Controller shall examine the legal basis prior to every data transmission of and if necessary, he shall consult the Data Protection Authority.

 

You can access the list of our partners here.

 

 

  1. Cookies used on https://www.leones.hu

 

We use cookies in certain parts of the web site https://www.leones.hu Cookies are packets of information sent to your browser.

 

Cookies can identify you if you already have visited the web site and help us to understand which part of the web site is the most popular one by allowing us to see which parts are clicked on the most and how much time our users spend on it. This allows us to customise our web site to your needs and to provide a smooth, colourful experience. These cookies make sure the next time you visit our web site you will find the information you need without identifying you.

 

During a visit on our website we are able to collect data automatically, but these do not enable us to identify you. Such information is for example the name of the web site that directed you to ours, the place of the access to our site and the searches on our web page. These help us to identify the searching preferences of our users without using their personal data. This data will be used in inner circles. The anonymous data, which do not enable us to identify a person are not considered to be personal data and therefore are not subject to present policy.

 

You can set your computer to accept or deny all cookies or to inform you if there are any sent to your browser. All browsers are different, so please use “Help” to personalise your cookie settings. The web page  https://www.leones.hu was installed to use cookies and denying them may affect the usage and prevent you to use it to its full potential.

 

  1. Data security and privacy measures

 

The storage and processing of personal data happens in the Controller’s headquarter. We shall take all security measures to protect the personal data against unauthorized access, modification, transmission, disclosure, erasure, destruction, accidental destruction or damage as well as becoming inaccessible due to technological changes. These measures are administrative, computerised and physical. 

  1. Duration of the data processing

Session Ids are deleted by closing the browser. Users can delete their cookies any time. Cookies are deleted depending on the settings of the browser. The data you share by subscribing to our newsletters are being processed until further instructions on your side/until you unsubscribe of our newsletters.

You can stop directly sent marketing materials and withdraw your consent to receive them on the following address by giving your name and email address:

Under the email address …………………. or, in case of newsletters sent by email under the address [email protected], or by post Leones QSR Kft., 1123 Budapest, Alkotás út 55-61.) .

By accepting our data policy you consent to only be able to erase your data of our data base by submitting a written request. The data will be erased within 5 working days of the receipt. 

  1. Right of rectification

The Data Subject shall have the right to request the rectification update or erase inaccurate personal data concerning him or her. The user can request the rectification his or her data any time. The data processed by us can be corrected in a written request. If you want to receive our newsletters on a new email address, you need to unsubscribe your old email address and then register your new one.

  1. Right to change the data processing policy

The Controller retains the right to modify this policy. This shall occur if we add new services to our profile or if the law requires it. A modification of this policy does not mean a change in the purpose of the processing.

  1. Right to information and legal remedies

If you have any questions regarding our Company do not hesitate to contact us. You find our contact details above.

Right to information

Before the start of the data processing the Controller shall provide detailed information at the request of the concerned Data Subject.

Right to access

Subsequent to the request of the client the Controller as a data manager gives information about the managed data, its source, the duration, purpose and legal basis of data processing, furthermore about the name and address (headquarter) of data processor, the activity related to the data management. In case of a data transmission, the Controller shall provide information on the legal basis and the third party receiving the data.

In order to provide you the right information, we need to be able to identify you. Questions, declarations and complaints regarding the data processing need to be sent to the Controller. Contact details are provided in point 1. Please be aware that in order to exercise your rights you need to prove your identity.

The data Collector shall give information in writing and comprehensible form as soon as possible, within 30 days after the request is received. 

The Controller can only refuse to provide information pursuant to the Information Act.

In case of a refusal the Controller informs the Data Subject in writing, which provision of the Act allows him to do so. If the Collector refuses the information, he shall inform the concerned Data Subject about legal remedies and about the services of the Hungarian National Authority for Data Protection and Freedom of Information (hereinafter: Authority).

We inform our Data Subjects that according to the legislation in force lodging a complaint shall not disadvantage users.

 

 

Contact information to the Hungarian National Authority for Data Protection and Freedom of Information:

Headquarter: 1125 Budapest, Szilágyi Erzsébet fasor 22/C.

E-mail: [email protected]

Web site: http://www.naih.hu

Phone number: +36 (1) 391-1400

Telefax: +36 (1) 391-1410

Rectification:

If the personal information is incorrect – incorrect, inaccurate or incomplete – and the Controller has access to the correct data, he has the right to correct the personal data without undue delay. If the correction complies with the purpose of the data processing, it will be completed with the additional data and a declaration relating to the personal data provided by the concerned Data Subject.

Restriction:

Where the processing has been restricted, such personal data shall(with the exception of storage) only be processed with the Data Subject’s consent or in order to establish, exercise or defend his or her legal claims or in compliance with the law, international agreements and with the legislation of the European Union, pursuant to Section 19 of the Information Act.

Erasure

The personal data have to be erased without delay if there are no overriding legitimate grounds for the processing, especially based on the Section 4. of the Information Act, if the Data Subject requests it based on Section 4 e) of the Information Act, if the Data Subject withdraws consent on which the processing of his or her personal data or the consent is incomplete or has been given on the basis of false information (and can not be remedied) and the erasure is in compliance with the law; if there is no purpose or other legal ground for the processing; if the duration of the data processing determined in the legislation, international contract or in the binding acts of the European Union has run out; if the Collector has been obliged by the Authority, court or the acts of the European Union.

If the Controller does not grant the Data Subject his or her request to erasure or restriction, he is obliged to inform the Data Subject on the legal basis of the rejection of the request of correction, erasure or restriction within 30 working days in writing or in email. If the Collector refuses to correct, erase or restrict the information, he shall inform the concerned Data Subject about legal remedies and about the services of the Authority.

If the Controller or the data processors delegated by him decides to correct, erase or restrict the personal data processed by him, he shall inform the data managers and data processors about these actions in detail in order to ensure that these corrections, erasures and restrictions are performed on the data previously transmitted to them.

Right to object

Considering that the Controller does not perform any data processing carried out in the public interest and has no official authority, does not pursue scientific or historical research and does not process data for statistics purposes, the right to object may be exercised on the grounds of legitimate interests.

In the event that the personal data of the Data Subjects are processed on the grounds of legitimate interests it is an imperative guarantee that the Data Subject shall be ensured proper information regarding the data processing of his or her data and his or her right to object.  The Data Subject shall be expressly informed of this right latest at the time of initial contact.

The Data Subject is entitled to object to the processing of his or her personal data on the above grounds and in such cases the Controller shall no longer have grounds to lawfully process the Data Subject’s personal data, except in cases where it can be demonstrated that:

  • the Controller has compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or
  • The processing of the data is related to the establishment, exercise or defense of legal claims by the Controller.

Right to object to direct marketing

The Data Subject is entitled to object to the processing of his or her personal data for direct market purposes, however, unlike in the case of data processing on the grounds of other legitimate interests, where the Data Subject objects to processing for direct marketing purposes the Controller shall not have the right to examine whether it still has any other grounds to proceed with the processing.

Where the Data Subject objects to processing for direct marketing purposes, the Controller shall no longer process the Data Subject’s personal data for such purposes.

Profiling

During profiling the individual information of the Data Subjects are evaluated with the use of any form of automated processing.  Such evaluations are suitable to analyze or predict aspects concerning the Data Subject’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

The right to object also includes profiling on the grounds of legitimate interests in the form of special data processing operations. Where profiling is done for purposes relating to direct marketing the Controller shall no longer perform profiling of the Data Subject on the basis of his or her personal data upon the objection of the Data Subject.

Exercise of rights

Leones QRS Ltd. shall process your data complying with this policy and in accordance with the law and guidelines.

If you consider that your rights as a Data Subject have been infringed by the Controller do not hesitate to contact us, so we can find a solution for you.

The Data Subject shall have the right to lodge a complaint with the authorities if he or she is not satisfied with our data processing services or considers that the data processing has infringed his or her rights.

The concerned Data Subjects have the following two options:

  1. The Authority shall have the right to examine the legality of the data processing in case the rights of the Data Subjects determined in Section 14 of the Information Act are impended, or his or her application relating to them has been rejected.
  2. The Authority shall have the right to launch a data protection procedure if he considers that the processing of the Data Subject’s personal data by the Controller infringes on the effective data protection legislation or on the standards determined by the legally binding acts of the European Union.

We inform our Data Subjects that they can bring action before the civil court or turn to the data protection authority. The concerned Data Subject shall be able to find detailed information on this and the duties of the Controller in the legal provisions of the European Union and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, in the Regulation 2016/679 (27. April 2016) that has superseded the Directive 95/46/EC, in the Act CXII of 2011  on information self-determination  and freedom of information, furthermore in the Section 13/A of Act CVIII of 2001  on certain issues of electronic commerce activities and information society services.

The Regional court shall have jurisdiction in the proceeding. The Data Subject may also bring proceedings before the courts where the Data Subject has his or her place of habitual residence. Parties with no legal capacity shall also have the right to become parties to the proceeding. The Authority shall have the right to intervene in proceedings in order to help the concerned party to succeed.

Should the court uphold the proceeding, it shall acknowledge non-compliance and oblige the Controller and the data processor to cease the unlawful processing of data, to establish legality and to conduct in accordance with the rules safeguarding the interests of the concerned Data Subject. If necessary, the court shall enforce a tort or restitution.

The court shall have the right to publish its findings, disclosing the Collector’s and the data processor’s identifying information, if they affect many individuals, if  the defendant carries out its data processing and managing task in public interest or if the scope of the injury justifies it.

In case you have further questions regarding personal data protection please contact us under  [email protected].

03.05. 2019, Budapest