Privacy Policy

Gemeric Consulting Limited Liability Company

Privacy Policy

Before entering your data, please read the following data management information carefully, which is in accordance with the legislation in force at all times regarding data protection, in particular with Regulation 2016/679 of the European Parliament and of the Council (the “GDPR”) and CXII of 2011 on the right to information self-determination and freedom of information. with Act (the “Infotv.“), and XLVIII of 2008 on the basic conditions and certain limitations of economic advertising activity. by law (the “Grt.“). Terms not otherwise defined in this data management information are defined by the GDPR, Infotv. and Grt. must be interpreted as defined in the definitions.

The purpose of this data management information sheet is to fully regulate the Gemeric Consulting Kft. (address (place of data management): 1025. Budapest, Zöldlomb utca 4 /a, registered at the Budapest District Court’s Company Registry under number 13-09-177063, tax number: 25370551-2-41 hereinafter: by “Data Controller“) operation during the use of the website www.gemeric.com and its sub-pages, as well as during contacting, joining, maintaining business relationships and managing the data of contacts and organized with the cooperation of the Data Controller events and the recordings made there, as well as the provisions regarding the handling of your personal data and the processing of your personal data in connection with the above. The current version of the data management information is available at the web address www.gemeric.com/. The Data Controller reserves the right to change the data management information, as well as to amend it in accordance with changes in the European Union or Hungarian legislation.

The Data Controller will do everything possible to protect your personal data and respect your right to informational self-determination, therefore it will only process the personal data specified in this data management information sheet, in the manner, for the purpose and for the period of time that is specified in advance in this data management information sheet, and in respect of which the GDPR there is a legal basis allowed by The Data Controller treats the personal data it receives confidentially and takes technical measures to guarantee the security of personal data.

This data management information is considered to be your information. If you provide personal data to the Data Controller – regardless of the method of communicating the data – you accept this data management information and – if the data management is based on consent – you consent to the data management and data transfer in accordance with its provisions. We draw the attention of informants to the Data Controller that if they do not provide their own personal data, the informant is obliged to obtain the consent of the data subject.

  1. Person and contact details of the data controller

Gemeric Consulting Kft.

Company registration number: 13-09-177063 registered by the Company Court of the Budapest District Court

Tax number: 25370551-2-41

Mailing address (place of data processing): 1025. Budapest, Zöldlomb utca 4/a

Phone number: +36-20-910-4710

Email address: info@gemeric.com

Website: www.gemeric.com/

The personal data and documents provided by you can be viewed and handled by the employees and management of the Data Controller, as well as by the persons listed in point 4 of this information.

 

  1. Basic principles and legal bases of data management

 

  • Basic principles

When handling personal data, the Data Controller takes into account and complies with the basic principles contained in Article 5 of the GDPR, i.e.

  1. legality, due process and transparency;
  2. purposefulness;
  3. data saving;
  4. accuracy;
  5. limited storage capacity;
  6. integrity and confidentiality; as well as that
  7. accountability

acts along

  • Legal bases of data management

The Data Controller processes personal data if at least one of the following conditions is met:

  1. the data subject (you) has given his consent to the processing of his personal data for one or more specific purposes (“consent”);
  2. data processing is necessary for the performance of a contract in which the data subject (you) is one of the parties, or it is necessary for taking steps at the request of the data subject (you) prior to the conclusion of the contract (“performance of the contract”);
  3. data management is necessary to fulfill the legal obligation of the data controller (“data management based on legal regulations”);
  4. data processing is necessary to protect the vital interests of the data subject or another natural person (“vital interest”);
  5. the data processing is in the public interest or is necessary for the execution of a task performed in the framework of the exercise of a public authority delegated to the data controller (“exercise of a public authority”); respectively
  6. data processing is necessary to enforce the legitimate interests of the data controller or a third party, unless these interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, especially if the data subject is a child (“legitimate interest”) .
  1. The legal basis, purpose, scope of personal data and the duration of data management of individual data management performed by the data controller

 

  • Issuance of an invoice and determination of tax

The legal basis on the basis that it is necessary to fulfill the legal obligation of the data controller (“data management based on legal regulations”): CXVII of 2007 on general sales tax. based on Chapter X of the Act

Purpose of data management:

issuing an invoice and determining tax

Scope of personal data, basis for providing data, consequences of failure to provide data:

The scope of personal data is the billing name and billing address of the user of the service, as well as the tax number.

Providing the data you provide is always voluntary. At the same time, if you do not provide them, the Data Controller cannot issue an invoice and is obliged to refuse to provide the service in the absence of this.

Duration of data management:

CL of 2017 on the taxation system. Act IX and XXVI. based on chapters: five (5) years from the last day of the calendar year in which the tax return must be submitted.

  • Settlement and follow-up of accounting documents

The legal basis on the basis that it is necessary to fulfill the legal obligation of the data controller (“data management based on legal regulations”): on the basis of Act C of 2000 on accounting

Purpose of data management:

settlement and follow-up of accounting documents

Scope of personal data, basis for providing data, consequences of failure to provide data:

The scope of personal data is the billing name and billing address of the user of the service, as well as the tax number.

Providing the data you provide is always voluntary. At the same time, if you do not provide them, the Data Controller cannot issue an invoice and is obliged to refuse to provide the service in the absence of this.

Duration of data management:

Pursuant to § 169 of Act C of 2000 on accounting, the Data Controller must keep the accounting documents supporting the bookkeeping in a legible form for at least 8 years from the publication of the report, taking into account that the publication deadline is the 5th day following the last day of the business year. last day of the month.

 

  • Contact

On the basis of the legal basis that the data subject (you) gives his consent to the processing of his personal data for one or more specific purposes by contacting Gemeric Consulting Kft. (GDPR Article 6 (1) point a), “consent” ): contact

Purpose of data management:

Initiating contact through the www.gemeric.com/ website, by e-mail, in person, by phone, by post, or in any other way identifying people and responding to their messages.

Scope of personal data, basis for providing data, consequences of failure to provide data:

The Data Controller manages the data provided during contact, in particular:

  • name;
  • e-mail address;
  • telephone number;
  • message text

In the event of contact, your consent to data management can be assumed, but depending on the form of contact, the Data Controller may request your consent separately.

The provision of data is not based on any legal or contractual obligations and is not a prerequisite for concluding a contract. Providing the data you provide is always voluntary.

If the personal data was not obtained from you, the Data Controller is obliged to indicate the source of the personal data and, where applicable, whether the data comes from a publicly accessible source.

Duration of data management:

The Data Controller may process the personal data for 1 year from the date of their collection, or until the withdrawal of your declaration of consent, or until it is closed in the event of a legal dispute.

  1. Data processing, data transmission, recipients

In order to achieve the goals set out in Chapter 3, the Data Controller uses various service providers and data processors as recipients. In addition, the Data Controller forwards the data to authorities as independent data controllers in the event of official inquiries.

In order to achieve the goals set out in Chapter 3, the data controller uses various service providers, data processors and joint data controllers as recipients. Such a data processor is persons performing accounting for the Data Controller; Persons participating in the organization and conduct of conferences and events organized by the data controller (persons providing venue, logistics, transfer, organization, meals, accommodation, technical background); Persons who compile the topics and presentations of conferences and events organized by the data controller and give preliminary opinions; developer and operator of an online interface and newsletter sending system; Developer and operator of data management computer systems, printing service provider. Through the contracts concluded with the data processors, the Data Controller ensures that the data processors process personal data in accordance with the applicable data protection legislation, especially the GDPR, and always ensure the highest possible level of data protection and data security. The joint data controller is the co-organizer of the given event-conference, to whom the name and place of residence of the participants, as well as the financial costs of the given registration, will be forwarded (for settlement purposes). In addition to the data processors and joint data controllers, no data will be forwarded to any other person, unless required by law.

As a result of the Data Controller’s business decision, the identity of data processors and joint data controllers may change. Upon your request, the Data Controller will inform you directly about the content of the current list of data processors and joint data controllers. We ask that you constantly monitor this in order to enforce your rights to information self-determination and the protection of your personal data.

 

  1. Cookies

The www.gemeric.com/ website – like many other websites – proper use of the website, increasing the user experience and marketing communication in order to optimize it, it uses cookies, for which the Data Controller requests your express prior consent when visiting the website for the first time. Please read the contents of this chapter carefully before giving your consent.

Cookies are data temporarily stored by your browser on your browsing device, which are www.gemeric.com/ may be transferred to your device while using the website. This includes your IP address, your browser type, the characteristics of your device’s operating system, the duration of your visit, the page you visited, the sub-page you visited, the function you used, and the time you spent tomorrow. Cookies do not contain personal data and are not suitable for identifying you, i.e. the individual user, and are not linked to personal data. Cookies are small files that do not harm your device and do not contain any viruses or malware. Some of the cookies are automatically deleted after closing the website, while others are stored on your device for a longer time, depending on the settings you use in your browser.

The www.gemeric.com/ website only uses its own cookies that are necessary for the operation of the website and are of a temporary nature . The website also uses partner cookies, which are operated by our partners entrusted with various services for the purpose of website analytics and personalized marketing communication. The website www.gemeric.com/ uses the following partner cookies and other similar programs:

  • Google AdWords remarketing, e-DM retargeting and display/banner retargeting and search remarketing services, about which you can learn more about the data protection guidelines at this link; https://policies.google.com/privacy?h1=en
  • The Google Analytics service of , about which cookie-related information can be found on this link; https://policies.google.com/terms
  • For the purpose of user experience, the website uses Google services, fonts, visit statistics, maps, color management, graphic solutions, reCaptcha (v3) etc. You can find out more about the data protection guidelines on this link; https://policies.google.com/terms
  • It is a Facebook service for which cookie-related information can be found on this link. https://facebook.com/privacy/policy

Acceptance and authorization of cookies is not mandatory, you can limit or prevent their use, however, in this case you may not be able to use www.gemeric. com/ website functions. You can enable or disable cookies on the websites you visit by changing your browser settings. If you wish to disable cookies, please review the user guide and help of your browser and take the necessary steps.

  1. Security of data management

The Data Controller takes all the measures expected of him to ensure the security of personal data, and ensures an adequate level of protection, especially against access, change, transmission, disclosure, deletion, destruction or accidental destruction and damage, as well as inaccessibility resulting from changes in the technology used. The Data Controller ensures the security of the data with appropriate technical and organizational measures.

The Data Controller and its data processors implement appropriate technical and organizational measures, taking into account the state of science and technology and the costs of implementation, as well as the nature, scope, circumstances and purposes of data management, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. , to guarantee a level of data security appropriate to the degree of risk, including, among others, where applicable:

  1. pseudonymization and encryption of personal data;
  2. ensuring the continuous confidentiality, integrity, availability and resilience of the systems and services used to manage personal data;
  3. in the event of a physical and technical incident, the ability to restore access to and availability of personal data in a timely manner
  4. a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures taken to guarantee the security of data management.

When determining the appropriate level of security, it is necessary to specifically take into account the risks arising from data management, which in particular arise from the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise managed.

The Data Controller and the data processor take measures to ensure that the Data Controller or natural persons acting under the control of the data processor and having access to personal data can only handle said data in accordance with the instructions of the data controller, unless they are required to deviate from this by EU or Member State law .

The Data Controller shall report any data protection incident to the National Data Protection and Freedom of Information Authority without undue delay and, if possible, no later than 72 hours after becoming aware of the data protection incident, unless the data protection incident is likely to pose no risk to the rights of natural persons and for his freedoms.

The Data Controller keeps records of data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it.

If the data protection incident is likely to involve a high risk for the rights and freedoms of natural persons, the Data Controller shall inform the data subjects of the data protection incident without undue delay. The data subject does not need to be informed if any of the following conditions are met:

  1. the Data Controller has implemented appropriate technical and organizational protection measures and these measures have been applied to the data affected by the data protection incident, in particular those measures – such as the use of encryption – that make the personal data unintelligible to persons not authorized to access the personal data data;
  2. after the data protection incident, the Data Controller took additional measures to ensure that the high risk to the rights and freedoms of the data subject is unlikely to materialize in the future;
  3. providing information would require a disproportionate effort.

Data controllers:

Gemeric Consulting Kft.

  1. Budapest, Zöldlomb utca 4/a

-the IT operator of the website-

                                Tárhely.eu Kft

1144 Budapest Ormánság utca 4.

-operator of the servers-

Server room: 1138 Budapest Váci út 188

Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland.

  1. Your rights and remedies related to data management

 

You have the right to information, access, rectification, deletion, restriction, data portability and objection in relation to data processing as follows.

  • Information

If your personal data is collected from you, the Data Controller will provide you with all of the following information at the time of obtaining the personal data:

  1. the identity and contact details of the data controller;
  2. contact details of the data protection officer (if any)
  3. the purpose of the planned processing of personal data, as well as the legal basis for data processing;
  4. in the case of data processing based on legitimate interests, the legitimate interests of the data controller or a third party;
  5. where appropriate, recipients of personal data and categories of recipients, if any;
  6. where applicable, the fact that the data controller wishes to transfer the personal data to a third country or an international organization, as well as the existence or absence of the Commission’s compliance decision.
  7. on the period of storage of personal data, or if this is not possible, on the aspects of determining this period;
  8. about your rights to request from the data controller access to personal data concerning you, their correction, deletion or restriction of processing, and to object to the processing of such personal data, as well as your right to data portability;
  9. in the case of data management based on consent, the right to withdraw consent at any time, which does not affect the legality of data management carried out on the basis of consent before the withdrawal;
  10. on the right to submit a complaint to the supervisory authority;
  11. about whether the provision of personal data is based on legislation or a contractual obligation or is a prerequisite for the conclusion of a contract, as well as whether the data subject is obliged to provide the personal data, and what possible consequences the failure to provide data may have;
  12. the fact of automated decision-making, including profiling (if any).
  • Right of access

 

You have the right to receive feedback from the Data Controller as to whether your personal data is being processed, and if such data is being processed, you are entitled to access the personal data and the following information:

  1. the purposes of data management;
  2. categories of personal data concerned;
  3. the recipients or categories of recipients to whom or to whom the personal data has been or will be communicated, including in particular recipients in third countries and international organizations;
  4. where appropriate, the planned period of storage of personal data or, if this is not possible, the criteria for determining this period;
  5. your right to request from the Data Controller the correction, deletion or restriction of processing of your personal data and to object to the processing of such personal data;
  6. the right to submit a complaint to a supervisory authority;
  7. if the data were not collected from the data subject, all available information about their source;
  8. the fact of automated decision-making, including profiling, as well as, at least in these cases, comprehensible information about the logic used and the significance of such data management and the expected consequences for the data subject.
  • Right to rectification

 

At any time, you have the right to request that the Data Controller correct inaccurate personal data relating to you without undue delay. Considering the purpose of data management, you are entitled to request the addition of incomplete personal data.

  • The right to erasure (“the right to be forgotten”)

 

You have the right to request that the Data Controller delete your personal data without undue delay, and the Data Controller is obliged to delete your personal data without undue delay if one of the following reasons exists:

  1. the personal data are no longer needed for the purpose for which they were collected or otherwise processed;
  2. You withdraw your consent that is the basis of the data processing (if this is the legal basis) and there is no other legal basis for the data processing;
  3. You object to the processing of your data
  4. personal data has been unlawfully processed;
  5. the personal data must be deleted in order to fulfill the legal obligation prescribed by EU or member state law applicable to the Data Controller;
  6. the collection of personal data took place in connection with the offering of services related to the information society.
  • The right to restrict data processing

You are entitled to request that the Service Provider restrict data processing if one of the following conditions is met:

  1. You dispute the accuracy of the personal data, in which case the limitation applies to the period that allows the Service Provider to check the accuracy of the personal data;
  2. the data processing is unlawful and you object to the deletion of the data and instead request the restriction of its use;
  3. the Service Provider no longer needs the personal data for the purpose of data management, but you require them to submit, enforce or defend legal claims; obsession
  4. You have objected to data processing; in this case, the limitation applies to the period until it is determined whether the Service Provider’s reasons take precedence over your legitimate reasons.
  • The right to data portability

 

You are entitled to receive the personal data relating to you that you have provided to the Service Provider in a segmented, widely used, machine-readable format, and you are also entitled to transfer this data to another data controller without the Service Provider, whose provided personal data to you if:

  1. data management is based on consent or contract; and
  2. data management is automated.
  • The right to protest

 

You have the right to object at any time to the processing of your personal data based on points e) or f) of Article 6 (1) of the GDPR (“exercise of public authority” or “legitimate interest”) for reasons related to your own situation, including the aforementioned provisions based profiling as well. In this case, the Data Controller may no longer process the personal data, unless it proves that the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the data subject, or that are related to the submission, enforcement or defense of legal claims.

  • You can exercise the above stakeholder rights as follows:

Contacting the Data Controller at any of the following contacts:

Mailing address (place of data processing): 1025. Budapest, Zöldlomb utca 4/a.

Email address: info@gemeric.com

The Data Controller informs the data subject without undue delay, but in any case within one month of receipt of the request, in accordance with Articles 15-22 of the GDPR. on measures taken following a request pursuant to Art. If necessary, taking into account the complexity of the application and the number of applications, this deadline can be extended by another two months. The Data Controller will inform you of the extension of the deadline, indicating the reasons for the delay, within one month of receiving the request. If you submitted the application electronically, the information must be provided electronically, if possible, unless you request otherwise. The information is free of charge if you have not yet submitted an information request for the same area to the Data Controller in the given calendar year. If there has already been such a request for information, the Data Controller will determine reimbursement.

If you have previously consented to data management, you can do so at any time in a letter sent to the Data Controller (Mailing address (location of data management): 1025. Budapest, Zöldlomb utca 4/a.), or by email (E-mail address: info@gemeric.com) can withdraw it, request its modification.

With your complaint about the handling of your personal data to the National Data Protection and Freedom of Information Authority (NAIH, 1055 Budapest, Falk Miksa utca 9-11., 1363 Budapest, Pf. 9., ugyfelszolgalat@naih.hu), and in case of violation of your rights related to the management and protection of your personal data, you can apply to the competent court (birosag.hu) and demand compensation.